Cloudflare Zero Trust advice - using on LAN


We use Zero Trust to protect our internal applications / web services on the LAN and it works really well. Anyone needing access logs in with the WARP client on their laptop / phone and can connect. Otherwise they are blocked.

I have a rule which allows our public IP so any devices on our LAN can get access through the tunnel without having to use the WARP client

That is great - but it doesn’t work well when we are on our LAN for two reasons -

  • We don’t have a static IP address (and can’t get one) so every now and again I have to update the policy with a new IP address. Not ideal
  • If we lose internet access (which happened yesterday) - we can’t get onto anything. Our NAS was out of action

Does anyone have any suggestions for a better way to set it up (or point out what we have done wrong?!). Ideally internal traffic would remain internal (or at least have the option to) so that if our WAN went down, we weren’t stuck.

Thanks in advance.



Sorry to reply to my own post but wondering if anyone had any ideas?

Just lost access to our LAN services again as our WAN IP changed overnight.


Oh well