Non-identity on-ramps

With Cloudflare Zero Trust, you can isolate HTTP traffic from on-ramps such as proxy endpoints or Magic WAN. Since these on-ramps do not require users to log in to Cloudflare WARP, identity-based policies are not supported.

Set up non-identity browser isolation

Install a Cloudflare certificate on your devices.
Connect your infrastructure to Gateway using one of the following on-ramps:
- Configure your browser to forward traffic to a Gateway proxy endpoint with PAC files.
- Connect your enterprise site router to Gateway with the anycast GRE or IPsec tunnel on-ramp to Magic WAN.
Enable non-identity browser isolation:
1. In Zero Trust ↗, go to Settings > Browser Isolation.
2. Turn on Non-identity on-ramp support.
Build a non-identity HTTP policy to isolate websites in a remote browser.

Was this helpful?

Resources
API
New to Cloudflare?
Products
Sponsorships
Open Source

Support
Help Center
System Status
Compliance
GDPR

Company
cloudflare.com
Our team
Careers

Tools
Cloudflare Radar
Speed Test
Is BGP Safe Yet?
RPKI Toolkit
Certificate Transparency

Community
X
Discord
YouTube
GitHub

2025 Cloudflare, Inc.
Privacy Policy
Terms of Use
Report Security Issues
Trademark