Securely expose a network resource in less than 30 minutes
Presented by: Sebastian Scherl
Originally aired on December 1 @ 12:00 PM - 12:30 PM EST
Highlights from Cloudflare Immerse: Tallinn — and what an incredible day!
We were thrilled to welcome customers and partners from across Eastern Europe, including speakers from Raiffeisen Ukraine, Latvian Mobile Telephones, Estonia's Railways, Delfi Media, Shiwaforce and TV3 Group, for a day of insightful discussions, bold ideas, and forward-looking innovation.
Together with Cloudflare leadership and our regional technical team, we dove deep into the future of the internet — from the evolving role of AI to building secure networks with Zero Trust.
Massive thank you to everyone who joined us and made it such a memorable event.
English
Transcript (Beta)
All right folks, such a pleasure to be here. I'm not going to lie, it's incredible to see so many people showing up for our first event.
That's absolutely fantastic.
So let's make sure we're going to give you something cool to take away here.
Let me just quickly connect my devices and get it all ready so that we are up and running in no time.
Okay, cool. Just for the team, could you switch to my output?
Thank you so much. Yeah, so we need to, you know, if you do something live, you always need to, you know, make sure that everything is connected and you're changing the screens and whatnot.
But what I wanted to say is I wanted to show you today is how you can securely expose a network resource in less than 30 minutes.
Tony has mentioned this one before.
We have an amazing platform that you can use to build applications, run entire networks on, and this is part of the SASE portfolio.
Quick question into the room.
Can I see your hands? Who is already using Cloudflare? We can go home. I think we're done.
We have it. Okay, who is using any of our SASE portfolio right now?
That's why I'm here. There you go. There you go. That's what we need to do. Let me go a little bit back in time.
I started about 19 years ago in this industry, and this is a picture that I took in 2006.
It was basically typically how you were connecting the Internet.
You were connecting cables, you had your offices across the globe, you had your production sites everywhere, and everything was connected.
In a way, I always appreciated that because it was stable, it was performant, it worked.
Public Internet at that time was not necessarily very reliant.
That's why this is something which in the past was basically the foundation of every customer.
You had networks, you had services, you had boxes, routers, switches, and everything was connected.
But also, why?
Because you had everything on-prem. Maybe you had a couple of fancy services already at that time, but technically speaking, everything was running locally, and you just had to make sure that they were connected.
So that's why this industry strived, and it was actually a very profitable business.
And this is a slide that you have just seen already before from Tony, but I just wanted to make one thing clear.
We know the complexity. I mean, it's clear to us, especially we understand that also in your region you have a lot of modern approaches to services, but there are a lot of legacy customers out there, and they're using all kinds of different tools, boxes, services, load balancers, and whatnot.
So the typical use case that we see in the SASE portfolio is to make things more secure, more easy to connect, and more reliable and performant, and to consolidate everything that you see on this slide.
Our approach is to make things easy and to make things scalable, and that's where we're heading with our platform.
Now, just a quick preview of what Cloudflare can do.
This is kind of like an architectural overview of our SASE portfolio.
To be fair, there are so many things missing on this slide, but I'm running out of space.
So today I want to show you how you can actually expose a network resource and make it accessible.
So on the right-hand side, you see all the fancy ways of how you can bring your network resources to Cloudflare.
Think about, we've mentioned before Azure, maybe you have Azure already in use and you want to connect it, you can do so with Cloudflare Interconnect.
You might have your office environment, your office locations, you want to connect them with IPsec or Chiri.
But my favorite, because this is the one that we can show you today and it's super easy to deploy, is our Cloudflare DTunnel Connector.
And that is one element that you can set up in less than 30 minutes, having a way to the Cloudflare Anycast network.
The cool thing is, these three options here give you plenty of ways of connecting what you currently have in place, however you want to use it.
Because at Cloudflare, we have a broad portfolio to make things easy for you.
We don't tell you how to use your things or how you modernize your network. We're here to provide you the ways to do so.
Once you have these connectors established to the Cloudflare network, you only need to have the users, right?
You might have some office workers, you might have some third-party consulters, but you need to find a way to make them access into your applications or into your services you want to make exposed.
Today, and I still have 26 minutes, fantastic, I'm going to show you this way and I'm showing you the clientless way of how you can reach a resource.
And if we have a little bit time left, I'm going to show you some more cool stuff.
Today, I'm going to show you quite literally the exposing of a web server to the public Internet and also how to create a secure application access for your on -prem environment.
