Add common policy

Author: maxvp

src/content/docs/cloudflare-one/policies/gateway/network-policies/common-policies.mdx

@@ -165,6 +165,41 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 
 </TabItem> </Tabs>
 
+## Filter HTTP traffic when inspecting on all ports
+
+If your organization blocks traffic by default with a network policy and you want to [inspect HTTP traffic on all ports](/cloudflare-one/policies/gateway/network-policies/protocol-detection/#inspect-on-all-ports), you need to explicitly allow HTTP and TLS traffic to filter it.
+
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector          | Operator | Value  | Logic | Action |
+| ----------------- | -------- | ------ | ----- | ------ |
+| Detected Protocol | is       | _TLS_  | Or    | Allow  |
+| Detected Protocol | is       | _HTTP_ |       |        |
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+--data '{
+  "name": "Allow on inspect all ports",
+  "description": "Filter TLS traffic when using inspect all ports",
+  "enabled": true,
+  "action": "allow",
+  "filters": [
+    "l4"
+  ],
+  "traffic": "net.detected_protocol == \"tls\" or net.detected_protocol == \"http\"",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
+
 ## Restrict access to private networks
 
 Restrict access to resources which you have connected through [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/).

src/content/partials/cloudflare-one/gateway/inspect-on-all-ports.mdx

@@ -7,6 +7,6 @@ import { Markdown } from "~/components";
 
 By default, Gateway will only inspect HTTP traffic through port `80`. Additionally, if you [turn on TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/#turn-on-tls-decryption), Gateway will inspect HTTPS traffic through port `443`.
 
-To detect and inspect HTTP and HTTPS traffic on ports other than `80` and `443`, <Markdown text={props.turnOnProcedure} />.
+To detect and inspect HTTP and HTTPS traffic on ports in addition to `80` and `443`, <Markdown text={props.turnOnProcedure} />.
 
-Inspecting traffic on all ports works best if you deny all traffic by default using network policies. By default, Gateway allows all traffic. If you do not configure a default deny, Gateway will allow all non-HTTPS TLS traffic, and you will not be able to filter this traffic based on protocol.
+Inspecting traffic on all ports works best if you allow all traffic by default. If your organization uses a network policy to block all traffic by default, Gateway will allow all non-HTTPS TLS traffic, and you will not be able to filter this traffic based on protocol. To use HTTP policies to filter all TLS traffic on all ports when using a default Block network policy, [create a network policy to explicitly allow HTTP and TLS traffic](/cloudflare-one/policies/gateway/network-policies/common-policies/#allow-only-approved-traffic).