You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared.mdx
+8-5Lines changed: 8 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,12 +37,15 @@ To learn more about how Gateway applies hostname-based policies, refer to the [C
37
37
38
38
## Prerequisites
39
39
40
-
-[Connect your private network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/) to Cloudflare using `cloudflared`. In the AWS example shown above, you would connect the private CIDR block of your AWS VPC.
41
40
- User traffic is on-ramped to Gateway using one of the following methods:
42
41
43
42
<Renderfile="gateway/egress-selector-onramps" />
44
43
45
-
## 1. Add a public hostname route
44
+
## 1. Connect your private network
45
+
46
+
[Connect your private network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/) to Cloudflare using `cloudflared`. For example, if you want traffic to egress from AWS, connect the private CIDR block of your AWS VPC.
47
+
48
+
## 2. Add a public hostname route
46
49
47
50
To route a public hostname through Cloudflare Tunnel:
48
51
@@ -56,7 +59,7 @@ To route a public hostname through Cloudflare Tunnel:
56
59
57
60
5. Select **Create route**.
58
61
59
-
## 2. Route network traffic through WARP
62
+
## 3. Route network traffic through WARP
60
63
61
64
If your traffic is onboarded using WARP, ensure that traffic to the following IP addresses route through the WARP tunnel to Gateway:
62
65
@@ -75,9 +78,9 @@ To route `100.80.0.0/16` through WARP:
75
78
76
79
To route your private network's CIDR block through WARP, refer to [Connect a private network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/#3-route-private-network-ips-through-warp).
77
80
78
-
## 3. (Optional) Configure network policies
81
+
## 4. (Optional) Configure network policies
79
82
80
-
You can bulid[Gateway network policies](/cloudflare-one/policies/gateway/network-policies/) to filter HTTPS traffic to your public hostname on port 443. For example, suppose that you want to block all WARP users from accessing `app.bank.com` except for a specific set of users or groups. Additionally, those authorized users should only access `app.bank.com` using your AWS egress IP. You can accomplish this using two policies: the first allows specific users to reach `app.bank.com`, and the second blocks all other port 443 traffic to `app.bank.com`.
83
+
You can build[Gateway network policies](/cloudflare-one/policies/gateway/network-policies/) to filter HTTPS traffic to your public hostname on port 443. For example, suppose that you want to block all WARP users from accessing `app.bank.com` except for a specific set of users or groups. Additionally, those authorized users should only access `app.bank.com` using your AWS egress IP. You can accomplish this using two policies: the first allows specific users to reach `app.bank.com`, and the second blocks all other port 443 traffic to `app.bank.com`.
0 commit comments