Multiple policies?

Hello - very new to CF Zero trust. I have tunnels setup and can access my private network from outside my home. It works great. I would now like to increase the security.

My home public IP never changes. So when I access my services from my home computer, I don’t want any additional CF authentication to happen… but if I access my services from say my work, or the airport, I want to have the email policy work.

How do I properly set that up?


I have two policies in my application. One to BYPASS for my Home IP group, and one to ALLOW my email addresses:

(I didn’t quite name my email policy the same as my email group, so it’s a bit confusing)

1 Like

I’ll give a similar setup a try and see what happens. Thanks!

1 Like

Actually maybe one last question… How do I ensure my mobile phone is ALWAYS permitted to access some of my apps? No matter what public IP it has…?

@troy.bruder any luck in getting a set of policies that work for your use case? In reading docs, I was concerned about the sequence of policies (ordering) and want to confirm the IP for bypass and then a specific email for when you are not at your home IP is the best way to implement.

I’ve also been working on CIDR for my mobile phone so I can access self hosted services outside my home. Seem like there should be a simple way to identify the phone regardless of what IP is assigned by the mobile carrier. That led me down the rabbit hole of WARP and access devices which I didn’t get working either.

I ended up abandoning the additional layer of security… I also couldn’t get things to work exactly was I wanted.

DB Tech has some good self hosting videos but I’m looking for a more details understanding about policies and how Cloudflare user/licensing might be required. The Tutorials tab here has no tutorials around practical use cases, so while I’m sure it’s comprehensive, I think Cloudflare needs to show videos on every aspect of their documentation that help to highlight how-to like these self hosting youtubers.

I imagine many of the experts here consider these questions trivial but hopefully someone will chime in.

Seems like a bypass with IP would be a good first policy and email ALLOW for mobile or other location access.

DB Tech on CF Access:
[can’t post links… but youtube user is DBTechYT and video about a year old is “Restrict Access to Your Cloudflare Tunnel Applications”

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.