cloudflare · maxvp · Dec 12, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 11, 2024
@@ -25,7 +25,7 @@ To filter DNS requests from an individual device such as a laptop or phone:
 
 1. [Install the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) on your device.
 2. In the WARP client Settings, log in to your organization's <GlossaryTooltip term="team name">Zero Trust instance</GlossaryTooltip>.
-3. (Optional) If you want to display a [custom block page](/cloudflare-one/policies/gateway/block-page/), [install the Cloudflare root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on your device.
+3. (Optional) If you want to display a [custom block page](/cloudflare-one/policies/gateway/block-page/), [install a Cloudflare root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on your device.
 
 ### Connect DNS locations
 
@@ -44,20 +44,16 @@ Gateway identifies locations differently depending on the DNS query protocol:
 
 ## 2. Verify device connectivity
 
+To verify your device is connected to Zero Trust:
+
 <Render
 	file="gateway/verify-connectivity"
 	params={{ one: "DNS", two: "queries" }}
 />
 
-## 3. Add recommended policies
-
-To create a new DNS policy, go to **Gateway** > **Firewall policies** > **DNS** in Zero Trust. We recommend adding the following policy:
-
-### Block all security categories
-
-Block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence.
+## 3. Create your first DNS policy
 
-<Render file="gateway/policies/block-security-categories" />
+<Render file="gateway/get-started/create-dns-policy" />
 
 ## 4. Add optional policies
 

@@ -30,27 +30,16 @@ To filter HTTP requests from a device:
 
 ## 2. Verify device connectivity
 
+To verify your device is connected to Zero Trust:
+
 <Render
 	file="gateway/verify-connectivity"
 	params={{ one: "HTTP", two: "requests" }}
 />
 
-## 3. Add recommended policies
-
-To create a new HTTP policy, go to **Gateway** > **Firewall policies** > **HTTP** in Zero Trust.
-We recommend adding the following policies:
-
-### Bypass inspection for incompatible applications
-
-Bypass HTTP inspection for applications which use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations). This will help avoid any incompatibilities that may arise from an initial rollout. By the _Do Not Inspect_ app type, Gateway will filter any new applications when they are added to the group.
-
-<Render file="gateway/policies/do-not-inspect-applications" />
-
-### Block all security categories
-
-Block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence.
+## 3. Create your first HTTP policy
 
-<Render file="gateway/policies/block-security-categories" />
+<Render file="gateway/get-started/create-http-policy" />
 
 ## 4. Add optional policies
 

@@ -8,7 +8,7 @@ head:
     content: Set up network filtering
 ---
 
-import { GlossaryTooltip } from "~/components";
+import { GlossaryTooltip, Render } from "~/components";
 
 Secure Web Gateway allows you to apply policies at the network level (Layers 3 and 4) to control which websites and non-HTTP applications users can access.
 
@@ -34,6 +34,8 @@ To filter traffic from private networks, refer to the [Cloudflare Tunnel guide](
 
 ## 2. Verify device connectivity
 
+To verify your device is connected to Zero Trust:
+
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**.
 2. Under **Gateway logging**, enable activity logging for all Network logs.
 3. On your WARP-enabled device, open a browser and visit any website.
@@ -43,6 +45,10 @@ To filter traffic from private networks, refer to the [Cloudflare Tunnel guide](
    3. Note the **Public IP**.
 5. In Zero Trust, go to **Logs** > **Gateway** > **Network**. Before building Network policies, make sure you see Network logs from the Source IP assigned to your device.
 
-## 3. Add policies
+## 3. Create your first network policy
+
+<Render file="gateway/get-started/create-network-policy" />
+
+## 4. Add optional policies
 
-To create a new network policy, go to **Gateway** > **Firewall policies** > **Network** in Zero Trust. Refer to our list of [common network policies](/cloudflare-one/policies/gateway/network-policies/common-policies) for policies you may want to create.
+Refer to our list of [common network policies](/cloudflare-one/policies/gateway/network-policies/common-policies) for policies you may want to create.
@@ -11,17 +11,4 @@ DNS policies determine how Gateway should handle a DNS request. When a user send
 
 You can filter DNS traffic based on query or response parameters (such as domain, source IP, or geolocation). You can also filter by user identity if you connect your devices to Gateway with the [WARP client or Cloudflare One Agent](/learning-paths/secure-internet-traffic/connect-devices-networks/install-agent/).
 
