Access a Private Web Application

In this guide, we'll use Firezone to set up access to a private web application such as GitLab or Metabase. This is useful when you have a web app hosted behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.

This steps in this guide can be effectively applied to virtually any service, not just web applications.

Prerequisites

  • A Site that will contain the web app you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this web app is located.

For reliable access to high-traffic web apps, set up multiple Gateways for load balancing. See Deploying multiple Gateways.

Step 1: Create a Resource

  1. In your admin portal, open Sites in the left sidebar, select your Site, open the Resources tab, and click Add a resource.
  2. Select DNS as the Resource type.
  3. Enter the address of the web app you want to secure access to. For example: metabase.company.com. This address must be resolvable by all of the Gateway(s) in your Site.
  4. Optionally, add a traffic restriction for TCP/80 and/or TCP/443 to further limit access to this Resource to HTTP and/or HTTPS traffic only (Team and Enterprise plans).
  5. Enter a descriptive name for the Resource, e.g. Procurement team Metabase instance. This will be used to identify the Resource in the Firezone admin portal.

Step 2: Create a Policy

  1. Back in the left sidebar, open Policies, then click New Policy.
  2. Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.

Step 3: Done!

You've now secured access to your private web app with Firezone. You can now test access from any signed-in Client by visiting the address you specified in Step (1).


Need help? See all support options.

Found a problem with this page? Open an issue
Last updated: July 01, 2026