I call it on-prem because it's my home office, so that's why it's an on-prem environment.
And you can see here, I have a bit of an ingredient list how to make this work.
We need a Cloudflare account, well, you all have that.
We need a network, you pick whatever you want to use. We need Cloudflare D. We have an IDP, we have a domain, but it's only for showing off.
Access application rule and a replication firewall rule and 30 minutes to get this going.
But let's talk about the risk factors.
What could possibly go wrong? Since it's a live demo, there are a couple of factors that could potentially not work.
And no, it's not Cloudflare, I tell you what it is.
One, it could be the power outage at home, which is my network.
This is the redundancy problem, right? I don't have a power supply, I don't have a nuclear power plant next to it.
So there is a chance, but I think it's very, very unlikely.
This is actually in Munich, so I think the power fluctuation should be good.
It could be a hardware issue. Yeah, you can never rule this one out, but I also think it's very unlikely.
Spotty Wi-Fi could always be an issue.
Actually, this thing is connected to Wi-Fi, everything else is connected to a LAN.
But the most risk factor is this guy. As you can see, it's very close in reach.
But nevertheless, let me show you how it's been done. All right. I need so many screens today, but we're going to make it work.
So besides the fact that I don't know why I didn't center it, oh my God, it drives me insane.
Every single time I open it and every single time I go on stage, I'm thinking I should change this really quick.
But you know what's cool about this? Tony mentioned before, we have clientless network and services.
So this is actually running on workers.
So it's actually a website that Cloudflare spins up in real time. If you go on cflab.com, Cloudflare will actually start this website and push it to you.
So it's not running on anything.
It's basically our clientless compute serverless platform.
But obviously, to show you a proper demo, that will be it, right?
So there's nothing else to show anymore. But now I need you to focus. It's going to be really quick.
If I click on tunnel demo, see what's going to happen. That's it.
We're in. Now, here's something interesting. You made it to my home network.
And obviously, you were wondering, okay, but how did this work? What did I do?
What did I use to make this actually all run? Let me just refresh really quick, because I wanted to show you the managed challenge in between.
So I know showing you a website is not the wow effect that you're waiting for.
But still, it is an emotional effect for me.
Because this little website is being brought to you by this little thing here.
And as you've seen it before, it's working properly fine.
Now, the cool thing is, this is obviously running in my home environment, which means that it's not necessarily public facing.
So I need to find a way of how I can expose this web server to the public Internet.
Now, actually, in Cloudflare, we have a couple of options.
But I show you first how the network layout looks like.
I have my Internet access. I have a gateway that basically creates the Internet connection.
And then I have a couple of hotspots. And then I have a couple of targets in my network.
One is the Mac mini, and one is Windows PC.
This is going to be important going forward. Now, and keep in mind, I'm going to ask questions.
So you need to remember a couple of things. On the upper right corner, you can see my Mac mini.
To be fair, it's 10.0.10.1. I made a mistake here.
Same with the Cloudflare on the Windows PC. But here's the thing. On the Mac mini, it's running a web server.
And I need to make it accessible. So what I've done is I have installed Cloudflare D on that Mac mini.
I've also installed the replica version for failover purposes on my Windows PC.
So technically speaking, I have two agents running there, or basically tunnel connectors, that create an outbound tunnel to the Cloudflare network.
And that allows me to actually expose a resource.
The way how the traffic works is the request goes in, into my Cloudflare D, and then it pulls actually the data from the web server and delivers it out to the actual browser.
But keep in mind, no, you would have not have to have the Cloudflare D where the web server is running.
It could have been also just the actual Windows PC and the web server would be there.
Because when you make a request into the network, you can define how the traffic is going to be delivered.
So I'm going to route it forward.
And that's how you can basically make that accessible. So let's show you how we actually set this up.
So you said you all said you had pretty much all of you said you had a Cloudflare account.
So then please head over to the SASE drop down menu and just get started.
I promise you it's super easy and you will see the benefits in just a nutshell.
This is the Cloudflare Zero Trust dashboard.
So that's where basically all the magic happens. And in order to make this Cloudflare D and to expose this, all we need to do is we head into the network tab, click on tunnels.
And as you can see here, there's one down and I'll tell you why.
Because this is actually a live resource. This is not just a Cloudflare demo.
This is the entire families enrolled in my SASE portfolio. So is my mom.
Only problem is I didn't think through that she would never turn her MacBook on, which means that the tunnel is always down.
