Bảo vệ remote users với Cloudflare One Secure remote users with Cloudflare One
Users làm việc từ nhiều network, dùng SaaS tools, truy cập internal apps và duyệt Internet ngoài office perimeter. Users work from many networks, use SaaS tools, access internal apps, and browse the Internet outside the office perimeter.
Kiến trúc gợi ý Suggested architecture
User/device → Cloudflare Zero Trust → SaaS/private app/Internet User/device → Cloudflare Zero Trust → SaaS/private app/Internet
Sơ đồ tham chiếu (Cloudflare Docs) Reference diagrams (Cloudflare Docs)
Cloudflare One Appliance deployment options Cloudflare One Appliance deployment options
Learn how to deploy Cloudflare One Appliance and evaluate your various deployment options. Learn how to deploy Cloudflare One Appliance and evaluate your various deployment options.
Thuật ngữ: Concepts: Cloudflare One Client · WARP · MDM · On-prem appliance
Sơ đồ chính thức ↗ Official diagram ↗ · SASE / Cloudflare One Secure Access Service Edge (SASE)
Zero Trust and Virtual Desktop Infrastructure Zero Trust and Virtual Desktop Infrastructure
This document provides a reference and guidance for using Cloudflare's Zero Trust services. It offers a vast improvement over remote access to web applications with greater security. This document provides a reference and guidance for using Cloudflare's Zero Trust services. It offers a vast improvement over remote access to web applications with greater security.
Sơ đồ chính thức ↗ Official diagram ↗ · SASE / Cloudflare One Secure Access Service Edge (SASE)
Controls & stack Controls & stack
- Secure Web Gateway: kiểm soát web traffic theo policy Secure Web Gateway: policy-based web traffic control
- DNS filtering: chặn domain độc hại sớm DNS filtering: block malicious domains early
- CASB: kiểm soát rủi ro SaaS CASB: manage SaaS risk
- DLP: giảm rò rỉ dữ liệu DLP: reduce sensitive data leakage
- ZTNA: access private apps theo identity/device context ZTNA: identity/device-context access for private apps
- Email security: giảm phishing & malware qua email Email security: reduce phishing & email-borne malware
Lỗi thường gặp Common mistakes
Chỉ bật SWG mà không có ZTNA cho app nội bộ SWG only without ZTNA for internal apps
Remote user vẫn cần VPN nếu app private chưa publish qua Access. Kết hợp SWG + ZTNA theo use case. Remote users still need VPN if private apps are not published via Access. Combine SWG + ZTNA by use case.
Block quá aggressive gây false positive Over-aggressive blocking causing false positives
DNS/HTTP policy chặn domain hợp pháp (CDN, update server) làm user không làm việc được. Pilot log-only trước. DNS/HTTP policies blocking legitimate domains (CDNs, update servers) block work. Pilot in log-only mode first.
Bỏ qua email security trong remote work Ignoring email security for remote work
Phishing qua email vẫn là vector chính. Gateway email hoặc Area 1 bổ sung cho SWG browsing. Phishing via email remains a top vector. Add Gateway email or Area 1 alongside SWG browsing.
Next step Next step
Tiếp tục hành trình học của bạn. Continue your learning journey.