[CF1] gateway access firewall policy precedence

deadlypants1973 · deadlypants1973 · commit 1f208243b02a · 2025-04-14T17:50:33.000+01:00
diff --git a/src/content/partials/cloudflare-one/gateway/order-of-precedence.mdx b/src/content/partials/cloudflare-one/gateway/order-of-precedence.mdx
@@ -7,4 +7,8 @@ import { Markdown } from "~/components"
 
 Order of precedence refers to the priority of individual policies within the {props.one} policy builder (lowest value first, or from top to bottom as shown in the dashboard). You can modify the order of precedence by dragging and dropping individual policies in the dashboard.
 
-In Gateway, the order of precedence follows the first match principle — once a site matches an Allow or Block policy, evaluation stops and no subsequent policies can override the decision. Therefore, we recommend putting the most specific policies and exceptions at the top of the list and the most general policies at the bottom.
+In Gateway, the order of precedence follows the first match principle — once a site matches an Allow or Block policy, evaluation stops and no subsequent policies can override the decision. Therefore, Cloudflare recommends putting the most specific policies and exceptions at the top of the list and the most general policies at the bottom.
+
+If Gateway traffic is headed to a private IP address protected by an Access application, that traffic will still be evaluated by the destination application's Access policies, even if a Gateway Allow rule matched first.
+
+This is expected behavior. A Gateway Allow policy does not override or bypass Access policies.
