Skip to content

Commit 1233ed2

Browse files
ranbelranbel
committed
update egress diagram
1 parent 3890ded commit 1233ed2

File tree

1 file changed

+10
-7
lines changed

1 file changed

+10
-7
lines changed

src/content/docs/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared.mdx

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,21 +9,24 @@ import { Details } from "~/components";
99

1010
Cloudflare Tunnel can be used for source IP anchoring when you want to use existing egress IPs instead of purchasing [Cloudflare dedicated egress IPs](/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips/). Some third-party websites may have an Access Control List (ACL) that only allow connections from certain source IPs. If you already a non-Cloudflare IP on their allowlist (such an egress IP provided by an ISP or a cloud provider like AWS), you can configure `cloudflared` to anchor user traffic to the same IPs that you use today.
1111

12-
For example, assume that your organization's banking service, `app.bank.com`, expects user traffic to come from an AWS IP. You can install `cloudflared` in your AWS envirionment and add a public hostname route pointing to `app.bank.com`. When users connect to `app.bank.com` using the WARP client, Gateway will route their traffic down the corresponding Cloudflare Tunnel to AWS. The traffic can then egress to the public Internet using your AWS egress IP.
12+
For example, assume that your organization's banking service, `app.bank.com`, expects user traffic to come from an AWS IP. You can install `cloudflared` in your AWS environment and add a public hostname route pointing to `app.bank.com`. When users connect to `app.bank.com` using the WARP client, Gateway will route their traffic down the corresponding Cloudflare Tunnel to AWS. The traffic can then egress to the public Internet using your AWS egress IP.
1313

1414
```mermaid
1515
flowchart LR
1616
subgraph aws["AWS VPC"]
17-
cloudflared["cloudflared"]--> rules["Egress rules"]
17+
cloudflared["cloudflared"]
1818
end
1919
subgraph cloudflare[Cloudflare]
20-
resolver["Gateway
21-
resolver"]
20+
gateway["Gateway"]
21+
end
22+
subgraph internet[Internet]
23+
resolver[1.1.1.1]
24+
app[Application]
2225
end
2326
warp["WARP
24-
clients"]--"app.bank.com"-->resolver
25-
resolver-->cloudflared
26-
rules--AWS egress IP -->I{Internet}
27+
clients"]--"app.bank.com"-->gateway--"Network traffic"-->cloudflared
28+
gateway<-.DNS lookup.->resolver
29+
aws--AWS egress IP -->app
2730
```
2831

2932
## Prerequisites

0 commit comments

Comments
 (0)