Sơ đồ kiến trúc Reference architecture diagram Cloudflare One Cloudflare One
DNS filtering solution for Internet service providers
/reference-architecture/diagrams/sase/gateway-dns-for-isp
Mở tutorial / guide ↗ Open tutorial / guide ↗Phần 3: Secure browsing (SWG) Part 3: Secure browsing (SWG) · Bài 1/2 Lesson 1/2
DNS filtering và malware DNS filtering and malware
Chặn category rủi ro, phishing domain. Kết hợp với agent WARP trên laptop user. Block risky categories and phishing domains. Combine with the WARP agent on user laptops.
Các bước thực hiện Step-by-step
- Gateway → DNS policies: block malware/phishing categories. Gateway → DNS policies: block malware/phishing categories.
- Deploy WARP client trên laptop pilot users. Deploy WARP client on pilot user laptops.
- Test DNS filtering với domain test. Test DNS filtering with a test domain.
- Monitor Gateway logs cho false block. Monitor Gateway logs for false blocks.
Giải thích chi tiết Detailed explanation
SWG bảo vệ user khi ra Internet — bổ sung ZTNA (vào app) bằng kiểm soát browsing. SWG protects users on the Internet — complementing ZTNA (app access) with browsing controls.
Lưu ý (best practices) Note (best practices)
Triển khai Gateway theo phase: bắt đầu DNS filtering (resolver hoặc WARP DNS-only), chặn category malware/phishing, xem DNS log — rồi mới thêm network/HTTP inspection. Roll out Gateway in phases: start with DNS filtering (resolver or WARP DNS-only), block malware/phishing categories, review DNS logs — then add network/HTTP inspection.
Nguồn: Source: Gateway traffic policies — Get started Gateway traffic policies — Get started ↗
Ví dụ triển khai (Cloudflare Resources) Deployment examples (Cloudflare Resources)
Tutorial, solution guide và reference từ developers.cloudflare.com/resources ↗ — gợi ý theo chủ đề bài học. Tutorials, solution guides, and reference docs from developers.cloudflare.com/resources ↗ — matched to this lesson topic.
Tutorial Tutorial Cloudflare One Cloudflare One
Create and secure an AI agent wrapper using AI Gateway and Zero Trust
/cloudflare-one/tutorials/ai-wrapper-tenant-control
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Cloudflare One Cloudflare One
Create your first AI Gateway using Workers AI
/ai-gateway/tutorials/create-first-aig-workers
Mở tutorial / guide ↗ Open tutorial / guide ↗ Tutorial Tutorial Cloudflare One Cloudflare One
Detect MCP traffic in Gateway logs
/cloudflare-one/tutorials/detect-mcp-traffic-gateway-logs
Mở tutorial / guide ↗ Open tutorial / guide ↗Tài liệu Cloudflare Developers Cloudflare Developer docs
Sơ đồ kiến trúc (Cloudflare Docs) Architecture diagrams (Cloudflare Docs)
Securing data in transit Securing data in transit
Bảo vệ data in transit với Gateway/DLP — inspect TLS traffic trước khi tới SaaS hoặc Internet. Data in transit is often considered vulnerable to interception or tampering during transmission. Data Loss Prevention (DLP) technologies can be used to inspect the contents of network traffic and block sensitive data from going to a risky destination.
Thuật ngữ: Concepts: Gateway · DLP · TLS · CASB · Inline inspection
Sơ đồ chính thức ↗ Official diagram ↗ · Security Security