Create your first network policy
You can control network-level traffic by filtering requests by selectors such as IP addresses and ports. You can also integrate network policies with an identity provider to apply identity-based filtering.
To create a new network policy:
- 
In Zero Trust ↗, go to Gateway > Firewall policies. 
- 
In the Network tab, select Add a policy. 
- 
Name the policy. 
- 
Under Traffic, build a logical expression that defines the traffic you want to allow or block. 
- 
Choose an Action to take when traffic matches the logical expression. For example, you can use a list of device serial numbers to ensure users can only access an application if they connect with the WARP client from a company device: Selector Operator Value Logic Action SNI Domain is internalapp.comAnd Block Passed Device Posture Checks not in Device serial numbers 
- 
Select Create policy. 
- 
Create an API token with the following permissions: Type Item Permission Account Zero Trust Edit 
- 
(Optional) Configure your API environment variables to include your account ID and API token. 
- 
Send a POSTrequest to the Create a Zero Trust Gateway rule endpoint. For example, you can use a list of device serial numbers to ensure users can only access an application if they connect with the WARP client from a company device:curl API network policy example curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules \--header "Content-Type: application/json" \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--data '{"name": "Enforce device posture","description": "Ensure only devices in Zero Trust organization can connect to application","precedence": 0,"enabled": true,"action": "block","filters": ["l4"],"traffic": "any(net.sni.domains[*] == \"internalapp.com\")","identity": "","device_posture": "not(any(device_posture.checks.passed[*] in {\"<LIST_UUID>\"}))"}'{"success": true,"errors": [],"messages": []}The API will respond with a summary of the policy and the result of your request. 
For more information, refer to network policies.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark