diff --git a/src/assets/images/changelog/email-security/reclassifications-tab.png b/src/assets/images/changelog/email-security/reclassifications-tab.png new file mode 100644 index 000000000000000..d070b58a534ead9 Binary files /dev/null and b/src/assets/images/changelog/email-security/reclassifications-tab.png differ diff --git a/src/assets/images/changelog/magic-firewall/search-with-rule-id.png b/src/assets/images/changelog/magic-firewall/search-with-rule-id.png new file mode 100644 index 000000000000000..c810f14d67e364a Binary files /dev/null and b/src/assets/images/changelog/magic-firewall/search-with-rule-id.png differ diff --git a/src/assets/images/changelog/magic-network-monitoring/get-started.png b/src/assets/images/changelog/magic-network-monitoring/get-started.png new file mode 100644 index 000000000000000..01d913a9138aa45 Binary files /dev/null and b/src/assets/images/changelog/magic-network-monitoring/get-started.png differ diff --git a/src/components/changelog/ProductPills.astro b/src/components/changelog/ProductPills.astro index bafe12f54720822..e242631fce96154 100644 --- a/src/components/changelog/ProductPills.astro +++ b/src/components/changelog/ProductPills.astro @@ -16,7 +16,7 @@ const { products } = await props.parseAsync(Astro.props); const data = await getEntries(products); --- -
+
{ data.map((product) => ( diff --git a/src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx b/src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx new file mode 100644 index 000000000000000..c2116fe11d919d6 --- /dev/null +++ b/src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx @@ -0,0 +1,15 @@ +--- +title: Find security misconfigurations in your AWS cloud environment +description: CASB and DLP with Cloud Data Extraction for AWS cloud environments +date: 2024-11-22T11:00:00Z +products: + - dlp +--- + +import { Render } from "~/components"; + +You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/). + +You can also [connect your AWS compute account](/cloudflare-one/applications/casb/casb-integrations/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration. + + diff --git a/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx b/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx new file mode 100644 index 000000000000000..4f36422934902eb --- /dev/null +++ b/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx @@ -0,0 +1,15 @@ +--- +title: Troubleshoot tunnels with diagnostic logs +description: View tunnel diagnostic logs +date: 2024-12-19T11:00:00Z +--- + +import { Render } from "~/components"; + +The latest `cloudflared` build [2024.12.2](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance. + +A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file. + + + +For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/). diff --git a/src/content/changelog/dlp/2025-01-03-source-code-confidence-level.mdx b/src/content/changelog/dlp/2025-01-03-source-code-confidence-level.mdx new file mode 100644 index 000000000000000..dfd830916bd59d6 --- /dev/null +++ b/src/content/changelog/dlp/2025-01-03-source-code-confidence-level.mdx @@ -0,0 +1,16 @@ +--- +title: Detect source code leaks with Data Loss Prevention +description: Added source code confidence levels to Data Loss Prevention +date: 2025-01-03T11:00:00Z +--- + +import { Render } from "~/components"; + +You can now detect source code leaks with Data Loss Prevention (DLP) with predefined checks against common programming languages. + + + +For more details, refer to [DLP profiles](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/). diff --git a/src/content/changelog/email-security/2024-12-19-reclassification-tab.mdx b/src/content/changelog/email-security/2024-12-19-reclassification-tab.mdx new file mode 100644 index 000000000000000..4a28d27b1922e7f --- /dev/null +++ b/src/content/changelog/email-security/2024-12-19-reclassification-tab.mdx @@ -0,0 +1,15 @@ +--- +title: Increased transparency for phishing email submissions +description: New Email reclassifications tab +date: 2024-12-19T11:00:00Z +--- + +import { Render } from "~/components"; + +You now have more transparency about team and user submissions for phishing emails through a **Reclassification** tab in the Zero Trust dashboard. + +Reclassifications happen when users or admins [submit a phish](/cloudflare-one/email-security/phish-submissions/) to Email Security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models. + +This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are. + +![Use the Reclassification area to review submitted phishing emails](~/assets/images/changelog/email-security/reclassifications-tab.png) diff --git a/src/content/changelog/gateway/2025-02-13-improvements-unscannable-files.mdx b/src/content/changelog/gateway/2025-02-13-improvements-unscannable-files.mdx new file mode 100644 index 000000000000000..7cce7f047cebe93 --- /dev/null +++ b/src/content/changelog/gateway/2025-02-13-improvements-unscannable-files.mdx @@ -0,0 +1,17 @@ +--- +title: Block files that are password-protected, compressed, or otherwise unscannable. +description: Unscannable files for Download and Upload File Types selectors +date: 2025-02-03T11:00:00Z +products: + - dlp +--- + +import { Render } from "~/components"; + +Gateway HTTP policies can now block files that are password-protected, compressed, or otherwise unscannable. + +These unscannable files are now matched with the [Download and Upload File Types traffic selectors](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-file-types) for HTTP policies: + + + +To get started inspecting and modifying behavior based on these and other rules, refer to [HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/). diff --git a/src/content/changelog/magic-cloud-networking/2024-12-05-cloud-onramp-terraform.mdx b/src/content/changelog/magic-cloud-networking/2024-12-05-cloud-onramp-terraform.mdx new file mode 100644 index 000000000000000..b928a26660a5f39 --- /dev/null +++ b/src/content/changelog/magic-cloud-networking/2024-12-05-cloud-onramp-terraform.mdx @@ -0,0 +1,15 @@ +--- +title: Generate customized terrform files for building cloud network on-ramps +description: Download cloud onramp terraform +date: 2024-12-05T11:00:00Z +--- + +import { Render } from "~/components"; + +You can now generate customized terraform files for building cloud network on-ramps to [Magic WAN](/magic-wan/). + +[Magic Cloud](/magic-cloud-networking/) can scan and discover existing network resources and generate the required terraform files to automate cloud resource deployment using their existing infrastructure-as-code workflows for cloud automation. + + + +For more details, refer to [Set up with Terraform](/magic-cloud-networking/cloud-on-ramps/#set-up-with-terraform). diff --git a/src/content/changelog/magic-firewall/2024-10-02-custom-rule-search.mdx b/src/content/changelog/magic-firewall/2024-10-02-custom-rule-search.mdx new file mode 100644 index 000000000000000..05c5e3917a75b9f --- /dev/null +++ b/src/content/changelog/magic-firewall/2024-10-02-custom-rule-search.mdx @@ -0,0 +1,18 @@ +--- +title: Search for custom rules using rule name and/or ID +description: New UI improvements for Magic Firewall +date: 2024-10-02T11:00:00Z +--- + +The Magic Firewall dashboard now allows you to search custom rules using the rule name and/or ID. + +1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account. +2. Go to **Analytics & Logs** > **Network Analytics**. +3. Select **Magic Firewall**. +4. Add a filter for **Rule ID**. + +![Search for firewall rules with rule IDs](~/assets/images/changelog/magic-firewall/search-with-rule-id.png) + +Additionally, the rule ID URL link has been added to Network Analytics. + +For more details abour rules, refer to [Add rules](/magic-firewall/how-to/add-rules/). diff --git a/src/content/changelog/magic-network-monitoring/2024-09-24-magic-network-monitoring.mdx b/src/content/changelog/magic-network-monitoring/2024-09-24-magic-network-monitoring.mdx new file mode 100644 index 000000000000000..ad2d0f4dc92e954 --- /dev/null +++ b/src/content/changelog/magic-network-monitoring/2024-09-24-magic-network-monitoring.mdx @@ -0,0 +1,14 @@ +--- +title: Try out Magic Network Monitoring +description: The free version of Magic Network Monitoring is available to all customers +date: 2024-09-24T11:00:00Z +--- + +The free version of Magic Network Monitoring (MNM) is now available to everyone with a Cloudflare account by default. + +1. Log in to your [Cloudflare dashboard](https://dash.cloudflare.com), and select your account. +2. Go to **Analytics & Logs** > **Magic Monitoring**. + +![Try out the free version of Magic Network Monitoring](~/assets/images/changelog/magic-network-monitoring/get-started.png) + +For more details, refer to the [Get started guide](/magic-network-monitoring/get-started/). diff --git a/src/content/changelog/magic-wan/2025-02-14-local-console-access.mdx b/src/content/changelog/magic-wan/2025-02-14-local-console-access.mdx new file mode 100644 index 000000000000000..741ae819498f71c --- /dev/null +++ b/src/content/changelog/magic-wan/2025-02-14-local-console-access.mdx @@ -0,0 +1,11 @@ +--- +title: Configure your Magic WAN Connector to connect via static IP assigment +description: Local console access for bootstrapping Magic WAN Connector +date: 2025-02-14T11:00:00Z +--- + +You can now locally configure your [Magic WAN Connector](/magic-wan/configuration/connector/) to work in a static IP configuration. + +This local method does not require having access to a DHCP Internet connection. However, it does require being comfortable with using tools to access the serial port on Magic WAN Connector as well as using a serial terminal client to access the Connector's environment. + +For more details, refer to [WAN with a static IP address](/magic-wan/configuration/connector/configure-hardware-connector/#bootstrap-via-serial-console). diff --git a/src/content/changelog/network-interconnect/2024-12-17-bgp-support-cni.mdx b/src/content/changelog/network-interconnect/2024-12-17-bgp-support-cni.mdx new file mode 100644 index 000000000000000..4b4e4f115f5d9a7 --- /dev/null +++ b/src/content/changelog/network-interconnect/2024-12-17-bgp-support-cni.mdx @@ -0,0 +1,12 @@ +--- +title: Establish BGP peering over Direct CNI circuits +description: BGP support for Cloudflare Network Interconnect (CNI) +date: 2024-12-17T11:00:00Z +products: + - magic-transit + - magic-wan +--- + +import { Render } from "~/components"; + + diff --git a/src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx b/src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx new file mode 100644 index 000000000000000..f509ee8db3e1c3a --- /dev/null +++ b/src/content/changelog/risk-score/2024-06-17-okta-risk-exchange.mdx @@ -0,0 +1,11 @@ +--- +title: Exchange user risk scores with Okta +description: Okta risk exchange +date: 2024-06-17T11:00:00Z +--- + +import { Render } from "~/components"; + +Beyond the controls in [Zero Trust](/cloudflare-one/), you can now [exchange user risk scores](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies. + + diff --git a/src/content/changelog/zero-trust-warp/2024-06-16-cloudflare-one.mdx b/src/content/changelog/zero-trust-warp/2024-06-16-cloudflare-one.mdx new file mode 100644 index 000000000000000..95c890d755759bf --- /dev/null +++ b/src/content/changelog/zero-trust-warp/2024-06-16-cloudflare-one.mdx @@ -0,0 +1,50 @@ +--- +title: Explore product updates for Cloudflare One +description: New changelog format for Cloudflare One +products: + - access + - browser-isolation + - casb + - cloudflare-tunnel + - dex + - dlp + - email-security + - gateway + - magic-cloud-networking + - magic-firewall + - magic-network-monitoring + - magic-transit + - magic-wan + - network-interconnect + - risk-score +date: 2024-06-16T11:00:00Z +--- + +import { Details } from "~/components"; + +Welcome to your new home for product updates on [Cloudflare One](/cloudflare-one/). + +Our [new changelog](/changelog/) lets you read about changes in much more depth, offering in-depth examples, images, code samples, and even gifs. + +If you are looking for older product updates, refer to the following locations. + +
+ +- [Access](/cloudflare-one/changelog/access/) +- [Browser Isolation](/cloudflare-one/changelog/browser-isolation/) +- [CASB](/cloudflare-one/changelog/casb/) +- [Cloudflare Tunnel](/cloudflare-one/changelog/tunnel/) +- [Data Loss Prevention](/cloudflare-one/changelog/dlp/) +- [Digital Experience Monitoring](/cloudflare-one/changelog/dex/) +- [Email Security](/cloudflare-one/changelog/email-security/) +- [Gateway](/cloudflare-one/changelog/gateway/) +- [Magic Cloud Networking](/magic-cloud-networking/changelog/) +- [Magic Firewall](/magic-firewall/changelog/) +- [Magic Network Monitoring](/magic-network-monitoring/changelog/) +- [Magic Transit](/magic-transit/changelog/) +- [Magic WAN](/magic-wan/changelog/) +- [Network Interconnect](/network-interconnect/changelog/) +- [Risk score](/cloudflare-one/changelog/risk-score/) +- [Zero Trust WARP Client](/cloudflare-one/changelog/warp/) + +
diff --git a/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-macos.mdx b/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-macos.mdx new file mode 100644 index 000000000000000..dd784a3a61fbd1b --- /dev/null +++ b/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-macos.mdx @@ -0,0 +1,22 @@ +--- +title: WARP client for macOS (version 2025.2.460.1) +description: WARP client for macOS (version 2025.2.460.1) +date: 2025-03-13T11:00:00Z +--- + +A new beta release for the macOS WARP client is now available on the [Downloads page](/cloudflare-one/connections/connect-devices/warp/download-warp/beta-releases/). This release contains significant improvements to our captive portal / public Wi-Fi detection logic. If you have experienced captive portal issues in the past, re-test and give this version a try. + +**Changes and improvements** + +- Improved [captive portal detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/captive-portals/) to make more public networks compatible and have faster detection. +- Improved error messages shown in the app. +- WARP tunnel protocol details can now be viewed using the `warp-cli tunnel stats` + command. +- Fixed issue with device revocation and re-registration when switching + configurations. + +**Known issues** + +- macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP + client may not behave as expected. Cloudflare recommends the use of macOS 15.3 + or later. diff --git a/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-windows.mdx b/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-windows.mdx new file mode 100644 index 000000000000000..3c8e385dbd6c4f5 --- /dev/null +++ b/src/content/changelog/zero-trust-warp/2025-03-13-warp-beta-windows.mdx @@ -0,0 +1,39 @@ +--- +title: WARP client for Windows (version 2025.2.460.1) +description: WARP client for Windows (version 2025.2.460.1) +date: 2025-02-03T11:00:00Z +--- + +A new beta release for the Windows WARP client is now available on the [Downloads page](/cloudflare-one/connections/connect-devices/warp/download-warp/beta-releases/). This release contains significant improvements to our captive portal / public Wi-Fi detection logic. If you have experienced captive portal issues in the past, re-test and give this version a try. + +**Changes and improvements** + +- Improved [captive portal detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/captive-portals/) to make more public networks compatible + and have faster detection. +- Improved error messages shown in the app. +- Added the ability to control if the WARP interface IPs are [registered with + DNS servers](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#warp-interface-ip-dns-registration) or not. +- Removed DNS logs view from the Windows client GUI. DNS logs can be viewed as + part of `warp-diag` or by viewing the log file on the user's local directory. +- Fixed issue that would result in a user receiving multiple re-authentication + requests when waking their device from sleep. +- WARP tunnel protocol details can now be viewed using the `warp-cli tunnel stats` + command. +- Improvements to [Windows multi-user](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/windows-multiuser/) including support for fast user + switching. If you are interested in testing this feature, reach out to + your Cloudflare account team. +- Fixed issue with device revocation and re-registration when switching + configurations. +- Fixed issue where DEX tests would run during certain sleep states where the + networking stack was not fully up. This would result in failures that would be + ignored. + +**Known issues** + +- DNS resolution may be broken when the following conditions are all true: + + - WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode. + - A custom DNS server address is configured on the primary network adapter. + - The custom DNS server address on the primary network adapter is changed while WARP is connected. + + To work around this issue, reconnect the WARP client by toggling off and back on. diff --git a/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx b/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx index 10b2f8d713f2095..aa4af35a3f4e679 100644 --- a/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx +++ b/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx @@ -8,7 +8,10 @@ import { Render } from "~/components"; ## Integration prerequisites @@ -32,13 +35,7 @@ You can connect an AWS compute account to your CASB integration to perform [Data ### Add a compute account -To connect a compute account to your AWS integration: - -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**. -2. Find and select your AWS integration. -3. Select **Open connection instructions**. -4. Follow the instructions provided to connect a new compute account. -5. Select **Refresh**. + You can only connect one computer account to an integration. To remove a compute account, select **Manage compute accounts**. diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx index 7606ab666dbf67a..ad2e2951e9e47fd 100644 --- a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx @@ -6,7 +6,7 @@ sidebar: label: Diagnostic logs --- -import {Details} from "~/components"; +import { Details, Render } from "~/components"; Cloudflare Tunnel generates a set of diagnostic logs that can be used to troubleshoot issues with `cloudflared`. A diagnostic report collects data from a single instance of `cloudflared` running on the local machine. @@ -22,25 +22,25 @@ The steps for getting diagnostic logs depend on your `cloudflared` deployment en These instructions apply to remotely-managed and locally-managed tunnels running directly on the host machine. -1. (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: +1. (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions: - ```sh - sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute - ``` + ```sh + sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute + ``` - If you do not set `cap_net_raw`, then traceroute data will be unavailable. + If you do not set `cap_net_raw`, then traceroute data will be unavailable. -2. Get diagnostic logs: +2. Get diagnostic logs: - ```sh - cloudflared tunnel diag - ``` + ```sh + cloudflared tunnel diag + ``` - If multiple instances of `cloudflared` are running on the same host, specify the [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#configure-the-metrics-server-address) for the instance you want to diagnose. For example: + If multiple instances of `cloudflared` are running on the same host, specify the [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#configure-the-metrics-server-address) for the instance you want to diagnose. For example: - ```sh - cloudflared tunnel diag --metrics 127.0.0.1:20241 - ``` + ```sh + cloudflared tunnel diag --metrics 127.0.0.1:20241 + ``` This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. @@ -48,47 +48,47 @@ This command will output the status of each diagnostic task and place a `cloudfl `cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). To get diagnostic logs, the metrics server must be exposed from the Docker container and reachable from the host machine. -1. Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker. +1. Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker. -2. Ensure the container is deployed with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1: +2. Ensure the container is deployed with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1: - ```sh - docker run -d -p 20241: docker.io/cloudflare/cloudflared tunnel ... - ``` + ```sh + docker run -d -p 20241: docker.io/cloudflare/cloudflared tunnel ... + ``` -3. Verify that you can reach the metrics server address from the Docker host environment: +3. Verify that you can reach the metrics server address from the Docker host environment: - ```sh - curl localhost:20241/diag/tunnel - ``` + ```sh + curl localhost:20241/diag/tunnel + ``` - This command should return a JSON: - ```json - { - "tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f", - "connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523", - "connections": [ - { "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2}, - {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3} - ], - "icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"] - } - ``` + This command should return a JSON: + ```json + { + "tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f", + "connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523", + "connections": [ + { "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2}, + {"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3} + ], + "icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"] + } + ``` -4. Run the diagnostic using the Docker container ID: +4. Run the diagnostic using the Docker container ID: - ```sh - cloudflared tunnel diag --diag-container-id= - ``` + ```sh + cloudflared tunnel diag --diag-container-id= + ``` - Alternatively, you can specify the container's name instead of its ID: - ```sh - cloudflared tunnel diag --diag-container-id= - ``` + Alternatively, you can specify the container's name instead of its ID: + ```sh + cloudflared tunnel diag --diag-container-id= + ``` - Running the diagnostic command with the container ID allows `cloudflared` to collect information from the Docker environment such as logs and container details. + Running the diagnostic command with the container ID allows `cloudflared` to collect information from the Docker environment such as logs and container details. This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. @@ -96,55 +96,39 @@ This command will output the status of each diagnostic task and place a `cloudfl The diagnostic feature will request data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/) using ports `20241` to `20245`. You will need to use port forwarding to allow the local `cloudflared` instance to connect to the metrics server on one of these ports. -1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address). +1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address). -2. Enable port forwarding: +2. Enable port forwarding: - ```sh - kubectl port-forward : - ``` + ```sh + kubectl port-forward : + ``` - - ``: Name of the pod where the tunnel is running - - `` is any local port in the range `20241` to `20245`. - - `` is the Kubernetes pod port for the `cloudflared` instance you want to diagnose (obtained in Step 1). + - ``: Name of the pod where the tunnel is running + - `` is any local port in the range `20241` to `20245`. + - `` is the Kubernetes pod port for the `cloudflared` instance you want to diagnose (obtained in Step 1). - For example, if you set the metrics server address to `0.0.0.0:12345`: + For example, if you set the metrics server address to `0.0.0.0:12345`: - ```sh - kubectl port-forward cloudflared-6d4897585b-r8kfz 20244:12345 - ``` - Connections made to local port `20244` are forwarded to port `12345` of the pod that is running the tunnel. + ```sh + kubectl port-forward cloudflared-6d4897585b-r8kfz 20244:12345 + ``` + Connections made to local port `20244` are forwarded to port `12345` of the pod that is running the tunnel. -3. Run the diagnostic: +3. Run the diagnostic: - ```sh - cloudflared tunnel diag --diag-pod-id= - ``` + ```sh + cloudflared tunnel diag --diag-pod-id= + ``` - If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name: + If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name: - ```sh - cloudflared tunnel diag --diag-pod-id= --diag-container-id= - ``` + ```sh + cloudflared tunnel diag --diag-pod-id= --diag-container-id= + ``` This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory. ## cloudflared-diag files -The `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host instance. - -| File name | Description | Instance | -| -| - | - | -| `cli-configuration.json`| [Tunnel run parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/) used when starting the tunnel | diagnosee| -| `cloudflared_logs.txt` | [Tunnel log file](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/)[^1] | diagnosee| -| `configuration.json` | Tunnel configuration parameters | diagnosee| -| `goroutine.pprof` | goroutine profile made available by `pprof` | diagnosee| -| `heap.pprof` | heap profile made available by `pprof`| diagnosee| -| `metrics.txt` | Snapshot of [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#available-metrics) at the time of diagnosis | diagnosee| -| `network.txt` | JSON traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser| -| `raw-network.txt` | Raw traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser| -| `systeminformation.json` | Operating system information and resource usage | diagnosee| -| `task-result.json` | Result of each diagnostic task | diagnoser | -| `tunnelstate.json` | Tunnel connections at the time of diagnosis| diagnosee| - -[^1]: If the log file is blank, you may need to [set `--loglevel` to `debug`](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. The `--loglevel` parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes. \ No newline at end of file + diff --git a/src/content/docs/cloudflare-one/insights/risk-score.mdx b/src/content/docs/cloudflare-one/insights/risk-score.mdx index 4a27f384121fdcf..51f4eff9a97b942 100644 --- a/src/content/docs/cloudflare-one/insights/risk-score.mdx +++ b/src/content/docs/cloudflare-one/insights/risk-score.mdx @@ -8,6 +8,8 @@ head: content: User risk score --- +import { Render } from "~/components"; + :::note Only available on Enterprise plans. @@ -38,22 +40,7 @@ If required, you can reset risk scores for specific users. Once reset, users wil In addition to controls in Zero Trust, Okta users can send risk scores to Okta to apply SSO-level policies. -First, configure Zero Trust to send user risk scores to Okta. - -1. Set up the [Okta SSO integration](/cloudflare-one/identity/idp-integration/okta/). -2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**. -3. In **Login methods**, locate your Okta integration and select **Edit**. -4. Turn on **Send risk score to Okta**. -5. Select **Save**. -6. Upon saving, Zero Trust will display the well-known URL for your organization. Copy the value. - -Next, configure Okta to receive your risk scores. - -1. On your Okta admin dashboard, go to **Security** > **Device Integrations**. -2. Go to **Receive shared signals**, then select **Create stream**. -3. Name your integration. In **Set up integration with**, choose _Well-known URL_. -4. In **Well-known URL**, enter the well-known URL value provided by Zero Trust. -5. Select **Create**. + For more information on configuring user risk score within Okta, refer to the [Okta documentation](https://help.okta.com/oie/en-us/content/topics/itp/overview.htm). diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx index 4d2d34f1b1ea038..7c7c040e3097e1d 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx @@ -78,17 +78,4 @@ The following national identifier detections are validated algorithmically when ## Source Code -The following programming languages are validated with natural language processing (NLP). - -- C -- C++ -- C# -- Go -- Haskell -- Java -- JavaScript -- Lua -- Python -- R -- Rust -- Swift + diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx index a21459966fc5dda..b43252245c49afa 100644 --- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx +++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx @@ -527,10 +527,7 @@ These selectors will scan file signatures in the HTTP body. You can select from **Unscannable** -- Password-protected Microsoft Office document -- Password-protected PDF -- Password-protected ZIP archive -- Unscannable ZIP archive + diff --git a/src/content/docs/network-interconnect/express-cni/bgp-peering.mdx b/src/content/docs/network-interconnect/express-cni/bgp-peering.mdx index dd41dd0344cdeda..d23c406748cb3de 100644 --- a/src/content/docs/network-interconnect/express-cni/bgp-peering.mdx +++ b/src/content/docs/network-interconnect/express-cni/bgp-peering.mdx @@ -5,15 +5,6 @@ sidebar: title: BGP peering --- -Magic WAN and Magic Transit customers can use the Cloudflare dashboard to configure and manage BGP peering between their networks and their Magic routing table when using a Direct CNI on-ramp. +import { Render } from "~/components"; -Using BGP peering with a CNI allows customers to: -- Automate the process of adding or removing networks and subnets. -- Take advantage of failure detection and session recovery features. - -With