https://linzeyan.github.io/categories/zero-trust/Recent content in Zero Trust on RickyHugo -- gohugo.ioenTue, 26 Sep 2023 09:01:00 +0800https://linzeyan.github.io/posts/2023/20230926-cloudflare/Tue, 26 Sep 2023 09:01:00 +0800https://linzeyan.github.io/posts/2023/20230926-cloudflare/<ul> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/connect-private-networks/" target="_blank" rel="noopener">Connect private networks</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/" target="_blank" rel="noopener">Configure Local Domain Fallback</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/exclude-traffic/split-tunnels/" target="_blank" rel="noopener">Configure Split Tunnels</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/exclude-traffic/" target="_blank" rel="noopener">Traffic routing with WARP</a></li> </ul> <h3 id="1-set-up-the-client">1. Set up the client</h3> <h4 id="create-device-enrollment-rules">Create device enrollment rules</h4> <blockquote> <p>Create device enrollment rules to determine which devices can enroll to Zero Trust organization.</p></blockquote> <h5 id="set-device-enrollment-permissions">Set device enrollment permissions</h5> <ol> <li>In Zero Trust, go to Settings &gt; WARP Client &gt; Device enrollment &gt; Device enrollment permissions &gt; Manage.</li> <li>Rules &gt; Policies &gt; Add a rule &gt; Include &gt; Selector &gt; Emails ending in &gt; Value &gt; @ruru910.com.</li> </ol> <h3 id="2-route-private-network-ips-through-warp">2. Route private network IPs through WARP</h3> <ol> <li>In Zero Trust, go to Settings &gt; WARP Client &gt; Device settings &gt; Profile settings &gt; Profile name &gt; Default &gt; Configure.</li> <li>Configure settings: <ol> <li>Enabled: Captive portal detection, Mode switch, Allow device to leave organization, Allow updates.</li> <li>Service mode: Gateway with WARP.</li> <li>Local Domain Fallback &gt; Manage &gt; Domain &gt; nas.ruru910.com.</li> <li>Split Tunnels: Exclude IPs and domains &gt; Manage. <ul> <li>Delete the IP range of nas.ruru910.com.</li> </ul> </li> </ol> </li> </ol> <h3 id="3-filter-network-traffic-with-gateway">3. Filter network traffic with Gateway</h3> <h4 id="1-enable-the-gateway-proxy">1. Enable the Gateway proxy</h4> <ol> <li>In Zero Trust, go to Settings &gt; Network. <ol> <li>Gateway Logging: Capture all.</li> <li>Firewall: Proxy(TCP, UDP, ICMP), WARP to WARP, AV inspection.</li> </ol> </li> </ol> <h4 id="2-create-zero-trust-policies">2. <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/connect-private-networks/#create-zero-trust-policies" target="_blank" rel="noopener">Create Zero Trust policies</a></h4> <ol> <li>Go to Access &gt; Applications &gt; Add an application &gt; Private Network &gt; Application Type &gt; Destination IP.</li> <li>For Value, enter the IP address for your application (for example, 10.128.0.7).</li> <li>Modify policy &gt; identify &gt; Selector &gt; User Email &gt; in &gt; @ruru910.com.</li> </ol>