cloudflare · RebeccaTamachiro · Feb 21, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 21, 2025
@@ -12,11 +12,6 @@ head:
 
 ---
 
-:::caution[Warning]
-
-Cloudflare Aegis is available in early access to Enterprise customers. Contact your account team to request access.
-:::
-
 When you use Cloudflare [as a reverse proxy](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy), [Cloudflare's global network](https://www.cloudflare.com/network/) sits between client requests and your origin servers.
 
 ```mermaid
@@ -39,10 +34,8 @@ Ingress refers to the data center where the client request lands on, based on In
 
 Traditionally, Cloudflare maintains a very large pool of egress IPs that are used by all Cloudflare customers and are [publicly documented](https://www.cloudflare.com/ips/). With Aegis, Cloudflare provides dedicated egress IP addresses that are reserved for you.
 
-:::caution[Warning]
-
+:::note
 Each dedicated egress pool can consist of either IPs from a [BYOIP prefix](/byoip/) or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.
-
 :::
 
 ## Benefits

@@ -2,7 +2,7 @@
 title: Configuration options
 pcx_content_type: navigation
 sidebar:
-  order: 2
+  order: 5
   group:
     hideIndex: true
 ---

@@ -17,7 +17,15 @@ Leverage dedicated IPs to improve your origin security and implement Zero Trust.
 
 <Plan type="enterprise" />
 
-Cloudflare Aegis provides dedicated egress IPs (from Cloudflare to your origin) for your layer 7 [WAF](/waf/) and <GlossaryTooltip term="content delivery network (CDN)">CDN</GlossaryTooltip> services, as well as [Spectrum](/spectrum/). The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses. Both [BYOIP](/byoip) and Cloudflare-leased IPs are supported by Cloudflare Aegis.
+Cloudflare Aegis provides dedicated egress IPs (from Cloudflare to your origin) for your layer 7 [WAF](/waf/) and <GlossaryTooltip term="content delivery network (CDN)">CDN</GlossaryTooltip> services, as well as [Spectrum](/spectrum/). The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses.
+
+Both [BYOIP](/byoip) and Cloudflare-leased IPs are supported by Cloudflare Aegis.
+
+
+:::caution[Availability]
+Cloudflare Aegis is available in early access to Enterprise customers. Contact your account team to request access.
+:::
+
 
 ***
 

@@ -0,0 +1,36 @@
+---
+title: Setup
+pcx_content_type: how-to
+sidebar:
+  order: 2
+  group:
+    hideIndex: true
+---
+
+You can control Aegis enablement on your zones via API. If you are not familiar with how Cloudflare API works, refer to [Fundamentals](/fundamentals/api/).
+
+:::caution[Availability]
+Cloudflare Aegis is available in early access to Enterprise customers. Contact your account team to request access.
+:::
+
+## Requirements
+
+- The Aegis zone setting endpoint is only available within Cloudflare accounts that own leased IPs, or accounts to which a [BYOIP prefix](/byoip/) has been delegated. If you wish to use Aegis for zones that do not meet this criteria, contact your account team.
+- Each Aegis pool can consist of either IPs from a BYOIP prefix or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.
+
+## Steps
+
+1. Contact your account team to get the ID for your dedicated egress pool.
+2. Make a `PATCH` request to the [Edit Zone Setting](/api/resources/zones/subresources/settings/methods/edit/) endpoint:
+- Specify `aegis` as the setting ID in the URL.
+- In the request body, set `enabled` to `true` and use the ID from the previous step as `pool_id`.
+
+```bash
+--data '{
+  "id": "aegis",
+  "value": {
+    "enabled": true,
+    "pool_id": "<YOUR_EGRESS_POOL_ID>"
+  },
+}'
+```