In today’s world, it is becoming increasingly important to have secure access to internal resources like Synology NAS from remote locations. With Cloudflare’s Zero Trust Access and Tunnels, accessing internal resources has become easier and more secure. In this blog, we will discuss how to access internal resources like a Synology NAS by leveraging Cloudflare Zero Trust Access and Tunnels.

What is Cloudflare Zero Trust Access?

Cloudflare Zero Trust Access is a security framework designed to enhance the security of network resources by adopting a “never trust, always verify” approach. It helps protect data and applications from unauthorized access, irrespective of whether they are hosted in the cloud or on-premises. Traditional security models often rely on a perimeter-based approach, assuming that threats are kept outside the network perimeter. However, with the evolving threat landscape, this approach has proven inadequate.

Cloudflare Zero Trust Access ensures that every user and device attempting to access resources undergoes rigorous verification before being granted access. This is achieved through continuous authentication and authorization processes, often involving multi-factor authentication (MFA) and dynamic policy enforcement. By employing principles of least privilege, users are granted only the minimum necessary access to specific resources, reducing the potential attack surface. Furthermore, access decisions are made based on real-time contextual information, such as user location, device health, and network conditions.

In summary, Cloudflare Zero Trust Access shifts security from relying solely on network perimeters to a more granular, identity-centric, and context-aware model, significantly enhancing protection against cyber threats and data breaches.

How to set up Cloudflare Zero Trust Access?

Setting up Cloudflare Zero Trust Access is a simple process. Here are the steps to follow:

  1. Sign up for Cloudflare Access: The first step is to sign up for Cloudflare Access. You can do this by going to the Cloudflare website and creating an account.
  2. Create an Access Policy: Once you have signed up, you can create an Access Policy. This policy will define who can access your internal resources and under what conditions. You can set up policies based on user identity, device type, location, and more.
  3. Set up your Internal Resources: The next step is to set up your internal resources. This includes configuring your Synology NAS and other devices that you want to access.
  4. Connect to Cloudflare: Once you have set up your internal resources, you need to connect them to Cloudflare. This is done through Cloudflare Tunnels.

What are Cloudflare Tunnels?

Cloudflare Tunnels represent a vital component of Cloudflare’s comprehensive suite of network and security solutions. In a rapidly evolving digital landscape, where remote work, cloud services, and distributed applications have become the norm, Cloudflare Tunnels play a pivotal role in ensuring secure, efficient, and reliable connectivity between various endpoints, regardless of their geographical locations.

At its core, a tunnel is a virtual pathway that facilitates the encrypted transmission of data between two points over potentially untrusted networks, such as the public internet. Cloudflare Tunnels leverage this concept by establishing secure connections between the client’s infrastructure and Cloudflare’s global network. This enables businesses to enjoy the benefits of Cloudflare’s performance optimization, security enhancements, and traffic distribution while maintaining the privacy and integrity of their data.

One of the primary advantages of Cloudflare Tunnels is its ability to extend the reach of an organization’s private network, bridging the gap between on-premises infrastructure and cloud resources. This is particularly valuable in a hybrid or multi-cloud environment where applications and data reside across different platforms. By deploying Tunnels, companies can securely route traffic from remote locations, data centers, or cloud instances through Cloudflare’s network, effectively bypassing potential internet bottlenecks and ensuring a consistent user experience.

Furthermore, Tunnels contribute to bolstering security through their encryption mechanisms. By encapsulating data within an encrypted tunnel, businesses can mitigate the risks associated with transmitting sensitive information over unsecured channels. Even when data traverses the public internet, eavesdropping and unauthorized access are substantially thwarted due to the encryption protocols in place.

The architecture of Cloudflare Tunnels is designed for flexibility and ease of use. Organizations can choose between two primary tunneling modes: GRE (Generic Routing Encapsulation) and IPsec (Internet Protocol Security). GRE is ideal for scenarios requiring minimal configuration and offers straightforward compatibility with existing infrastructure. On the other hand, IPsec provides a more robust security layer by encrypting and authenticating each packet, ensuring the confidentiality and integrity of data in transit.

Deploying Cloudflare Tunnels is a streamlined process, largely facilitated by the Cloudflare Tunnel software. This software can be installed on the client’s servers, endpoints, or devices, enabling them to establish secure connections with Cloudflare’s edge locations. Once the connection is established, traffic can be efficiently routed through Cloudflare’s network, benefiting from its performance optimization and security features.

In conclusion, Cloudflare Tunnels offer a powerful solution for modern businesses seeking to bridge the gap between various network environments while prioritizing security and performance. By creating secure, encrypted connections that traverse Cloudflare’s global network, organizations can optimize traffic flow, safeguard data integrity, and maintain a consistent user experience, irrespective of the geographical locations of their endpoints. In an era defined by the imperative of secure and efficient network connectivity, Cloudflare Tunnels emerge as a robust and innovative solution.

How to set up Cloudflare Tunnels?

Setting up Cloudflare Tunnels is also a simple process. Below are the steps easy to follow, or, if you already have a Synology NAS, you can check out our other post about setting up a Cloudflare tunnel using a docker container on a Synology NAS.

  1. Install the Cloudflare Tunnel Client: The first step is to install the Cloudflare Tunnel Client on your local machine. You can download the client from the Cloudflare website.
  2. Configure the Cloudflare Tunnel Client: Once you have installed the client, you need to configure it. This includes setting up the hostname of your internal resource and defining the local port that the client will use to connect to the resource.
  3. Start the Cloudflare Tunnel: The final step is to start the Cloudflare Tunnel. This will create an encrypted connection between your internal resource and Cloudflare.


Accessing internal resources like a Synology NAS has become easier and more secure with Cloudflare Zero Trust Access and Tunnels. By leveraging these services, you can ensure that only authorized users can access your resources and that they are accessing them through a secure, encrypted connection. If you’re looking for a way to access your internal resources from remote locations, we highly recommend giving Cloudflare Zero Trust Access and Tunnels a try.