diff --git a/gateway_policy.tf b/gateway_policy.tf
new file mode 100644
index 0000000..65bcb1b
--- /dev/null
+++ b/gateway_policy.tf
@@ -0,0 +1,120 @@
+# =============================================================================
+# CLOUDFLARE : Gateway : Policy
+# =============================================================================
+
+# 
+resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" {
+  account_id = local.cloudflare_account_id
+  action = "allow"
+  name = "block bad websites"
+  description = "Block bad websites based on their host name."
+  device_posture = "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})"
+  enabled = true
+  expiration = {
+    expires_at = "2014-01-01T05:20:20Z"
+    duration = 10
+  }
+  filters = ["http"]
+  identity = "any(identity.groups.name[*] in {\"finance\"})"
+  precedence = 0
+  rule_settings = {
+    add_headers = {
+      My-Next-Header = ["foo", "bar"]
+      X-Custom-Header-Name = ["somecustomvalue"]
+    }
+    allow_child_bypass = false
+    audit_ssh = {
+      command_logging = false
+    }
+    biso_admin_controls = {
+      copy = "remote_only"
+      dcp = true
+      dd = true
+      dk = true
+      download = "enabled"
+      dp = false
+      du = true
+      keyboard = "enabled"
+      paste = "enabled"
+      printing = "enabled"
+      upload = "enabled"
+      version = "v1"
+    }
+    block_page = {
+      target_uri = "https://example.com"
+      include_context = true
+    }
+    block_page_enabled = true
+    block_reason = "This website is a security risk"
+    bypass_parent_rule = false
+    check_session = {
+      duration = "300s"
+      enforce = true
+    }
+    dns_resolvers = {
+      ipv4 = [{
+        ip = "2.2.2.2"
+        port = 5053
+        route_through_private_network = true
+        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+      }]
+      ipv6 = [{
+        ip = "2001:DB8::"
+        port = 5053
+        route_through_private_network = true
+        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+      }]
+    }
+    egress = {
+      ipv4 = "192.0.2.2"
+      ipv4_fallback = "192.0.2.3"
+      ipv6 = "2001:DB8::/64"
+    }
+    ignore_cname_category_matches = true
+    insecure_disable_dnssec_validation = false
+    ip_categories = true
+    ip_indicator_feeds = true
+    l4override = {
+      ip = "1.1.1.1"
+      port = 0
+    }
+    notification_settings = {
+      enabled = true
+      include_context = true
+      msg = "msg"
+      support_url = "support_url"
+    }
+    override_host = "example.com"
+    override_ips = ["1.1.1.1", "2.2.2.2"]
+    payload_log = {
+      enabled = true
+    }
+    quarantine = {
+      file_types = ["exe"]
+    }
+    redirect = {
+      target_uri = "https://example.com"
+      include_context = true
+      preserve_path_and_query = true
+    }
+    resolve_dns_internally = {
+      fallback = "none"
+      view_id = "view_id"
+    }
+    resolve_dns_through_cloudflare = true
+    untrusted_cert = {
+      action = "error"
+    }
+  }
+  schedule = {
+    fri = "08:00-12:30,13:30-17:00"
+    mon = "08:00-12:30,13:30-17:00"
+    sat = "08:00-12:30,13:30-17:00"
+    sun = "08:00-12:30,13:30-17:00"
+    thu = "08:00-12:30,13:30-17:00"
+    time_zone = "America/New York"
+    tue = "08:00-12:30,13:30-17:00"
+    wed = "08:00-12:30,13:30-17:00"
+  }
+  traffic = "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
+}
\ No newline at end of file