[CF1] UI instruction updates (#26134)

ranbel · web-flow · commit f2d0e8671390 · 2025-10-28T18:09:07.000-04:00
* move mtls

* update links

* move tanium

* gateway block page

* split out app launcher customization

* fix links

* fix links

* cleanup chart

* ui updates

* Update src/content/glossary/cloudflare-one.yaml

* proxy
diff --git a/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx b/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx
@@ -52,8 +52,8 @@ To select which Exact Data Match columns to use, you will need to [reupload any
 <Details header="Upload an Exact Data Match dataset">
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **Detection entries**.
-2. Go to **Datasets**.
-3. Select **Add a dataset**. In **Exact Data Match (EDM)**, choose **Select**.
+2. From the **Datasets** tab, select **Add a dataset**.
+3. Select **Exact Data Match (EDM)**.
 4. Upload your dataset file. Select **Next**.
 5. Review and choose the detected columns you want to include. Select **Next**.
 6. Name your dataset. Optionally, add a description. Select **Next**.
@@ -66,8 +66,8 @@ DLP will encrypt your dataset and save its hash.
 <Details header="Upload a Custom Wordlist dataset">
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **Detection entries**.
-2. Go to **Datasets**.
-3. Select **Add a dataset**. In **Custom Wordlist (CWL)**, choose **Select**.
+2. From the **Datasets** tab, select **Add a dataset**.
+3. Select **Custom Wordlist (CWL)**.
 4. Name your dataset. Optionally, add a description.
 5. (Optional) In **Settings**, turn on **Enforce case sensitivity** to require matched values to contain exact capitalization.
 6. In **Upload file**, choose your dataset file.
diff --git a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx
@@ -23,7 +23,7 @@ Cloudflare Gateway can log the following types of PII:
 
 Enabling this setting means Cloudflare Gateway will log activity without storing any employee PII. Changes to this setting will not change PII storage of any previous logs. This means if Exclude PII is enabled and then disabled, there will be no PII data for logs captured while Exclude PII was enabled. The PII data will be unavailable to all roles within your Zero Trust organization, including the Super Admin.
 
-To enable or disable this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Settings** > **Network** > **Exclude PII**.
+To enable or disable this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Traffic policies** > **Traffic settings** > **Exclude personally identifiable information (PII) from logs**.
 
 ## Redact PII
 
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx
@@ -129,7 +129,7 @@ To turn off SSH command logging, delete your uploaded public key:
 <Tabs>
 <TabItem label="Dashboard">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network** > **SSH encryption public key**.
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings** > **SSH log encryption public key**.
 
 2. Select **Remove**.
 
diff --git a/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx b/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx
@@ -19,6 +19,6 @@ If you want to apply Isolate policies based on user identity, you will need to e
    - Configure your browser to forward traffic to a Gateway proxy endpoint with [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/).
    - Connect your enterprise site router to Gateway with the [anycast GRE or IPsec tunnel on-ramp to Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/).
 3. Enable non-identity browser isolation:
-   1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Browser isolation** > *Browser isolation settings**.
-   2. Turn on **Non-identity on-ramp support**.
+   1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Browser isolation** > **Browser isolation settings**.
+   2. Turn on **Allow isolated HTTP traffic when user identity is unknown**.
 4. Build a non-identity [HTTP policy](/cloudflare-one/remote-browser-isolation/isolation-policies/) to isolate websites in a remote browser.
diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx
@@ -31,8 +31,8 @@ Cloudflare One enables you to restrict access to your applications to devices ru
 
 ## 1. Enable the WARP check
 
-1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Settings** > **Network**.
-2. Ensure that **Proxy** is enabled.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**.
+2. Ensure that *Allow Secure Web Gateway to proxy traffic** is enabled.
 3. Go to **Reusable components** > **Posture checks**.
 4. In **WARP client checks**, select **Add a check**.
 5. Select **WARP**, then select **Save**.
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -129,7 +129,7 @@ The [WARP Diagnostics Analyzer](/cloudflare-one/team-and-resources/devices/warp/
 
 After you run a [DEX remote capture](#option-a-collect-logs-via-the-cloudflare-dashboard) for WARP diagnostics:
 
-1. Go to **DEX** > **Remote captures**.
+1. Go to **Insights** > **Digital experience** and select the **Diagnotics** tab.
 2. Find your capture in the list of captures.
 3. Select the three-dot icon next to **Status** > select **View WARP Diag** to generate an AI summary.
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx b/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx
@@ -20,8 +20,8 @@ An account can have any number of additional dedicated egress IPs. To request ad
 To start routing traffic through dedicated egress IPs:
 
 1. Contact your account team to obtain a dedicated egress IP.
-2. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**.
-3. In **Firewall**, turn on **Proxy**.
+2. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**.
+3. Turn on **Allow Secure Web Gateway to proxy traffic**.
 4. Select **TCP**.
 5. (Optional) Select **UDP**. This will allow HTTP/3 traffic to egress with your dedicated IPs.
 
diff --git a/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx
@@ -49,8 +49,8 @@ flowchart TD
 
 To begin quarantining downloaded files, turn on file sandboxing:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**.
-2. In **Firewall**, turn on **File sandboxing**.
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**.
+2. Turn on **File sandboxing**.
 3. (Optional) To block requests containing [non-scannable files](#non-scannable-files), select **Block requests for files that cannot be scanned**.
 
 You can now create [Quarantine HTTP policies](/cloudflare-one/traffic-policies/http-policies/#quarantine) to determine what files to scan in the sandbox.
diff --git a/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx b/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx
@@ -318,7 +318,7 @@ The inferred network protocol based on Cloudflare's [protocol detection](/cloudf
 <Render file="gateway/selectors/protocol" product="cloudflare-one" />
 
 :::note
-To enable Gateway filtering on TCP and UDP, go to **Settings** > **Network** > **Proxy**. Network policies apply to all enabled protocols unless you use the **Protocol** selector within a policy.
+To enable Gateway filtering on TCP and UDP, go to **Traffic policies** > **Traffic settings** > **Allow Secure Web Gateway to proxy traffic**. Network policies apply to all enabled protocols unless you use the **Protocol** selector within a policy.
 :::
 
 ### Proxy Endpoint
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx
@@ -11,8 +11,8 @@ import { Render } from "~/components";
 
 ## Enable the proxy
 
-1. Go to **Settings** > **Network**.
-2. Enable **Proxy** for TCP.
+1. Go to **Traffic policies** > **Traffic settings**.
+2. Enable **Allow Secure Web Gateway to proxy traffic** for TCP.
 3. (Recommended) To proxy all port `443` traffic, including internal DNS queries, select **UDP**.
 4. (Optional) To scan file uploads and downloads for malware, [enable anti-virus scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/).
 
diff --git a/src/content/glossary/cloudflare-one.yaml b/src/content/glossary/cloudflare-one.yaml
@@ -3,11 +3,11 @@ productName: Cloudflare One
 entries:
   - term: App Launcher
     general_definition: |-
-      the App Launcher portal provides end users with a single dashboard to open applications secured by Cloudflare Zero Trust.
+      the App Launcher portal provides end users with a single dashboard to open applications secured by Cloudflare One.
 
   - term: application
     general_definition: |-
-      the resource protected by Cloudflare Zero Trust, which can be a subdomain, a path, or a SaaS application.
+      the resource protected by Cloudflare One, which can be a subdomain, a path, or a SaaS application.
 
   - term: application token
     general_definition: |-
@@ -19,7 +19,7 @@ entries:
 
   - term: CGNAT IP
     general_definition: |-
-      a unique, virtual IP address assigned to each WARP device from the `100.96.0.0/12` range. You can view the CGNAT IP for a device in **My Team** > **Devices** > **Virtual IPv4/IPv6**.
+      a unique, virtual IP address assigned to each WARP device from the `100.96.0.0/12` range. You can view the CGNAT IP for a device in **Team & Resources** > **Devices** > **Virtual IPv4/IPv6**.
 
   - term: cloudflared
     general_definition: |-
@@ -47,7 +47,7 @@ entries:
 
   - term: Cloudflare DEX
     general_definition: |-
-      Cloudflare Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Zero Trust organization.
+      Cloudflare Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Cloudflare One organization.
 
