Zero_Trust                                                
* Ver   Cloudflare    
  1/18/22   Zero_Trust    
                                                   
   
  Account Home Zero Trust  (Cloudflare One dashboard)
  hvezda_cc.htm
  Zero_Trust Overview   Overview             Get started (with Zero Trust)           Recent searches
  Topology    
  youtubers   Recommendations Account settings   Resources + Support  
  WARP   Replace my client-based or site-to-site VPN Team name:  mdhvezda Give feedback Developer documentation  
  cloudflare_org   Secure my web traffic from advanced threats Billing plan:  Zero Trust Free Zero Trust changelog Ask the community  
      Securly access private web apps without an agent Customize your login page SASE video series Zero Trust Help Page  
      Secure my network with DNS filtering Cloudflare status FAQ's  
      Explore the Cloudlare One dashboard  
       
                               
   
    Insights                                        
    Overview
    Analytics overview Global status     Proxy traffic  
    Access Gateway (network requests)
    CASB  
    DNS traffic  
    Gateway insights      
   
    Dashboards Shadow IT: SaaS analytics (new) AI security report (new) Application Access Report  
    Access event analytics HTTP request analytics DNS query analytics  
    Network session analytics Data secrity analytics Shadow IT: Private Network analytics
   
    Digital experience Live analytics      
    Devices connected by colo Devices
       
    Analytics over time  
    Device status over time  
       
    Connection methods over time  
   
    Logs Admin activity logs   Access authentication logs DNS query logs
    Nework logs HTTP request logs SSH command logs
    SCM provisioning logs   Posture logs      
   
   
    Team & Resources                            
    Application library 1380 apps (58 pages)
   
    Devices General profiles Device IP profiles Device IP subnets   Managed networks
   
    Users User name   Email   Seat useage     Seat management    
    mdhvezda mdhvezda@gmail.com Active … Access seat Gateway seat  
                    INACTIVE Active  
   
    Devices     Email     Device profile   Client version Status Last seen  
    Pixel 7 Pro   mdhvezda@gmail.com       6.35   Active 11/30/2024 …
   
   
    Networks                                        
    Overview Quick actions                
    Manage Tunnels   Route to a published application   Manage tunnel routes
   
    Recommendations
    Replace your client-based VPN Network metrics
    Connect multiple devices in a virtual mesh Tunnels              2
    Pick the right tunnel for your project Read Guide Routes               1
    Connect a device to a private network Active Tunnels    2
    Secure access to your private web applications Virtual networks  1
   
   
    Connectors Cloudflare Tunnels A new version of cloudfared is available.  To upgrade, refer to  ------> Update cloudflared
   
    Your Cloudflare Tunnels
    Create a tunnel
   
    Tunnel name Tunnel type Connector logs Routes Staqtus Uptime
    Blaine cloudflared View logs -- Healthy 3 days … (Configure, Delete)
    unraid cloudflared View logs 192.168.0.0/24 Healthy 3 days … (Configure, Delete)
   
    Add a published application route                                
                                   
                                   
       
 
    Blaine      
    Overview      
    Published application routes      
         
         
         
         
         
         
         
         
         
         
         
         
         
                                   
                                   
    unraid     
    overview    
    Published application routes    
       
       
       
       
       
       
       
       
       
       
       
       
       
       
                                   
                                   
                                   
                                   
                                   
   
   
    Routes CIDR routes            
    Network Description Virtual network Tunnel  
    192.168.0.0./24 -- default unraid   …
   
    Virtual networks Description            
    default   This network was autogenerated because this account lacked a default one …
   
    Resolvers & Proxies DNS locations Recommendations Proxy endpoints Recommendations
    Start filtering DNS queries Add a DNS policy Apply Gateway HTTP and DNS policies at the browser level Protect internal resources with network policies
    Configure your source IP Install WARP on your devices Create new endpoints
    Change your DNS resolvers Create a PAC file
    Add a location Add a proxy endpoint
   
   
    Access Controls                                              
    Overview Quick actions              
    Create an application   Create a policy   Manage authentication settings
   
