Secure your Internet traffic and SaaS apps

Provide your users and networks with a secure, performant, and flexible path to the Internet.

Start path

Concepts

Learn the core concepts of using Cloudflare Zero Trust functionality to provide granular security policy for devices and networks accessing the Internet.
Start module
Contains 1 units
1. What security features does Cloudflare provide?
Get started with Zero Trust
Start module
Contains 4 units
Configure the device agent

The Cloudflare WARP client (known as the Cloudflare One Agent in mobile app stores) encrypts designated traffic from a user’s device to Cloudflare’s global network. In this learning path, we will first define all of your parameters and deployment rules, and then we will install and connect the client. If you prefer to start the client download now, refer to Download WARP.
Start module
Contains 6 units
Connect user devices

After setting up your Cloudflare account and Zero Trust organization, you can begin connecting user devices to Cloudflare.
Start module
Contains 3 units
Connect networks to Cloudflare

After connecting your devices to Cloudflare, you can route their traffic through your DNS, network, and HTTP policies. However, not every device can run a Zero Trust client. This module offers detail on connecting your networks to the Cloudflare global network to apply your policies.
Start module
Contains 1 units
1. Choose an on-ramp
Understand and streamline policy creation
Start module
Contains 3 units
Build DNS security policies

DNS security is an important, wide-reaching, and early action in the lifecycle of a request. Cloudflare operates one of the world’s largest and fastest public DNS resolvers. Your users’ public DNS requests will be resolved by that same resolution engine — whether they are connecting from a network pointing its resolvers to Cloudflare or an endpoint running the WARP client.
Start module
Contains 5 units
Build network security policies

After creating policies for security based on DNS resolution, we can layer in additional security controls with the Gateway network firewall, which operates at Layer 4 of the OSI model. The Gateway network firewall allows you to build specific policies to block users or services’ ability to connect to endpoints at specific IPs or on specific ports. You can also use Protocol Detection ↗ to block proxying specific protocols.
Start module
Contains 1 units
1. Recommended network policies
Build HTTP security policies

After securing your organization’s DNS queries and network level traffic, you can begin implementing advanced security controls for web traffic by inspecting HTTPS and taking actions based on the full URL or the body of HTTP requests.
Start module
Contains 5 units
Control traffic egress with source IP anchoring and allowlisting

Now that you have created firewall policies to secure your organization, you can begin creating egress policies to control what IP address your users egress to the Internet with.
Start module
Contains 3 units
Secure SaaS applications
Start module
Contains 4 units

Cloudflare Dashboard Discord Community Learning Center Support Portal

Secure your Internet traffic and SaaS apps

Concepts

Get started with Zero Trust

Configure the device agent

Connect user devices

Connect networks to Cloudflare

Understand and streamline policy creation

Build DNS security policies

Build network security policies

Build HTTP security policies

Control traffic egress with source IP anchoring and allowlisting

Secure SaaS applications