   - term: Cloudflare Gateway
     general_definition: |-
@@ -91,7 +91,7 @@ entries:
 
   - term: DoH subdomain
     general_definition: |-
-      a unique DoH subdomain for each DNS location in Cloudflare Zero Trust used in WARP client settings.
+      a unique DoH subdomain for each DNS location in Cloudflare One used in WARP client settings.
 
   - term: DNS location
     general_definition: |-
@@ -101,7 +101,7 @@ entries:
 
   - term: fleet
     general_definition: |-
-      a fleet is a collection of user devices. All devices in a fleet have WARP installed and are connected to a [Cloudflare Zero Trust organization](/cloudflare-one/setup/#create-a-zero-trust-organization).
+      a fleet is a collection of user devices. All devices in a fleet have WARP installed and are connected to a [Cloudflare One organization](/cloudflare-one/setup/#create-a-cloudflare-one-organization).
 
   - term: identity provider
     general_definition: |-
@@ -133,7 +133,7 @@ entries:
 
   - term: MCP server portal
     general_definition: |-
-      a web application in Cloudflare Zero Trust that serves as a gateway to multiple MCP servers.
+      a web application in Cloudflare One that serves as a gateway to multiple MCP servers.
 
   - term: MCP server tool
     general_definition: |-
@@ -169,7 +169,7 @@ entries:
 
   - term: remotely-managed tunnel
     general_definition: |-
-      a Cloudflare Tunnel that was created in Zero Trust under **Networks** > **Tunnels**. Tunnel configuration is stored in Cloudflare, which allows you to manage the tunnel from the dashboard or using the API.
+      a Cloudflare Tunnel whose configuration is stored on Cloudflare rather than on your local machine. You can manage the tunnel in the dashboard under **Networks** > **Connectors** or by using the API.
 
   - term: RDP
     general_definition: |-
@@ -241,11 +241,11 @@ entries:
 
   - term: team domain
     general_definition: |-
-      a unique subdomain assigned to your Cloudflare account (for example, `<your-team-name>.cloudflareaccess.com`), where users will find the apps you have secured behind Cloudflare Zero Trust.
+      a unique subdomain assigned to your Cloudflare account (for example, `<your-team-name>.cloudflareaccess.com`), where users will find the apps you have secured behind Cloudflare One.
 
   - term: team name
     general_definition: |-
-      the customizable portion of your team domain (`<your-team-name>.cloudflareaccess.com`). You can view your team name in Zero Trust under **Settings** > **Custom Pages**.
+      the customizable portion of your team domain (`<your-team-name>.cloudflareaccess.com`). You can view your team name in Cloudflare One under **Settings**.
 
   - term: Terraform
     general_definition: |-
@@ -259,11 +259,11 @@ entries:
 
   - term: User risk score
     general_definition: |-
-      Cloudflare Zero Trust user risk score ranks the likelihood of a user to introduce risk to your organization's systems and data based on the detection of security risk behaviors. Risk scores add user and entity behavior analytics (UEBA) to the Zero Trust platform.
+      ranks the likelihood of a user to introduce risk to your organization's systems and data based on the detection of security risk behaviors. Risk scores add user and entity behavior analytics (UEBA) to the Cloudflare One platform.
 
   - term: User risk score level
     general_definition: |-
-      Cloudflare Zero Trust assigns a risk score of Low, Medium or High based on detections of users' activities, posture, and settings. A user's risk score is equal to the highest-level risk behavior they trigger.
+      Cloudflare One assigns a risk score of Low, Medium or High based on detections of users' activities, posture, and settings. A user's risk score is equal to the highest-level risk behavior they trigger.
 
   - term: Virtual network
     general_definition: |-
diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
@@ -64,7 +64,7 @@ Determine whether the user is matching any policy, or if they are matching a pol
 
 ## 6. Are the correct Gateway proxy settings enabled?
 
-Under **Settings** > **Network**, ensure that **Proxy** is enabled for TCP, UDP, and ICMP traffic. UDP is required for proxying DNS traffic and other UDP packets, while ICMP is required for `ping` and other administrative functions.
+Under **Traffic policies** > **Traffic settings**, ensure that **Allow Secure Web Gateway to proxy traffic** is enabled for TCP, UDP, and ICMP traffic. UDP is required for proxying DNS traffic and other UDP packets, while ICMP is required for `ping` and other administrative functions.
 
 ## 7. Is the user's traffic reaching the tunnel?
 
