https://linzeyan.github.io/zh-tw/categories/zero-trust/Recent content in Zero Trust on RickyHugo -- gohugo.iozh-twTue, 26 Sep 2023 09:01:00 +0800https://linzeyan.github.io/zh-tw/posts/2023/20230926-cloudflare/Tue, 26 Sep 2023 09:01:00 +0800https://linzeyan.github.io/zh-tw/posts/2023/20230926-cloudflare/<ul> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/connect-private-networks/" target="_blank" rel="noopener">Connect private networks</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/" target="_blank" rel="noopener">Configure Local Domain Fallback</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/exclude-traffic/split-tunnels/" target="_blank" rel="noopener">Configure Split Tunnels</a></li> <li><a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/exclude-traffic/" target="_blank" rel="noopener">Traffic routing with WARP</a></li> </ul> <h3 id="1-設定-client">1. 設定 Client</h3> <h4 id="建立裝置註冊規則">建立裝置註冊規則</h4> <blockquote> <p>建立裝置註冊規則，用來決定哪些裝置可以加入 Zero Trust 組織。</p></blockquote> <h5 id="設定裝置註冊權限">設定裝置註冊權限</h5> <ol> <li>在 Zero Trust 中，前往 Settings &gt; WARP Client &gt; Device enrollment &gt; Device enrollment permissions &gt; Manage。</li> <li>Rules &gt; Policies &gt; Add a rule &gt; Include &gt; Selector &gt; Emails ending in &gt; Value &gt; @ruru910.com。</li> </ol> <h3 id="2-透過-warp-路由私有網路-ip">2. 透過 WARP 路由私有網路 IP</h3> <ol> <li>在 Zero Trust 中，前往 Settings &gt; WARP Client &gt; Device settings &gt; Profile settings &gt; Profile name &gt; Default &gt; Configure。</li> <li>設定： <ol> <li>Enabled: Captive portal detection, Mode switch, Allow device to leave organization, Allow updates。</li> <li>Service mode: Gateway with WARP。</li> <li>Local Domain Fallback &gt; Manage &gt; Domain &gt; nas.ruru910.com。</li> <li>Split Tunnels: Exclude IPs and domains &gt; Manage。 <ul> <li>刪除 nas.ruru910.com 的 IP range。</li> </ul> </li> </ol> </li> </ol> <h3 id="3-用-gateway-過濾網路流量">3. 用 Gateway 過濾網路流量</h3> <h4 id="1-啟用-gateway-代理">1. 啟用 Gateway 代理</h4> <ol> <li>在 Zero Trust 中，前往 Settings &gt; Network。 <ol> <li>Gateway Logging: Capture all。</li> <li>Firewall: Proxy(TCP, UDP, ICMP), WARP to WARP, AV inspection。</li> </ol> </li> </ol> <h4 id="2-建立-zero-trust-policies">2. <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/connect-private-networks/#create-zero-trust-policies" target="_blank" rel="noopener">建立 Zero Trust Policies</a></h4> <ol> <li>前往 Access &gt; Applications &gt; Add an application &gt; Private Network &gt; Application Type &gt; Destination IP。</li> <li>Value 輸入應用程式的 IP（例如 10.128.0.7）。</li> <li>修改 policy &gt; identify &gt; Selector &gt; User Email &gt; in &gt; @ruru910.com。</li> </ol>