Cloudflare Docs
Learning Paths
Edit this page on GitHub
Set theme to dark (⇧+D)

Policy migration

  1 min read

Learn about different ways to migrate policies from a third-party DNS filtering service to Cloudflare Zero Trust.

​​ UI

As discussed in a previous module, you can download existing allowlists and blocklists from the third-party service and upload the CSV files to the Zero Trust dashboard.

​​ API

You can use the Cloudflare API to create a list of IPs or domains:

curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/lists \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <EMAIL>' \
--header 'X-Auth-Key: <API_KEY>' \
--data '{
"description": "Corporate IPs", "items": [{"value": "10.226.0.177/32"},{"value": "10.226.1.177/32"}], "name": "Umbrella-List-One", "type": "IP" }'

​​ Terraform

You can use the Cloudflare Terraform provider to create a list of IPs or domains:

resource "cloudflare_teams_list" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "Umbrella-List-One"
type = "IP"
description = "Corporate IPs"
items = ["10.226.0.177/32", "10.226.1.177/32"]
}

​​ Descaler program

If you are an Enterprise organization migrating from Zscaler, you can use our Descaler toolkit to export policies from Zscaler Internet Access (ZIA) and import them into Cloudflare Gateway.