Non-identity on-ramps
With Cloudflare Zero Trust, you can isolate HTTP traffic from on-ramps such as proxy endpoints or Magic WAN. Since these on-ramps do not require users to log in to Cloudflare WARP, identity-based policies are not supported.
- Install a Cloudflare certificate on your devices.
- Connect your infrastructure to Gateway using one of the following on-ramps:
- Configure your browser to forward traffic to a Gateway proxy endpoint with PAC files.
- Connect your enterprise site router to Gateway with the anycast GRE or IPsec tunnel on-ramp to Magic WAN.
- Enable non-identity browser isolation:
- In Zero Trust ↗, go to Settings > Browser Isolation.
- Turn on Non-identity on-ramp support.
- Build a non-identity HTTP policy to isolate websites in a remote browser.