    Recommendations     View more recommendations  
    Replace your client-based VPN Getting started (4)  
    Connect and access a private web application Advanced setup (4)  
    Customize your App Launcher Visibility (2)  
    Connect your devices with the endpoint client Most common identify providers (5)
    Integrate your identity providers (IdP)   Other identify providers (9)  
   
   
    Applications   App name App URL Type Policies as'nd       Policy name Policy ID     Action Enabled Last edited
    Applications SSH 192.168.0.67 PRIVATE NET 2 :(Configure, Delete)   Allow rule for SSH 143bc334-0cb2-45f4-b503-0072ed819f8c Allow X 3/29/23 :(Configure, Delete)
            Block rule for SSH 5a780b2f-281b-4e5a-8fb7-f6de8c12186b Block X 3/29/23 :(Configure, Delete)
   
   
    Policies Reusable polices Legacy policies Rule groups
    Create reusable application policies                        
    Grant or restrict user access     Group name Used by policies Used by rule goups Grup ID  
    Apply across Access applications     mdhvezda 0 0 622cc04b-9af3-41fc-87b7-61a417c05a31 …  
    Add a policy                        
     
                                         
      Policy name Action Rules Used by app's Policy ID Applicagions Application URL  
      Default (Legacy) Allow 1 1 af5de318-cab9-4f19-b816-04215c7ee4c5 … Warp Login App mdhvezda.cloudflareaccess.com/warp …  
                                         
   
    AI controls (Beta) MCP server portals MCP servers
    Securely authorize and monitor Model Context Protocol (MCP) server usage Manage access to Model Context Protocol (MCP) servers
    Define and protect MCP servers Control access to MCP servers
    Boost operational efficiency Centralize server visibility and management
    Add MCP server portal Add MCP server
   
    Targets Manage access to your infrastructure
    Configure your target to trust the Cloudflare CA
    Create a target
    Add a target
   
    Service credentials Service Tokens Mutual TLS SSH
    Create a service token Secure and verify traffic between a client and server. Secure SSH access with short-lived certificates
    Define and protect MCP servers Add an mTLS certificate Create certificates per application
    Apply to Access policies Apply to Access policies Manage access to internal servers and infrastructure
    Add a service token Add a mTLS certificate Add a certificate
   
    Access settings Manage your App Launcher
    Set your global session duration
    Require Cloudflare Access Protection
   
   
    Traffic policies                                      
    Overview Quick actions          
    Manage policies View block logs Manage settings
       
    Recommendations  
    Protect and secure remote users  
    Protect a network with DNS filtering  
    Connect your devices with the endpoint client  
    Define your inspection and logging preferences  
    Send more traffic to Cloudflare's Secure Web Gateway    
   
    Firewall policies DNS Network HTTP Recommendations
    Apply DNS filtering for safer Internet browsing   Intercept all HTTP and HTTPS requests Create lists to use in HTTP policies
    Connect your devices to Gateway   Set up HTTP filtering
    Create policies to secure DNS traffic   Create policies to secure HTTP traffic Add a list
    Add DNS policy   Add HTTP policy
     
                             
      Policies will not take effect until the Proxy switch is turned on.  To enable the Proxy switch visit -----> Traffic policies > Traffic settings  
       
      Network policies Add a policy  
       
      Policy name Action Status Last edited  
      1 Allow rule for SSH Allow X (not activated) March 29, 2023 - 12:10 PM  
      2 Block rule for SSH Block X (not activated) March 29, 2023 - 12:10 PM  
                             
   
    Resolver policies (Beta) Route your DNS queries to custom resolvers Recommendations
    Define DNS query criteria Configure your DNS locations
    Manage your DNS query resolution Add a location
    Contact sales
   
    Egress policies Assign unique, static IPs to your egress traffic Recommendations
    Enable egress IPs Monitor egress policy matches with Logpush
    Create policies to define egress methods Configure Logpush
    Add egress policy
   
    Traffic settings Manage how Cloudflare's Secure Web Gateway (SWG) inspects and logs traffic from your users and devices.
    All Proxy and inspection Policy settings Traffic logging Certificates
   
   
    Cloud & SaaS findings                      
    Overview Quick actions
    Manage integrations Review posture findings Review content findings
   
