update policies, testing, troubleshooting

ranbel · ranbel · commit f6e3c01265b6 · 2025-05-28T13:50:08.000-04:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr.mdx
@@ -39,32 +39,6 @@ To connect your infrastructure with Cloudflare Tunnel:
 
 If you have applications clearly defined by IPs or hostnames, we recommend [creating an Access application](/cloudflare-one/applications/non-http/self-hosted-private-app/) and managing user access alongside your SaaS and other web apps. Alternatively, if you prefer to secure a private network using a traditional firewall model, you can build Gateway network and DNS policies for IP ranges and domains.
 
-		<Details header="Example network policies">
-		The following example consists of two policies: the first allows specific users to reach your application, and the second blocks all other traffic.
-
-		1. Allow company employees
-
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| Destination IP  | in            | `10.0.0.0/8`   | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
-
-		2. Catch-all block policy
-
-		| Selector       | Operator | Value        | Action |
-		| -------------- | -------- | ------------ | ------ |
-		| Destination IP | in       | `10.0.0.0/8` | Block  |
-
-		</Details>
-
-				<Details header="Example DNS policy">
-
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| Host           | is            | `wiki.internal.local` | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
-		</Details>
-
 For more information on building Gateway policies, refer to [Secure your first application](/learning-paths/replace-vpn/build-policies/create-policy/) and [Common network policies](/cloudflare-one/policies/gateway/network-policies/common-policies/#restrict-access-to-private-networks).
 
 ## 5. Connect as a user
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname.mdx
@@ -127,7 +127,7 @@ For more details on configuring Split Tunnels, refer to [Route private network I
 
 <Render file="tunnel/filter-network-traffic" />
 
-#### Enable Gateway proxy
+#### Enable the Gateway proxy
 
 <Render file="tunnel/enable-gateway-proxy" />
 
@@ -148,25 +148,17 @@ If your private hostname points to an HTTPS application on port 443, you can sec
 
 		1. Allow company employees
 
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| SNI            | is            | `wiki.internal.local` | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
+			<Render file="gateway/policies/restrict-access-to-private-networks-allow" product="cloudflare-one" params={{ selector: "SNI", value: "wiki.internal.local" }} />
 
 		2. Catch-all block policy
 
-		| Selector       | Operator | Value        | Action |
-		| -------------- | -------- | ------------ | ------ |
-		| Destination IP | in       | `10.0.0.0/8` | Block  |
+			<Render file="gateway/policies/restrict-access-to-private-networks-block" product="cloudflare-one" />
 		</Details>
 
 		<Details header="Example DNS policy">
 
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| Host           | is            | `wiki.internal.local` | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
-			</Details>
+			<Render file="gateway/policies/restrict-access-to-private-networks-dns" product="cloudflare-one" />
+		</Details>
 
 
 ##### Non-HTTPS applications
@@ -177,35 +169,28 @@ Access policies and Gateway network policies only support hostname-based filteri
 
 		1. Allow company employees
 
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| Destination IP  | in            | `10.0.0.0/8`   | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
+			<Render file="gateway/policies/restrict-access-to-private-networks-allow" product="cloudflare-one" params={{ selector: "Destination IP", value: "10.0.0.0/8" }} />
 
 		2. Catch-all block policy
 
-		| Selector       | Operator | Value        | Action |
-		| -------------- | -------- | ------------ | ------ |
-		| Destination IP | in       | `10.0.0.0/8` | Block  |
+			<Render file="gateway/policies/restrict-access-to-private-networks-block" product="cloudflare-one" />
 
 		</Details>
 
-
 		<Details header="Example DNS policy">
 
-		| Selector       | Operator      | Value            | Logic | Action |
-		| -------------- | ------------- | ---------------- | ----- | ------ |
-		| Host           | is            | `wiki.internal.local` | And   | Allow  |
-		| User Email     | matches regex | `.*@example.com` |       |        |
+			<Render file="gateway/policies/restrict-access-to-private-networks-dns" product="cloudflare-one" />
 		</Details>
 
+### 7. Test the connection
 
-### 7. Connect as a user
+End users can now reach the application by going to its private hostname. For example, to test an HTTP application, open a browser and go to `wiki.internal.local`.
 
-End users can now reach the application by going to its private hostname. For example, to test an HTTP application, you can open a browser and go to `wiki.internal.local`.
+If you [enabled the Gateway proxy](#enable-the-gateway-proxy), you can view the traffic in your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/).
 
----- what's a good example for a non-HTTP app?---
+### Troubleshooting
 
+For a step-by-step troubleshooting procedure, refer to [Troubleshoot private network connectivity](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/private-networks/).
 
 ## Supported on-ramps/off-ramps
 
diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx
@@ -20,7 +20,7 @@ If WARP is stuck in the `Disconnected` state or frequently changes between `Conn
 
 ## 2. Is the WARP client connecting to your private DNS server?
 
-This step is only needed if users access your application via a private hostname (for example, `wiki.internal.com`).
+This step is only needed if users access your application via a private hostname (for example, `wiki.internal.local`).
 
 - If you are using [custom resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) to handle private DNS, go to your Gateway DNS logs (**Logs** > **Gateway** > **DNS**) and search for DNS queries to the hostname.
 