-To create a new DNS policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-2. In the **DNS** tab, select **Add a policy**.
-3. Name the policy.
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression. For example, we recommend adding a policy to block all [security categories](/cloudflare-one/policies/gateway/domain-categories/#security-categories):
-   <Render
-   	file="gateway/policies/block-security-categories"
-   	product="cloudflare-one"
-   />
-6. Select **Create policy**.
-
-For more information, refer to [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
+<Render file="gateway/get-started/create-dns-policy" product="cloudflare-one" />
@@ -13,26 +13,10 @@ Now that you have considered which devices and applications TLS inspection shoul
 
 Use a standard naming convention when building all policies. Policy names should be unique across the Cloudflare account, follow the same structure, and be as descriptive as possible.
 
-To create a new HTTP policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-
-2. In the **HTTP** tab, select **Add a policy**.
-
-3. Name the policy.
-
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-
-5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
-
-   <Render
-   	file="gateway/policies/do-not-inspect-applications"
-   	product="cloudflare-one"
-   />
-
-6. Select **Create policy**.
-
-For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
+<Render
+	file="gateway/get-started/create-http-policy"
+	product="cloudflare-one"
+/>
 
 ## Order your policies
 

@@ -9,17 +9,7 @@ import { Render } from "~/components";
 
 You can control network-level traffic by filtering requests by selectors such as IP addresses and ports. You can also integrate network policies with an [identity provider](/cloudflare-one/identity/idp-integration/) to apply identity-based filtering.
 
-To create a new network policy:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
-2. In the **Network** tab, select **Add a policy**.
-3. Name the policy.
-4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
-5. Choose an **Action** to take when traffic matches the logical expression.
-   <Render
-   	file="gateway/policies/enforce-device-posture"
-   	product="cloudflare-one"
-   />
-6. Select **Create policy**.
-
-For more information, refer to [network policies](/cloudflare-one/policies/gateway/network-policies/).
+<Render
+	file="gateway/get-started/create-network-policy"
+	product="cloudflare-one"
+/>
@@ -0,0 +1,20 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new DNS policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **DNS** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, we recommend adding a policy to block all [security categories](/cloudflare-one/policies/gateway/domain-categories/#security-categories):
+   <Render
+   	file="gateway/policies/block-security-categories"
+   	product="cloudflare-one"
+   />
+6. Select **Create policy**.
+
+For more information, refer to [DNS policies](/cloudflare-one/policies/gateway/dns-policies/).
@@ -0,0 +1,29 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new HTTP policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **HTTP** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression. For example, if you have enabled TLS inspection, some applications that use [embedded certificates](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#inspection-limitations) may not support HTTP inspection, such as some Google products. You can create a policy to bypass inspection for these applications:
+
+   <Render
+   	file="gateway/policies/do-not-inspect-applications"
+   	product="cloudflare-one"
+   />
+
+   Cloudflare also recommends adding a policy to block [known threats](/cloudflare-one/policies/gateway/domain-categories/#security-categories) such as Command & Control, Botnet and Malware based on Cloudflare's threat intelligence:
+
+   <Render
+   	file="gateway/policies/block-security-categories"
+   	product="cloudflare-one"
+   />
+
+6. Select **Create policy**.
+
+For more information, refer to [HTTP policies](/cloudflare-one/policies/gateway/http-policies/).
@@ -0,0 +1,20 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+To create a new network policy:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
+2. In the **Network** tab, select **Add a policy**.
+3. Name the policy.
+4. Under **Traffic**, build a logical expression that defines the traffic you want to allow or block.
+5. Choose an **Action** to take when traffic matches the logical expression.
+   <Render
+   	file="gateway/policies/enforce-device-posture"
+   	product="cloudflare-one"
+   />
+6. Select **Create policy**.
+
+For more information, refer to [network policies](/cloudflare-one/policies/gateway/network-policies/).