Set up Zero trust for company

nthkmf · December 15, 2022, 9:51am

Hi bro,

I got email from Cloudflare with 15 minutes setup Cloudflare Zero Trust, but I was with it for 3 days, my colleague with it 2 days, but we could not setup it successfully.

My company has NAS, I need to setup to allow users work from home can access NAS via SMB (mapped network drive) and via website. We also had email from Workspace.

Anyone had real world setup this? Thank you very much.

Regards,
Hoc Nguyen

erictung · December 15, 2022, 10:38am

This is a good direction for you to follow:

nthkmf · December 15, 2022, 4:39pm

Thank you Eric for your respond. Let me check this. Hope this help

nthkmf · December 16, 2022, 8:03am

Sorry @erictung , I am still stucking on this.
My local network is 192.168.1.0/24, my NAS is 192.168.1.48. User need to access SMB on this NAS. They also has network drive (Z:) connect to NAS.

Follow your advice, I set like this:

Create link for access
Settings > General Settings > Team Domain
**mstarcorp** .cloudflareaccess.com

Creating a team
Home > Access > Access Group > Add group

Creating a tunnel (Docker)
Install cloudflared on NAS Synology follow this tutorial
Link: yt.com/watch?v=5IrtNxfzH1o
This also create a tunnel, I did not create tunnel anymore.

Removing my subnet from excluded IPs in Split Tunnel
Exclude mode: 192.168.1.0/24 not in the list

Adding my network to Private Networks
Access > Application > Private network point to 192.168.1.48
Link: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/#2-recommended-filter-network-traffic-with-gateway

Configure device enrollment permissions to see who can enroll to WARP
Settings > Device enrollment > manage

Proxy is enabled (Settings->Network->Firewall->Proxy)
Yes

Ask users to enroll to WARP
Yes

After all the configuration:

I can access my NAS via webpage, link to DSM without open any port - as the video tutorial above.
I still cannot access my NAS via SMB - on NAS: 192.168.1.48

Can you help me check if I miss something?

Regards,
Hoc Nguyen

nthkmf · December 20, 2022, 7:42am

Now I can access my NAS at the company via Cloudflare WARP app on Windows, using Private Network. Here is the docs, from A to Z (in Vietnamese, just a few words) for those who want to use this feature to replace VPN. The only thing I am confuse is the speed of connection. I cannot test it right now.

Thank you @erictung for help with clue.
How to setup Zero Trust access SMB data on NAS

Topic		Replies	Views
SMB tunneling with ZeroTrust Zero Trust	0	670	December 26, 2023
Zero Trust Private Network Not Working Zero Trust CloudflareTunnel	33	2929	December 28, 2022
Setting up Synology NAS with Zero Trust through Package Centre as Docker is not compatible Cloudflare Tunnel	0	936	February 22, 2024
Getting Access to certain ports using Cloudflare Zero Trust Tunnel Cloudflare Tunnel	6	4068	January 17, 2024
Zero Trust Setup Zero Trust	2	1044	February 22, 2023

Set up Zero trust for company

Related topics