Private network applications (legacy)

Warning

The Private Network application type can no longer be created from the dashboard. If you do not already have a legacy private network application, use a self-hosted application to secure a private IP address instead.

Existing Private Network applications continue to function and can still be managed. These applications were originally configured with the following steps:

1. In the Cloudflare dashboard ↗, go to Zero Trust > Access controls > Applications > Add an application.

2. Select Private Network.

3. Name your application.

4. For Application type, select Destination IP.

5. For Value, enter the IP address for your application (for example, 10.128.0.7).

   Note

   If you would like to create a policy for an IP/CIDR range instead of a specific IP address, you can build a Gateway Network policy using the Destination IP selector.

6. Configure your App Launcher visibility and logo.

7. Select Next. You will see two auto-generated Gateway Network policies: one that allows access to the destination IP and another that blocks access.

8. Modify the policies to include additional identity-based conditions. For example:

   • Policy 1

     Selector	Operator	Value	Logic	Action
     Destination IP	in	10.128.0.7	And	Allow
     User Email	matches regex	.*@example.com

   • Policy 2

     Selector	Operator	Value	Action
     Destination IP	in	10.128.0.7	Block

   Policies are evaluated in numerical order, so a user with an email ending in @example.com will be able to access 10.128.0.7 while all others will be blocked. For more information on building network policies, refer to our dedicated documentation.

9. Select Add application.

Your application will appear on the Applications page.