In this guide, you will find all the information you need to begin migrating your account from Cloudflare to DNSFilter. Here we will discuss how to:
- Add your first site
- Migrate your policies from Cloudflare to DNSFilter
- Switch to DNSFilter roaming clients
- Sync users from your Active Directory (AD) using our AD Sync tool
- Set up an admin account as an MSP partner
Migration First Steps
Creating Sites on DNSFilter
Sites on DNSFilter are the equivalent of Cloudflare’s Locations. Sites can be created in the DNSFilter dashboard on the Deployments -> Sites page. For more details you can access our Adding your Site article.
Migrating your network policies
Security (threat) and Content filtering categories on Cloudflare differ from the ones on DNSFilter, however; there are relationships between the two.
While Cloudflare’s categories are more elaborate and often include subcategories, DNSfilter’s categories are simpler and encompassing. However, each content/security category in Cloudflare maps to a corresponding content/threat category on DNSFilter.
To see how these two categorization sets relate, we have developed a table where we mapped each category on Cloudflare with the corresponding DNSFilter equivalent. This is useful for you to create new policies in DNSFilter that match your Cloudflare policies.
DNSFilter’s bulk Allow list and Block list CSV import tool within the policy settings can also be used to import Cloudflare Lists.
DNSFilter policies also have features that are similar to that of Cloudflare for performing tasks such as Application Blocking (AppAware) and SafeSearch (per search engine)
For more details on adding a policy on DNSFilter, you can refer to these articles:
Replacing WARP, Cloudflare’s roaming agent
For offsite protection, you need to replace all your WARP installations with DNSFilter’s roaming clients. Do note that you need to uninstall all your Warp agents from all your endpoint devices before you install roaming clients for DNSFilter (do not install/run them side by side).
DNSFilter currently has roaming clients for the following platforms:
DNSFilter supports (and encourages) the use of Remote Monitoring and Management (RMM) tools and Mobile Device Management (MDM) tools for managing and automating the deployment of its roaming clients.
To get started with DNSFilter’s roaming clients and for more information on deploying roaming clients for different platforms, check out our getting started article.
For organizations with on-prem or cloud-based Active Directory (Azure AD), DNSFilter provides a user management synchronization tool, the Active Directory Sync Tool. This tool helps set up accounts for all your Active Directory users on DNSFilter.
When utilizing the on-prem Active Directory or cloud-based Azure Active Directory, install the DNSFilter sync tool on a domain join machine for on-prem and on any machine for Azure. For full use of Active Directory syncing, we require DNSFilter’s Windows Roaming Client to be installed on endpoints.
For more details on using DNSFilter’s Sync tool for Active Directory, check out the following articles:
Without Active Directory or for users outside AD, migration of users is still a manual process.
Setting up an Administrative Account as an MSP partner
There are various benefits to becoming an MSP partner with DNSFilter, these include a multi-tenant web application for managing different organizations' accounts, global policies that can be shared by sub-organizations, and the ability to white-label the DNSFilter interface.
Below are the steps for setting up an MSP administrative account:
- Sign-up for the partner program using the link under the main navigation in the dashboard (if you select MSP as your industry during signup) or use this link directly (for any industry) which activates the multi-tenant/MSP dashboard
- Feel free to test policies and deployments in the single organization account created on signup but note that transferring policies, sites, and roaming clients to other sub-organizations after partner activation is not possible
- A sub-organization matching the name of the MSP account is available for internal use and/or testing
- Configure your Whitelabel settings in the MSP Dashboard as desired, this includes:
- Adding your MSP’s logo
- CNAME Mapping (Custom URL)
- Any custom “from” email address
- Create your sub-organizations
- Create and configure global policies and global block pages in the MSP dashboard
- Create sites in your sub-organizations and apply a global policy or a unique sub-org-only policy
- Deploy roaming clients via RMM/MDM or custom scripting
- Deploy relay, if required
- Sync Active Directory users in AD environments