In this guide, we'll use Firezone to set up access to a private web application such as GitLab or Metabase. This is useful when you have a web app hosted behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.

This steps in this guide can be effectively applied to virtually any service, not just web applications.


  • A Site that will contain the web app you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this web app is located.

For reliable access to high-traffic web apps, set up multiple Gateways for load balancing. See Deploying multiple Gateways.

Step 1: Create a Resource

  1. In your admin portal, go to Sites -> <site> and click the Add Resource button.
  2. Select DNS as the Resource type.
  3. Enter the address of the web app you want to secure access to. For example: This address must be resolvable by all of the Gateway(s) in your Site.
  4. Optionally, add a traffic restriction for TCP/80 and/or TCP/443 to further limit access to this Resource to HTTP and/or HTTPS traffic only (Team and Enterprise plans).
  5. Enter a descriptive name for the Resource, e.g. Procurement team Metabase instance. This will be used to identify the Resource in the Firezone admin portal.
Create a Resource

Step 2: Create a Policy

  1. In the Policies tab, click the Add Policy button.
  2. Create a Policy for the Resource you created in Step (1). Be sure to select the appropriate Group and Resource for the Policy.

Step 3: Done!

You've now secured access to your private web app with Firezone. You can now test access from any signed-in Client by visiting the address you specified in Step (1):

Access the web app

Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs:
Last updated: May 09, 2024