this functionality, customers can: -- Establish an eBGP session between their devices and the Magic WAN / Magic Transit service when connected via CNI. -- Secure the session by MD5 authentication to prevent misconfigurations. -- Exchange routes dynamically between their devices and their Magic routing table. - -Refer to [Magic WAN BGP peering](/magic-wan/configuration/manually/how-to/bgp-peering/) or [Magic Transit BGP peering](/magic-transit/how-to/bgp-peering/) to learn more about this feature and how to set it up. \ No newline at end of file + diff --git a/src/content/partials/cloudflare-one/casb/aws-compute-account.mdx b/src/content/partials/cloudflare-one/casb/aws-compute-account.mdx new file mode 100644 index 000000000000000..6d0266e78695c02 --- /dev/null +++ b/src/content/partials/cloudflare-one/casb/aws-compute-account.mdx @@ -0,0 +1,11 @@ +--- +{} +--- + +To connect a compute account to your AWS integration: + +1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**. +2. Find and select your AWS integration. +3. Select **Open connection instructions**. +4. Follow the instructions provided to connect a new compute account. +5. Select **Refresh**. diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/programming-language-list.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/programming-language-list.mdx new file mode 100644 index 000000000000000..de91e0d2d1db3b8 --- /dev/null +++ b/src/content/partials/cloudflare-one/data-loss-prevention/programming-language-list.mdx @@ -0,0 +1,18 @@ +--- +{} +--- + +The following programming languages are validated with natural language processing (NLP). + +- C +- C++ +- C# +- Go +- Haskell +- Java +- JavaScript +- Lua +- Python +- R +- Rust +- Swift diff --git a/src/content/partials/cloudflare-one/gateway/policies/unscannable-files.mdx b/src/content/partials/cloudflare-one/gateway/policies/unscannable-files.mdx new file mode 100644 index 000000000000000..3941482e85c35a1 --- /dev/null +++ b/src/content/partials/cloudflare-one/gateway/policies/unscannable-files.mdx @@ -0,0 +1,8 @@ +--- +{} +--- + +- Password-protected Microsoft Office document +- Password-protected PDF +- Password-protected ZIP archive +- Unscannable ZIP archive diff --git a/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx b/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx new file mode 100644 index 000000000000000..2ada0b4daf76e9c --- /dev/null +++ b/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx @@ -0,0 +1,20 @@ +--- +{} +--- + +First, configure Zero Trust to send user risk scores to Okta. + +1. Set up the [Okta SSO integration](/cloudflare-one/identity/idp-integration/okta/). +2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**. +3. In **Login methods**, locate your Okta integration and select **Edit**. +4. Turn on **Send risk score to Okta**. +5. Select **Save**. +6. Upon saving, Zero Trust will display the well-known URL for your organization. Copy the value. + +Next, configure Okta to receive your risk scores. + +1. On your Okta admin dashboard, go to **Security** > **Device Integrations**. +2. Go to **Receive shared signals**, then select **Create stream**. +3. Name your integration. In **Set up integration with**, choose _Well-known URL_. +4. In **Well-known URL**, enter the well-known URL value provided by Zero Trust. +5. Select **Create**. diff --git a/src/content/partials/cloudflare-one/tunnel/tunnel-diag-file.mdx b/src/content/partials/cloudflare-one/tunnel/tunnel-diag-file.mdx new file mode 100644 index 000000000000000..68b0fe9e947662e --- /dev/null +++ b/src/content/partials/cloudflare-one/tunnel/tunnel-diag-file.mdx @@ -0,0 +1,21 @@ +--- +{} +--- + +The `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host instance. + +| File name | Description | Instance | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | +| `cli-configuration.json` | [Tunnel run parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/) used when starting the tunnel | diagnosee | +| `cloudflared_logs.txt` | [Tunnel log file](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/)[^1] | diagnosee | +| `configuration.json` | Tunnel configuration parameters | diagnosee | +| `goroutine.pprof` | goroutine profile made available by `pprof` | diagnosee | +| `heap.pprof` | heap profile made available by `pprof` | diagnosee | +| `metrics.txt` | Snapshot of [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#available-metrics) at the time of diagnosis | diagnosee | +| `network.txt` | JSON traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser | +| `raw-network.txt` | Raw traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser | +| `systeminformation.json` | Operating system information and resource usage | diagnosee | +| `task-result.json` | Result of each diagnostic task | diagnoser | +| `tunnelstate.json` | Tunnel connections at the time of diagnosis | diagnosee | + +[^1]: If the log file is blank, you may need