So ignore this one. But as you can see here above, we see this Mac mini.
And if you click on edit, you can see how easily you can create such a tunnel connector.
So we have obviously the platform in every single binary that you need.
But you could, for example, use a Reddit or a Debian distribution.
You can use it on a Docker container. Or in my example, I let it run on a commodity hardware like my Mac mini and my Windows computer.
In the case of the Mac mini, I basically just installed brew and then I installed that command to basically connect it to my Mac mini, fire up a terminal, let the command run.
And in a couple of seconds, literally the connector is there.
Now, I'm not going to do it right now because I just want to make sure that we can pass through this.
But just look at this one here. We have in the upper right corner, two tabs.
One is called private network and one is called public host names.
Now, the moment you basically connect the tunnel connector, you can define what network range you want to make accessible.
And you can see here the different network ranges.
So this one is my 10 network. And that's also where all of my unified devices are running into.
So all I need to do is to make sure that I expose this network range.
And that's pretty much it. Now, as you may or may not know, we have an agent called Warp.
Have you ever heard of it? Hands up. Yes, there you go.
That's what I want to see. It's right running on my iPad.
So if I would want to basically connect to my home network super easy, I could do so by just, you know, opening up a URL and going into it.
But what I'm going to do right now is I'm going to show how I can basically access that Mac Mini remotely.
This is a VNC connector. I have basically defined this in my application stack.
And if you allow me to log in really quick, there we go.
This is how easily you can reach basically now my Mac Mini by using the Cloudflare Warp Client, which is available for every different platform that we have.
We have the Cloudflare D deployed.
I expose that network range. I can just basically make a VNC connection.
That's it. In this setup here, I can trust my own environment.
So that's why I don't have any application setup before. But just to give you an idea, obviously, you can create access application rules and make sure that you validate the user before he can connect.
But in my use case, I just want to show you how quickly you can connect with the Warp Client.
So basically, we have here this iPad connected to Wi-Fi, but the Warp Client is running, which means it sends the traffic to the Cloudflare network, which is also in Tallinn.
And then it routes over our global backbone back into Munich and then actually the last mile handovers into my ISP and then into my Mac Mini.
So that's kind of like a way of how you can create a tiny mini network anywhere across the globe.
Now, there's something really cool about our platform. This is all not traffic based.
We don't charge for traffic. So just imagine. It doesn't matter how many agents you deploy or how many Cloudflare tunnel connectors you roll out.
You can have 10,000 users. We have recently closed a deal with more than 100 ,000 users.
All their entire traffic, it's all part of the package that you pay. So there's no traffic volume involved.
This makes it super easy and scalable for you guys if you think about letting Cloudflare handle your entire network.
So this is the case where I have my iPad with me.
But there's also another use case. And the one that I actually showed you is under this tab, public host names.
Now, you can do something really cool.
Imagine this device here. This Mac is actually controlled by Cloudflare.
So theoretically speaking, you can see here I have the agent running. It would never meet my zone because that's the Cloudflare security zone.
So I cannot actually reach it directly.
That's why I need to carry always two devices. Or I expose my resources via a public host name.
This is the clientless way of doing it.
And that's the one that we're going to look into it. So look into this entry here, which is demo.cflap.com.
If we scroll a little bit down, sorry, up. Here's the edit button.
You can see something super easy. I've created a subdomain.
I have onboarded the domain, which is cflap.com. And then I tell the Cloudflare tunnel connector, if you get a request for demo.cflap.com, route it to m1mini.local.
And that's about it. Now, the crazy thing is, if you think about it, what I've just done is I've basically created a link into Mac Mini, and there's nothing in between that actually protects that Mac Mini.
But obviously, I have some protection up and running.
Because if you actually create this entry, you know what we do?
We create a DNS record. So basically, here's a CNAME. And that CNAME goes into our Cloudflare tunnel connector.
Automatically done. You don't need to do anything.
This is all like seconds, and it's done. Now, the beauty of Cloudflare is that we have this vast platform.
We have application security. We have network.
We have the SSE platform. We have our developer platform. Everything comes together in one piece.
Now, I can obviously borrow some elements from our application security services.
So I actually created something quite fun. If you click on the security tab, in the drop -down selector, there's a security rules.
This is basically the web application firewall.
Now, you have seen it before, right?
There was like a tiny managed challenge that you saw for a couple of seconds.
This is this rule. That's it. I only need to define a rule that says, if the hostname equals demo.cflap.com, show me a managed challenge.