    Recommendations
    Surface SaaS misconfigurations Add an integration
    Protect data-at-rest with DLP profiles Add a profile
    Review integration health in the Security Center View Insights
   
    Posture Findings Act on security issues in your SaaS & Cloud applications Recommendations
    Content Findings Integrate your applications Resolve findings with Gateway HTTP filtering with CASB
    Remediate security issues
    Customize your findings
   
   
    Email security                        
    Secure and monitor your email inboxes
    Scan and protect your domains
    Monitor your email traffic activity
    nvestigate security concerns
   
   
    Data loss prevention                        
    Overview Quick actions
    Created a detection entry Manage data sanning View DLP matches
   
    Explore data loss prevention
    Scan and log web traffic to monitor your sensitive data Manage settings
    Define data patterns you want to detect. Manage detection entries
    Allow or block data from leaving your network Add an HTTP policy
   
    View more recommendations
   
    Profiles Your DLP profiles
    create profile
   
   
    Browser isolation                                      
    Overview Protect your users from zero-day attacks and malware Recommendations
    Set up Browser Isolation Create Gateway HTTP policy Add new policy
    Isolate and filter traffic Manage Access application settings View applications
    Upgrade now
   
    Browser isolation settings Protect your users from zero-day attacks and malware Recommendations
    Set up Browser Isolation Create Gateway HTTP policy Add new policy
    Isolate and filter traffic Manage Access application settings View applications
    Upgrade now
   
   
    Reusable components                                    
    Lists Build reusable policy elements Recommendations
    Upload a file or manually create a list Link your list to a Gatewary firewall policy  ---> Add a policy ie Firewall policies ---> DNS Network HTTP
    Apply to policies Protect an application with Access   ------> Add an application ie SSH Allow rule for SSH
    Create manual list Upload CSV Block rule for SSH
   
    Tags Filter your App Launcher applications Recommendations
    Create new tags Manage your App Launcher settings Manage settings
    Apply across applications Customize your App Launcher appearance Customize App Launcher
    Add a tag
   
    Posture checks WARP client checks Service provider checks Recommendations
    Verify device health before granting access to resources Leverage third-party security data to verify device health Integrate with a third-party service provider Add a service provider
    Set up WARP on your devices Set up your integrations and WARP Enroll your devices with WARP Add a device
    Enforce posture with policies Enforce posture with policies
    Add a check Add a check
   
   
    Custom pages Account Gateway block page ---> Manage
    Access login page   ----> Manage
   
   
    Integrations                                      
    Cloud & SaaS
    Integrations Compute accounts Recommendations
    Connect your integrations Prevent sensitive data loss from the cloud Set up data loss prevention (DL)
    Scan for security risks Connect an AWS or Google Cloud Platform integration
    Protect your email inboxes Set up sensitive data scanning Manage DLP profiles
    Connect a compute account
   
    Identity providers Add an Idenity provider
   
    Name Identify provider Test
    One-time PIN One-time PIN …
   
    Service providers Leverage third-party security data to verify device health Recommendations
    Review integration prerequisites Create an Access app for custom integrations Learn more about cusom integrations
    Create device posture checvks Enroll your devices with WARP Add a device
   
    Add a service provider
   
   
    Settings                                                    
   
    Team name Downloads > Admin controls Plan Payment Permissions
    WARP (now called Cloudflare One Client) Remove inactive users from seats Email mdhvezda2@gmail.com
    cloudflared Cloudflare One Client Set dashboard to read-only Cloudflare One plan Payment method Role Super Administrator - All Privileges
    formerly WARP Manage Cloudflare dashboard SSO apps Plan type: Zero Trust Free …. .... .. 1004 Membership permissions Members page
    Seats:      1 of 50 Exp date 5 / 2025 Member management documentation
    Price:       $0 / month CVV … Video guide
    updating cloudflared download the upadate package ( *.deb) to  \home\software All members
     dpkg -s cloudflared get status Billing address Groups (new)
    cd /home/software do it from this directory Mark Hvezda Settings (new)
     sudo dpkg -i cloudflared-linux-amd64.deb 9105 Lexington Ave N Unit A
     dpkg -s cloudflared get status Circle Pines, MN  55014-2606
    US