According to this article: VPN Replacement | Zero Trust | Cloudflare Cloudflare Zero Trust Tunnel can replace a VPN (to a certain extent?).
I’m using Cloudflare Zero Trust Tunnel as VPN for my developers in my company. works beautifully, since they have a Computer sitting in the companies network, and they simply connect from home via RDP to that Computer through Cloudflare Zero Trust (WARP Client).
However, we starting to get rid of our computers and use laptops for all employees. Basically the goal would be that they use it as BYOD, meaning they take the laptop home when they want to work from home, or take it to the company when they want to work inside the company building. The goal is that they don’t feel a difference, wherever they work, and all the apps (no matter if desktop apps, web apps etc.) work as expected.
This means we would get rid of RDP. Cloudflare Zero Trust by default allows SMB, RDP and SSH Protocol. However I have some application, like e.g a ERP System that are a bit more complex when it comes to connection and ports. The ERP System is started via SMB (simply doubleclick an .exe on a network drive) however, the ERP itself then connects via multiple TCP Ports to other services in my network. Currently when it does this, the application crashes because cloudflare blocks these ports.
I don’t really want to expose every TCP service as a public hostname in Cloudflare. Is there a way to simply say “If someone is connected via Zero Trust Tunnel via WARP Client, then he can use Port xx to machine xx, Port yy, Port zz etc.”?
A traditional VPN would simply allow this by default, as soon as you are connected to the VPN Network. I know the Zero Trust Idea is that everything is blocked by default and you specifically need to allow stuff, which in essence I find really good. Is Cloudflare Zero Trust Tunnel not the correct product for my case? Or do I simply not know all of its features?