You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/partials/cloudflare-one/gateway/extended-email.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,4 +62,4 @@ By default, Gateway will either filter only exact matches or all extended varian
62
62
63
63
</Details>
64
64
65
-
To force Gateway to match all email address variants, go to **Settings** > **Network** > **Firewall** and turn on **Match extended email addresses**. This setting applies to all firewall, egress, and resolver policies.
65
+
To force Gateway to match all email address variants, go to **Traffic policies** > **Traffic settings** > **Policy settings** and turn on **Match extended email addresses**. This setting applies to all firewall, egress, and resolver policies.
Copy file name to clipboardExpand all lines: src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,23 +22,23 @@ If WARP is stuck in the `Disconnected` state or frequently changes between `Conn
22
22
23
23
This step is only needed if users access your application via a private hostname (for example, `wiki.internal.local`).
24
24
25
-
- If you are using [custom resolver policies](/cloudflare-one/traffic-policies/resolver-policies/) to handle private DNS, go to your Gateway DNS logs (**Logs** > **Gateway** > **DNS**) and search for DNS queries to the hostname.
25
+
- If you are using [custom resolver policies](/cloudflare-one/traffic-policies/resolver-policies/) to handle private DNS, go to your Gateway DNS logs (**Insights** > **Logs** > **DNS query logs**) and search for DNS queries to the hostname.
26
26
27
-
- If you are using [Local Domain Fallback](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/local-domains/) to handle private DNS, go to your Gateway Network logs (**Logs** > **Gateway** > **Network**) and search for port `53` traffic to your DNS server IP.
27
+
- If you are using [Local Domain Fallback](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/local-domains/) to handle private DNS, go to your Gateway Network logs (**Insights** > **Logs** > **Network logs**) and search for port `53` traffic to your DNS server IP.
28
28
29
29
If there are no relevant Gateway logs, it means that WARP was unable to forward the query to your private DNS server. Check your resolver policies or Local Domain Fallback configuration and refer to [How WARP handles DNS requests](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/#how-the-warp-client-handles-dns-requests).
30
30
31
31
## 3. Is network traffic to the application going through WARP?
32
32
33
-
Next, check if your Gateway Network logs (**Logs** > **Gateway** > **Network**) show any traffic to the destination IP.
33
+
Next, check if your Gateway Network logs (**Insights** > **Logs** > **Network logs**) show any traffic to the destination IP.
34
34
35
35
If WARP is connected but there are no network logs, it means that your private network IPs are not routing through WARP. You can confirm this by [searching the routing table](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/warp-architecture/#routing-table) on the device for the IP address of your application. Traffic to your application should route through the Cloudflare WARP interface. If another interface is used, [check your Split Tunnel configuration](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/#3-route-private-network-ips-through-warp).
36
36
37
37
## 4. Is the user blocked by a Gateway policy?
38
38
39
39
To check if a Gateway block event occurred:
40
40
41
-
1. Go to **Logs** > **Gateway** and select the **DNS**, **Network**, or **HTTP** tab.
41
+
1. Go to **Insights** > **Logs** and select the **DNS query logs**, **Network logs**, or **HTTP request logs**.
42
42
2. Apply the following filters:
43
43
-**Email**: User's email address
44
44
-**Event**: _Blocked_
@@ -49,13 +49,13 @@ To check if a Gateway block event occurred:
49
49
Determine whether the user is matching any policy, or if they are matching a policy that has a higher priority than the expected policy.
50
50
51
51
1. To determine the actual policy that was applied:
52
-
1. Go to **Logs** > **Gateway** and select the **DNS**, **Network**, or **HTTP** tab.
52
+
1. Go to **Insights** > **Logs** and select the **DNS query logs**, **Network logs**, or **HTTP request logs**.
53
53
2. Apply the following filters:
54
54
-**Email**: User's email address
55
55
-**Date Time Range**: Time period when the user accessed the application
56
56
3. In the search box, filter by the destination IP or FQDN.
57
57
4. In the results, select a log and note its **Policy Name** value.
58
-
2. Go to **Gateway** > **Firewall Policies** and compare the [order of enforcement](/cloudflare-one/traffic-policies/order-of-enforcement/) of the matched policy versus the expected policy.
58
+
2. Go to **Traffic policies** > **Firewall policies** and compare the [order of enforcement](/cloudflare-one/traffic-policies/order-of-enforcement/) of the matched policy versus the expected policy.
59
59
3. Compare the Gateway log values with the expected policy criteria.
60
60
61
61
- If the mismatched value is related to identity, [check the user registry](/cloudflare-one/insights/logs/users/) and verify the values that are passed to Gateway from your IdP. Cloudflare updates the registry when the user enrolls in the WARP client. If the user's identity is outdated, ask the user to re-authenticate WARP (**Preferences** > **Account** > **Re-Authenticate Session**).
0 commit comments