Merge branch 'production' into ranbel/cf1-dash-updates

merge in ia changes

Author: ranbel

src/content/changelog/logs/2025-10-27-Sentinel-connector.mdx

@@ -0,0 +1,16 @@
+---
+title: "Azure Sentinel Connector"
+description: "New Azure Sentinel Connector based on Codeless Connector Framework (CCF)"
+date: "2025-10-27"
+---
+
+Logpush now supports integration with [Microsoft Sentinel](https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel).The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.
+
+This upgrade significantly streamlines log ingestion, improves security, and provides greater control:
+
+- Simplified Implementation: Easier for engineering teams to set up and maintain.
+- Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.
+- Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.
+- ata Lake Integration: Includes native integration with Data Lake.
+
+Find the new solution [here](https://marketplace.microsoft.com/en-us/product/azure-application/cloudflare.azure-sentinel-solution-cloudflare-ccf?tab=Overview) and refer to the [Cloudflare's developer documention](https://developers.cloudflare.com/analytics/analytics-integrations/sentinel/#supported-logs:~:text=WorkBook%20fields,-Analytic%20rules)for more information on the connector, including setup steps, supported logs and Microsfot's resources.

src/content/docs/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app.mdx

@@ -6,7 +6,7 @@ sidebar:
   label: Add a self-hosted private application
 ---
 
-import { Render } from "~/components";
+import { Render, GlossaryTooltip, } from "~/components";
 
 You can configure a self-hosted Access application to manage access to specific IPs or hostnames on your private network.
 
@@ -29,36 +29,50 @@ This feature replaces the legacy [private network app type](/cloudflare-one/acce
 	params={{ private: true }}
 />
 
-6.  Add the private IP and/or private hostname that represents the application. You can use [wildcards](/cloudflare-one/access-controls/policies/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
+6.  To add an application using its private IP:
+		1. Select **Add private IP**.
+		2. In **IP address**, enter the private IP or CIDR range that represents the application (for example, `10.0.0.1` or `172.16.0.0/12`).
+		3. In **Port**, enter a single port or a port range used by your application (for example, `22` or `8000-8099`).
 
-    :::note
-    Private hostnames are currently only available over port `443` over HTTPS and the application must have a valid Server Name Indicator (SNI). If you are configuring a private IP on any port other than `443` and plan to use Browser Isolation, note that this [will result in a Gateway block page](/cloudflare-one/remote-browser-isolation/known-limitations/#browser-isolation-is-not-compatible-with-private-ips-on-non-443-ports).
-    :::
+			Comma-separated lists of ports (such as `80, 443`) are not supported. To add multiple ports for a specific IP, you can select **Add private IP** and repeat the IP address with the other port. Alternatively, create a new Access application for the other port.
 
-7.  <Render file="access/add-access-policies" product="cloudflare-one" />
+7. To add an application using its private hostname:
+	1. Select **Add private hostname**.
+	2. In **Hostname**, enter the private hostname of the application (for example, `wiki.internal.local`). You can use [wildcards](/cloudflare-one/access-controls/policies/app-paths/) with private hostnames to protect multiple parts of an application that share a root path.
+	3. In **Port**, enter a single port or a port range used by your application (for example, `22` or `8000-8099`).
 
-8.  Configure how users will authenticate:
+	:::note
+	- **HTTPS applications**: Private hostnames explicitly set to port `443` (not including port ranges such as `441-444`) must have a valid Server Name Indicator (SNI).
+	- **Non-HTTPS applications**:  Private hostnames on non-`443` ports do not require a valid SNI value will be assigned an <GlossaryTooltip term="initial resolved IP">initial resolved IP</GlossaryTooltip>  in the CGNAT space. Ensure that the following IP addresses are not blocked by any firewalls or excluded from Gateway traffic:
+
+		<Render file="gateway/egress-selector-cgnat-ips" product="cloudflare-one"/>
+
+		For more details on private hostname routing, refer to [Connect a private hostname](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname/#prerequisites)
+
+8.  <Render file="access/add-access-policies" product="cloudflare-one" />
+
+9.  Configure how users will authenticate:
 
         1. Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
         2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
         3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
 
-9.  Select **Next**.
+10.  Select **Next**.
 
-10. (Optional) Configure [App Launcher settings](/cloudflare-one/access-controls/access-settings/app-launcher/) for the application.
+11. (Optional) Configure [App Launcher settings](/cloudflare-one/access-controls/access-settings/app-launcher/) for the application.
 
-11. <Render file="access/access-block-page" product="cloudflare-one" />
+12. <Render file="access/access-block-page" product="cloudflare-one" />
 
-12. Select **Next**.
+13. Select **Next**.
 
-13. <Render
+14. <Render
     	file="access/self-hosted-app/advanced-settings"
     	product="cloudflare-one"
     />
 
         These settings only apply to private hostnames and require [Gateway TLS decryption](/cloudflare-one/traffic-policies/http-policies/tls-decryption/).
 
