Skip to content

Commit 142d404

Browse files
maxvpmaxvp
committed
Add feedback from review
1 parent b461af1 commit 142d404

File tree

1 file changed

+18
-14
lines changed

1 file changed

+18
-14
lines changed

src/content/partials/cloudflare-one/gateway/order-of-enforcement.mdx

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -6,54 +6,58 @@ import { Render } from "~/components";
66

77
```mermaid
88
flowchart TB
9+
%% Accessibility
10+
accTitle: Gateway order of enforcement
11+
accDescr: Flowchart describing the order of enforcement for Gateway policies.
12+
913
subgraph Resolution["Resolution"]
1014
dns2["1.1.1.1"]
1115
dns4["Custom resolver"]
1216
dns3["Resolver policies <br>(Enterprise users only)"]
17+
n4["Internal DNS"]
1318
end
1419
subgraph DNS["DNS"]
1520
dns1["DNS policies"]
1621
Resolution
1722
end
18-
subgraph HTTP["HTTP"]
23+
subgraph HTTP["HTTP policies"]
1924
http1{{"Do Not Inspect policies"}}
20-
http2["Isolate policies <br>(with add-on)"]
25+
http2["Isolate policies <br>(with Browser Isolation add-on)"]
2126
http3["Allow, Block, Do Not Scan, Quarantine, Redirect policies"]
2227
https["HTTP (port 80) or<br>HTTPS (port 443)?"]
2328
end
24-
subgraph Network["Network"]
25-
network1["Network policies"]
26-
end
2729
subgraph Proxy["Proxy"]
2830
HTTP
29-
Network
31+
network1["Network policies"]
32+
n5["Non-HTTP(S) traffic"]
3033
end
3134
subgraph Egress["Egress"]
3235
egress1["Egress policies <br>(Enterprise users only)"]
3336
end
3437
start(["Traffic"]) --> dns0[/"DNS query"/] & http0["Network connections"]
35-
dns0 --> dns1
38+
dns0 ----> dns1
3639
dns1 -- Resolved by --> dns2
37-
dns1 -.-> dns3
40+
dns1 --> dns3
3841
dns3 -- Resolved by --> dns4
3942
dns2 -----> internet(["Internet"])
4043
dns4 -----> internet
41-
dns4 -.-> cloudflare["Private network services <br>(Cloudflare Tunnel, Magic WAN, etc.)"]
42-
http1 -. Inspect .-> http2
44+
dns4 -.-> cloudflare["Private network services <br>(Cloudflare Tunnel, Magic WAN, WARP Connector)"]
45+
http1 -- Do Not Inspect --> internet
46+
http1 -- Inspect --> http2
4347
http2 --> http3
4448
http0 --> magic["Magic Firewall"]
4549
magic --> egress1
4650
egress1 --> n2["Check for origin availability (TCP SYN)"]
4751
n2 --> network1
4852
http3 --> internet
49-
http1 -- Do Not Inspect --> internet
5053
https -- HTTPS --> http1
51-
https -. HTTP .-> http2
52-
network1 --> https
54+
https -- HTTP --> http2
55+
network1 --> https & n5
56+
dns3 --> n4 & dns2
57+
n5 -----> internet
5358
5459
https@{ shape: hex}
5560
http0@{ shape: lean-r}
56-
style DNS text-align:left
5761
```
5862

5963
## Priority between policy builders

0 commit comments

Comments
 (0)