Now, I could also just say block, and that's it, and hit save.
And so basically, what I've told the web application firewall is, now if you get requests for demo.cflap.com, don't respond anymore.
Bam.
Real time. Because as you guys know, everything that you deploy is live in Cloudflare actually in less than three seconds.
So rule deployments are not just here cached locally in Tallinn.
This is literally on the entire globe. So if you would connect now from Sao Paolo, Singapore, it doesn't matter.
The website is not accessible anymore.
Let's make sure I do not leave it like that, because I want to make sure that I can show you this in the future as well.
So that's why I go back to managed challenge and hit save.
Now, I have done another tiny setup.
You can see this here, which is called scripting protection.
To be fair, on that Mac mini, I haven't even bothered to set up a web server.
I downloaded an application from the app store, which is basically creating a web server.
Do I know if they have any security risk, if they ever patch it, if there's a breach whatsoever?
I don't trust them either, so I have borrowed another element from the web application firewall, which is a method request protection.
If you try to make a post purge, put, delete, and patch request, it will just simply be denied, and I will also show a response body for anyone that wants to actually try to do so.
And then I have done one more tiny thing, because, you know, why not?
Showing you more functionality. I have also created a rate limiting rule.
So you can see here, there's a refresh limiter. And I said, if you make 100 requests in one minute, I'm going to block it.
So let me quickly switch to my...
There you go.
I've already loaded a couple of times, so that's why you see this rate limiting hitting requests, which is basically allowing you not anymore to do so.
Now I need to wait a couple of minutes until it basically refreshes. But the cool thing is, if you think about it, you have now this Mac Mini, which is the web server, connected to Cloudflare tunnel, to the Cloudflare network.
That is layer 7 protected per default.
I could also potentially make some rules to only allow Cloudflare IP addresses to connect to my server anyway, which means I can kind of like turn off the entire vulnerability from external.
And even if you believe that you have found an exploit or whatever, the replication firewall will be the only way how to get in.
So that is a way of how you can expose a network resource directly.
So think of it like we're kind of like a supercharger for your internal web service that you could make accessible.
Now, I understand that this might be the use case that you guys have in mind, right?
I mean, technically speaking, if you have something which is not so important, you could expose it this way.
But we want to show you how you securely expose a network resource. So I'm going to do this next.
So the rule set is actually quite similar.
If you remember, I had this unify interface, which is basically my gateway.
That has obviously a web interface, but I don't want to use their way of connecting.
I will use Cloudflare's way of connecting. So the interface runs on 10.0.0.1.
That's it. So that's why the rule set is quite simple.
I have created router.cflab.com. You guys can go ahead and try it out yourself.
If you don't want to do it, I'll do it for you. It's actually quite easy because on the website that we had before, there we go.
There is also, you can, by the way, always access this.
So this is running all the time. There's this little button here, access my router.
Now, obviously, I wouldn't want you guys to access my router.
So we need to do something beforehand. What we're going to do is quite simple.
We go into our settings here in the Cloudflare environment.
We go on access. We go on application. And you can see here, I have a couple of applications.
It doesn't matter if you're hosting them yourself or they're SaaS applications.
It doesn't really matter. But in that case, I actually have a self-hosted application, which is my router.cflab.com.
It's super easy to create.
Think of it like this. You expose something, right? And now you want to build a wrapper around it.
You want to make sure that you have a security model around it.
That's what we do here with access application. So it's actually always straightforward.
The format is quite easy. You give it a name, a session duration.
You can let it expire immediately. Or you give it a duration so that, for example, employees wouldn't have to log in every hour or minute or second, right?
So it really depends on how you want to create access to certain applications.
You can do this on a general level. You can also do this on just per application.
But in my use case, quite straightforward. I have a 12-hour session duration.
I give it the subdomain cflab .com. I could now add additional functionality and features.
Now, next we head into the policy. You can obviously create policies from scratch.
But, for example, if you use Entra, you can just connect it and have basically a synchronization between Cloudflare with SCIM enabled.
And then you basically have all your policies and users already in there.
So you don't need to build it double or triple. But in my use case, I basically have a very simple rule set.
I have onboarded all my employees, let's call it like this, manually.
Think of it to MDM your mom's MacBook, which is never online.
So, yeah, we did the manual enrollment. And it's actually quite straightforward.
I basically defined certain selectors of when you can access, why you can access and call.
So you can see here next on the login methods. This is when you bring your IDPs.
