Common Network policies
The following policies are commonly used to secure Network traffic.
Block content categories
Block content categories which go against your organization’s acceptable use policy.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Content categories | in | Adult Themes, Gambling | Block |
Block applications
Block content categories which go against your organization’s acceptable use policy.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Application | in | Netflix | Block |
Check user identity
Configure access on a per user or group basis by adding identity-based conditions to your policies.
| Selector | Operator | Value | Action |
|---|---|---|---|
| Application | in | Salesforce | Block |
| User Group Names | in | Contractors |
Enforce device posture
Require devices to have certain software installed or other configuration attributes. For instructions on setting up a device posture check, refer to the device posture section .
| Selector | Operator | Value | Action |
|---|---|---|---|
| Passed Device Posture Checks | in | Minimum OS version | Allow |
Enforce session duration
Require users to re-authenticate after a certain amount of time has elapsed.
Restrict access to private networks
Restrict access to resources which you have connected through Cloudflare Tunnel .
The following example consists of two policies: the first allows specific users to reach your application, and the second blocks all other traffic. Make sure that the Allow policy has higher priority (by positioning it towards the top of the list in the UI).
1. Allow company employees
| Selector | Operator | Value | Action |
|---|---|---|---|
| Destination IP | in | 10.0.0.0/8 | Allow |
| User Email | Matches regex | *@example.com |
2. Block everyone else
| Selector | Operator | Value | Action |
|---|---|---|---|
| Destination IP | in | 10.0.0.0/8 | Block |
Refer to the Network policies page for a comprehensive list of other selectors, operators, and actions.