~35 min read · updated 2026-05-10

Cloudflare Gateway

Secure web gateway (SWG) for outbound DNS and HTTP traffic. The other half of Zero Trust — what your users / endpoints can reach, not what can reach them.

This module is being expanded.

Coming in the next revision:

  • What a SWG actually is — filtering outbound HTTP(S) and DNS for a fleet of devices, replacing on-prem proxies and DNS filtering appliances.
  • DNS-level filtering — block categories, allow lists, custom blocklists, AGE-rated content controls.
  • HTTP-level filtering — full SSL decryption (with policy), file upload/download controls, DLP (data loss prevention).
  • Pairing with WARP — the WARP client on each managed device tunnels traffic to Gateway; Gateway applies policy.
  • Browser isolation — render risky sites in a remote browser; only pixels reach the user. For high-security shops.
  • Logs — every request logged with user identity, useful for incident response.

Next: Module 07 — Magic networking.