So the cool thing is, think about merchant acquisitions.
Maybe you have everything on Google Workspace. And then comes another company that uses Okta and then Open Summer Connector, yada, yada, yada.
You can connect any of the IDPs that you want.
In my case, we even have a one-time PIN. Now, the one-time PIN is not something I would recommend you.
It's just more like, think about an application you want to make accessible when nothing is going to be insanely difficult or insecure and behind.
Then you could potentially use a one-time PIN to make it accessible.
But even for that, we have a solution because we can isolate this.
Anyway, login method is clear. You could give it some additional advanced settings or you can use a logo, an image just for the app launcher because we also have a beautiful app launcher.
And that's pretty much it. So now all you need to do is take an access my router.
And then now you will be greeted with Cloudflare access, which is basically just, think about like a bouncer in a club, like a bear cam and we are checking with issues you don't get in.
Now you have the way of authenticating.
And so we have a couple of methods as selected before.
We have my Okta developer license, we have an Azure AD login and we have a one-time PIN.
Now for this demonstration, I'm going to use Okta. So all I need to do is need to authenticate here.
Yeah, wait, obviously.
There we go. And then I need to do it like this. Yeah, let's put it like that.
Now, also one cool thing is, I mean, now in this case, you see you've been routed to Okta, right?
And technically speaking, the authentication is now being done by Okta.
But if I would want to define certain authentication methods, I can also create a rule for that.
So for example, I could say, yeah, you can authenticate against Okta.
You can use your fingerprint, whatever, face scan, whatsoever.
But I can also enforce that on a Cloudflare perspective, you read out what kind of login method has been chosen.
And in my use case, I could use the passkey, but I haven't made the application accessible that way.
So I need to do another multi-factor authentication.
I have a tiny YubiKey plugged in here, so I tap it really quick.
Then I can type in my password, tap it again. And now I'm being routed through the tunnel connector, authenticated into the UniFi's interface.
This is real time, this is live, this is not staged. So I'm going to run a speed test really quick so you can see.
But now what we have done is we have also exposed an application, but this time we've done it a little bit different.
This time we have secured this application.
So this is only accessible if you actually have an authenticated application.
So yeah, that is pretty much the demonstration for how you can make these things accessible.
Here's one tiny thing, since I have five more minutes, but I'm watching the time, don't worry about it.
Here's something cool. I showed you in this demo before that I had the Mac mini and the Windows PC.
Now, here's the thing. I've recently upgraded the PC. It's my flight simulator now.
But it uses 100 watts in standby. I don't know what it's doing, but it uses 100 watts in standby.
So I decided I'm not going to let it run all the time, which means, however, that in my theoretical demonstration, I have a vulnerability because I have only one tunnel connector running right now.
Do you know the term when you slap someone?
Let's wake up that Windows PC. So I have actually put it in standby, but I have built an access application which is called WakeOnLAN.
I don't know if you can see this, but I'm just going to make sure you see that I use the hand, the slapping motion.
We're going to just wake him up right now.
And since we have already an authentication, MagicPacket sent to my PC.
If I wouldn't have had the session token, I would have had to log in again.
But basically, this is the way of how we can wake him up.
And now let me go back into my overview.
It takes a couple of seconds before it's being recognized as being awake.
But this is the way of how you can now, for example, remotely trigger. Let me just refresh this really quick.
It might take a couple of seconds because it's cached.
Ah, there it was.
There you go. And now the second tunnel connector, which you can see here over there, it just came online.
So basically, this is how I slapped my Windows PC, or basically I rattled him to wake him up and make him accessible.
So you see, in a nutshell, it's actually super easy to connect your existing environment.
This could be literally an office location. This could be where your applications are running.
Maybe you have them still on-prem. Maybe you have them in the cloud.
It doesn't really matter. All you need to do is you connect them into the Cloudflare network.
And then you basically have Cloudflare being your super network.
It's accelerated. It's cached. It goes over Cloudflare's backbone. Just a tiny thing.
Just remember, and it's not because I'm running out of Tony, but actually we're always outdating our slides because you saw it was 350 terabit per second.
It's 388 terabit per second. When I started four years ago, we were at 76 terabit.
Now we are 388 terabit per second. And we have 13,000 direct peers, which means that pretty much any ISP on the globe directly connects with us.
Which means that if you think from the SASE perspective, the actual thing that you need is the last mile.
And that last mile might be your business Internet access to an ISP that is directly connected with us in, for example, Talend.