-14. Select **Save**.
+15. Select **Save**.
 
 Users can now connect to your private application after authenticating with Cloudflare Access.
 
@@ -89,3 +103,7 @@ The WARP client manages sessions for all non-HTTPS applications. Users will rece
 ### Private hostname vs private IP
 
 An Access application defined by a private hostname takes precedence over an Access application defined by a private IP. For example, assume App-1 points to `wiki.internal.local` and App-2 points to `10.0.0.1`, but `wiki.internal.local` resolves to `10.0.0.1`. Users who go to `wiki.internal.local` will never match App-2; they will be allowed or blocked strictly based on App-1 Access policies (and [Gateway policies](#access-vs-gateway-policies)).
+
+## Limitations
+
+- Browser Isolation is only compatible with self-hosted applications on port `443`. For more information, refer to the [Browser Isolation documentation](/cloudflare-one/remote-browser-isolation/known-limitations/#browser-isolation-is-not-compatible-with-private-ips-on-non-443-ports).

src/content/docs/cloudflare-one/remote-browser-isolation/known-limitations.mdx

@@ -76,6 +76,6 @@ You no longer need to isolate both the Identity Provider (IdP) and Service Provi
 
 ## Browser Isolation is not compatible with private IPs on non-`443` ports
 
-Browser Isolation is not compatible with [self-hosted private applications](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) that use private IP addresses on ports other than `443`. Trying to access self-hosted applications defined by private IPs on ports other than `443` will result in a Gateway block page.
+Browser Isolation is not compatible with [self-hosted private applications](/cloudflare-one/access-controls/applications/non-http/self-hosted-private-app/) that use private IPs or hostnames on ports other than `443`. Trying to access self-hosted applications on non-`443` ports will result in a Gateway block page.
 
 To use Browser Isolation for an application on a private IP address with a non-`443` port, configure a [private network application](/cloudflare-one/access-controls/applications/non-http/legacy-private-network-app/) instead.

src/content/docs/cloudflare-one/traffic-policies/application-app-types.mdx

@@ -27,20 +27,28 @@ Gateway sorts applications into the following app type groups:
 | Value                                          | Definition                                                                                                                  |
 | ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
 | Artificial Intelligence                        | AI assistance applications                                                                                                  |
-| Audio Streaming                                | Music streaming, podcasts, and other audio applications                                                                     |
+| Business                                       | Applications used for general business purposes                                                                             |
 | Collaboration & Online Meetings                | Business communication and collaboration applications                                                                       |
 | Dating                                         | Online dating applications                                                                                                  |
 | Development                                    | Software development and development operations applications                                                                |
+| Education                                      | Applications used for educational purposes and e-learning                                                                   |
 | Email                                          | Email applications                                                                                                          |
+| Entertainment & Events                         | Applications used for entertainment content and event information                                                           |
 | Encrypted DNS                                  | DNS encryption applications                                                                                                 |
 | File Sharing                                   | File sharing applications                                                                                                   |
 | Finance & Accounting                           | Financial and accounting applications                                                                                       |
+| Food & Drink                                   | Applications related to food delivery and recipe services                                                                   |
 | Gaming                                         | Games and gaming applications                                                                                               |
+| Health & Fitness                               | Applications used for health monitoring and fitness tracking                                                                |
 | Human Resources                                | Employee management applications and workforce tools                                                                        |
 | Instant Messaging                              | Instant messaging applications                                                                                              |
 | IT Management                                  | IT deployment management applications                                                                                       |
 | Legal                                          | Legal tools and applications                                                                                                |
-| News                                           | News applications                                                                                                           |
+| Lifestyle                                      | Applications related to lifestyle and personal interests                                                                    |
+| Music & Audio Streaming                        | Applications used for streaming music and audio                                                                             |
+| Navigation                                     | Applications used for maps and navigation services                                                                          |
+| News, Books, & Magazines                       | Applications delivering news, books, and magazine content                                                                   |
+| Photography & Graphic Design                   | Applications used for photography and graphic design                                                                        |
 | Productivity                                   | Business and productivity applications                                                                                      |
 | Public Cloud                                   | Public cloud infrastructure management applications                                                                         |
 | Sales & Marketing                              | Sales and marketing applications                                                                                            |
@@ -49,7 +57,8 @@ Gateway sorts applications into the following app type groups:
 | Shopping                                       | Online shopping applications                                                                                                |
 | Social Networking                              | Social networking applications                                                                                              |
 | Sports                                         | Sports streaming and news applications                                                                                      |
-| Video Streaming                                | Video streaming applications                                                                                                |
+| Travel                                         | Video streaming applications                                                                                                |
+| Video Streaming & Editing                      | Applications used for streaming and editing video                                                                           |
 | [Do Not Inspect](#do-not-inspect-applications) | Applications incompatible with the TLS certificate required by the [Gateway proxy](/cloudflare-one/traffic-policies/proxy/) |
 
 ## Application hostnames