Add missing network recommended policy

maxvp · maxvp · commit ad0e381a3d9a · 2025-02-11T16:33:49.000-06:00
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/recommended-network-policies.mdx
@@ -89,3 +89,12 @@ Implicitly deny all of your internal IP ranges included in a list. We recommend
 | Selector       | Operator | Value                  | Action |
 | -------------- | -------- | ---------------------- | ------ |
 | Destination IP | in list  | _Internal Network IPs_ | Block  |
+
+## All-NET-ApplicationAccess-Allow
+
+Only allow network traffic from known and approved devices.
+
+<Render
+	file="gateway/policies/dash-plus-api/network/enforce-device-posture"
+	product="cloudflare-one"
+/>
diff --git a/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx b/src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/network/enforce-device-posture.mdx
@@ -31,12 +31,8 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rules \
     "l4"
   ],
   "traffic": "any(net.sni.domains[*] == \"internalapp.com\")",
-	"device_posture": "not(any(device_posture.checks.passed[*] in {\"<Device Serial Numbers List UUID>\"}))",
-  "rule_settings": {
-    "block_page_enabled": true,
-    "block_reason": "This domain/IP was explicitly blocked by your network administrator. Please reach out to your helpdesk for assistance"
-    }
-	}'
+	"device_posture": "not(any(device_posture.checks.passed[*] in {\"<DEVICE_SERIAL_NUMBERS_LIST_UUID>\"}))"
+}'
 ```
 
 To get the UUIDs of your device posture checks, use the [List device posture rules](/api/resources/zero_trust/subresources/devices/subresources/posture/methods/list/) endpoint.
@@ -55,10 +51,6 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_resolvedip_blocklist_rule"
   filters     = ["l4"]
   traffic     = "any(net.sni.domains[*] == \"internalapp.com\")"
 	posture			=	"not(any(device_posture.checks.passed[*] in {\"${"$"}${cloudflare_zero_trust_list.allowed_devices_sn_list.id}\"}))"
-  rule_settings {
-      block_page_enabled = true
-      block_page_reason = "This domain/IP was explicitly blocked by your network administrator. Please reach out to your helpdesk for assistance"
-    }
 }
 ```
 