Which means you have one hop into the Cloudflare network.
And then wherever it goes, it's the Cloudflare network.
It's the Cloudflare universe. So it's ultra performant. In order to show you the performance, by the way, I forgot to show you one tiny thing.
That was actually the only reason why I kept this screen on running.
Remember when I made the vacant LAN request?
So I have a tiny Python script which is running on my Mac mini that basically pushes that Windows PC.
And when the request came in, it basically woke up the Windows PC.
And on the right hand side, this is that web server thingy that you can see, which is basically delivering the content.
To be fair, yes, Cloudflare caches.
So not a lot of things were actually pulled from that Mac mini because it's anyhow cached by Cloudflare.
But yeah, you can see you can make this all very easy.
Now, one tiny thing. I just want to show you something really cool.
The Cloudflare, and by the way, from that entire SaaSy portfolio, we touched like 5%, right?
So there is so much more. But Cloudflare can also be used for a secure web gateway.
So think about it like that. When you have the warp agent deployed, just as an example, you can use Cloudflare to egress into the public Internet, which allows us to inspect traffic, block certain malicious sources, and to make sure that your users are safe.
This is a functionality that is really fantastic.
But we have a tiny little cool thing on top of that. Think of the scenario that someone sends you, I don't know, like a message on WhatsApp and there's a link, you click it, you download something.
That's all going through the Cloudflare secure web gateway.
And now we can obviously say, well, we block certain access.
We don't allow access to certain applications or services or Internet destinations.
But we think that you need something else to make it actually still visible, but in the protected environment.
And that's where Cloudflare browser isolation comes ahead.
So I am now connected to this Wi-Fi and I'm using this machine.
So you can see this is the speed test of whatever we get here. Now, to be fair, this is the limitation of the network we get here.
And that's pretty much it, right?
So, OK, we got 42 megabits per second. Fantastic. That is basically the Internet that we get here.
But there's something else that you can do. So I can show it to you on this side.
Let me take the... There we go. OK.
Now, let me open fast.com on my iPad, which, keep in mind, is connected also to the same Wi-Fi.
But you will see something different. Magically, the speed increased. OK, let me ask you a question.
Do you have any idea why? Anyone? Anyone brave enough to challenge why is this actually much faster now?
OK, I'll tell you. OK. No, because actually what you see here is running in remote browser isolation on Cloudflare Edge.
So basically, that is the speed that you can get right now from a machine that is running in the Talend data center, just basically making the speed forward testing.
So there you can build a lot of cool things, but this is just a demo to hook you up.
Nutshell, because I'm an accountant, it's red. Nutshell, it's super easy to deploy your network.
It's extremely cost effective because we don't charge for traffic.
It's extremely performant. And I highly, highly invite you to test it out.
And if you want to grab me later on, we can actually make it in real time.
And should I ask the questions right now or do you want to do it?
I think you should ask questions. OK. Just grab yourself bags. OK. I'll start bringing them in.
OK, fantastic. So I've been told that I need to ask a couple of questions.
So let me start with a challenging one. Who remembers what are the ways of how you can connect a network to Cloudflare?
Anyone? No wrong answers. OK, there you go.
Perfect. What else? Do you remember? Come again? Well, it's the product definition, but yeah, Cloudflare works.
So I think this is the first right answer that we can give you.
Who remembers the actual network capacity of Cloudflare?
Anyone? Thank you so much. Fantastic.
Do you guys keep track of who actually should get a reward? I wasn't sure if you pick it up or I give it to you or Dennis.
Throw them in. Throw them in.
Yeah, you remember yourself. OK, one more question.
What could I ask? Yeah, OK. How do we charge for our SASE portfolio?
Is it based on traffic, based on user? Anyone, any ideas? OK, I think we don't have enough bags for all of you guys, but yeah, that's the correct answer.
So in a nutshell, I don't know if we should ask more and give them away.
You tell me.
More question? Hey, I'm streaking to the time, you know, so you don't tell me then.
Last question. OK, last question. Do you need for every service that you want to expose a Cloudflare D?
Who knows the answer?
Only one. Only one should have said it. But OK, fine. Thank you so much. I really appreciate it.
I'm off the stage because we have a tight program. We have a lot of cool speakers.
We have a lot of demos. So that's why I'm really looking forward to see everybody else.
I know you will hear a lot of AI today. Don't forget, SASE is the game that you also have to be in.
Thank you so much. I really appreciate it.
Thank you.
