|
| 1 | +--- |
| 2 | +title: Test your first application |
| 3 | +pcx_content_type: overview |
| 4 | +sidebar: |
| 5 | + order: 4 |
| 6 | +--- |
| 7 | + |
| 8 | +Securing an application is only the first step; you must also verify that your policies are working correctly and that your users have a good experience. Cloudflare's **Digital Experience Monitoring (DEX)** within **Cloudflare Zero Trust** is the ideal tool for this, allowing you to monitor application performance and test your access policies from the end-user perspective. |
| 9 | + |
| 10 | +The page below guides you through setting up a DEX test for your newly secured application. |
| 11 | + |
| 12 | +# Test your first application |
| 13 | + |
| 14 | +After securing your private application with Gateway DNS and Network policies, you should verify the policies are working as expected and monitor the application's performance. Cloudflare's **Digital Experience Monitoring (DEX)** provides the tools to do this. |
| 15 | + |
| 16 | +--- |
| 17 | + |
| 18 | +## What is Cloudflare DEX? |
| 19 | + |
| 20 | +**Digital Experience Monitoring (DEX)** gives administrators insights into the end-user connectivity and performance when connecting to resources, leveraging the same global network toolkit Cloudflare uses internally. |
| 21 | + |
| 22 | +DEX allows you to: |
| 23 | +* **Measure performance** for connecting to the Internet and applications. |
| 24 | +* **Track metrics** like response time averages from various locations. |
| 25 | +* **Test connectivity** to an application from a device running the **Cloudflare WARP client**. |
| 26 | + |
| 27 | +--- |
| 28 | + |
| 29 | +## Configure a DEX Test on a WARP Device |
| 30 | + |
| 31 | +You can set up synthetic tests—like **HTTP tests** or **Traceroute tests**—to continuously check the performance and availability of your internal application from your WARP-enrolled devices. |
| 32 | + |
| 33 | +For an application like the "Company Wiki" secured in the previous step (e.g., `wiki.internal.com` pointing to `10.128.0.10`), an **HTTP test** is the best way to verify access and measure performance. |
| 34 | + |
| 35 | +### 1. Create a DEX HTTP Test |
| 36 | + |
| 37 | +1. Open your Cloudflare Zero Trust dashboard. |
| 38 | +2. Go to **Analytics** > **DEX** > **Tests**. |
| 39 | +3. Create a new test and configure it for your application. For example: |
| 40 | + * **Test Type**: HTTP test |
| 41 | + * **Host**: The domain or IP of your application (e.g., `https://wiki.internal.com`). |
| 42 | + * **Interval**: How often the test should run (e.g., `15m` for every 15 minutes). |
| 43 | + * **Name**: `Company Wiki Health Check`. |
| 44 | + * **Enabled**: Set to **True**. |
| 45 | + |
| 46 | +### 2. Configure WARP Client Testing |
| 47 | + |
| 48 | +The test is conducted by the **WARP client** on devices enrolled in your organization. For the test to work, ensure the WARP client is installed, running, and the device is enrolled. |
| 49 | + |
| 50 | +The DEX test will automatically use the WARP client on enrolled devices to perform the configured checks. |
| 51 | + |
| 52 | +--- |
| 53 | + |
| 54 | +## View Performance Metrics |
| 55 | + |
| 56 | +Once the test is running, you can view the results to gain insights into your application's performance as experienced by your users. |
| 57 | + |
| 58 | +1. In the Cloudflare Zero Trust dashboard, go to **Analytics** > **DEX** > **Tests** > **View test results**. |
| 59 | +2. Select your new test to see the results. |
| 60 | + |
| 61 | +You can monitor key performance metrics like: |
| 62 | + |
| 63 | +* **Response Time Averages**: The total time it takes to get a response from your application. |
| 64 | +* **DNS Resolution Time**: How long it takes the Gateway DNS policy to resolve the application's domain. |
| 65 | +* **HTTP Status Codes**: Track successful responses (2xx) and quickly detect an increase in client (4xx) or server (5xx) errors, which helps identify issues with your application or policies. |
| 66 | + |
| 67 | +--- |
| 68 | + |
| 69 | +## Testing Policy Enforcement |
| 70 | + |
| 71 | +While DEX primarily focuses on experience and performance, the results can also indicate if your Gateway policies are correctly applied. |
| 72 | + |
| 73 | +Since policy enforcement is a fundamental function of Gateway, you should monitor the **Gateway Activity Logs** to see how your policies interact with traffic destined for your application. |
| 74 | + |
| 75 | +1. In the Cloudflare Zero Trust dashboard, go to **Analytics** > **Logs** > **Gateway activity logs**. |
| 76 | +2. Filter the logs for your application's domain (e.g., `wiki.internal.com`) or IP address (e.g., `10.128.0.10`). |
| 77 | +3. Check the **Action** column to verify that your explicit `Allow` DNS and Network policies are being applied, and that the catch-all `Block` policy is *not* being hit for authorized traffic. |
| 78 | + |
| 79 | +**Note**: While setting up, it is not recommended to employ a default-deny model while testing. Instead, build your explicit application policies and **monitor your logs** to determine if your policies are working as expected. |
0 commit comments