to [set `--loglevel` to `debug`](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. The `--loglevel` parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes. diff --git a/src/content/partials/magic-cloud-networking/magic-wan-on-ramps.mdx b/src/content/partials/magic-cloud-networking/magic-wan-on-ramps.mdx index 9bce18be4a951b1..ba74ac04248721c 100644 --- a/src/content/partials/magic-cloud-networking/magic-wan-on-ramps.mdx +++ b/src/content/partials/magic-cloud-networking/magic-wan-on-ramps.mdx @@ -3,7 +3,7 @@ params: - mwanAccount --- -import { Markdown } from "~/components"; +import { Markdown, Render } from "~/components"; Magic Cloud Networking (beta) allows you to create on-ramps from your cloud networks to Magic WAN. Cloudflare will create virtual private network (VPN) tunnels between Magic WAN and your cloud provider, configuring both sides of the connection on your behalf. Cloudflare orchestrates the cloud provider's native VPN functionality, without requiring deployment of any additional compute virtual machines (VMs). @@ -43,11 +43,11 @@ Choose this option if you have a single virtual private cloud (VPC) in your clou 6. From the drop-down menu, choose your cloud provider. You can choose between AWS, GCP and Azure. Then, select **Continue**. 7. Select the network that you want to connect to. This list comes from the [cloud integrations](/magic-cloud-networking/get-started/) you have already set up. When you are done, select **Continue**. 8. **Configure route propagation** shows where Cloudflare will install the new routes. Installing these routes is required to correctly configure both Magic WAN and your cloud provider, and ensure successful communication between them: - - **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. - :::caution[Warning] - Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. - ::: - - **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. + - **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. + :::caution[Warning] + Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. + ::: + - **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. 9. Select **Continue**. Applying your settings might take a few seconds to complete. 10. Review the changes in your cloud environment, and select **Approve changes**. @@ -76,20 +76,20 @@ When you configure a hub on-ramp, Cloudflare always manages the VPN tunnel betwe 5. Give your new on-ramp a name and a description (optional), then select **Continue**. 6. From the drop-down menu, choose your cloud provider. You can choose between AWS, GCP, and Azure. Then, select **Continue**. 7. Choose an existing hub. This list comes from the [cloud integrations](/magic-cloud-networking/get-started/) you have already set up. When you are done, select **Continue**. -8. (*Optional*) In **VPC peering configuration**, you can enable **Manage VPC peering**. This allows Cloudflare to attach your chosen VPCs to the hub: - 1. Select **Manage VPC peering** to enable this feature. - 2. Choose the VPCs you want Cloudflare to attach to the hub. +8. (_Optional_) In **VPC peering configuration**, you can enable **Manage VPC peering**. This allows Cloudflare to attach your chosen VPCs to the hub: + 1. Select **Manage VPC peering** to enable this feature. + 2. Choose the VPCs you want Cloudflare to attach to the hub. 9. Select **Continue**. -10. (*Optional*) In **Configure hub peering**, you can enable **Manage hub peering**. Enabling this option allows Cloudflare to attach remote hubs you have chosen to this hub (establishing connectivity between VPCs attached to any of the peered hubs): - 1. Select **Manage hub peering** to enable this feature. - 2. Select the remote hubs you want Cloudflare to attach to this hub. +10. (_Optional_) In **Configure hub peering**, you can enable **Manage hub peering**. Enabling this option allows Cloudflare to attach remote hubs you have chosen to this hub (establishing connectivity between VPCs attached to any of the peered hubs): + 1. Select **Manage hub peering** to enable this feature. + 2. Select the remote hubs you want Cloudflare to attach to this hub. 11. Select **Continue**. 12. **Configure route propagation** shows where Cloudflare will install the new routes. Installing these routes is required to correctly configure both Magic WAN and your cloud provider, and ensure successful communication between them: - 1. **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. - :::caution[Warning] - Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. - ::: - 2. **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. + 1. **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. + :::caution[Warning] + Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. + ::: + 2. **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. 13. Select **Continue**. Applying your settings might take a few seconds to complete. 14. Review the changes in your cloud environment, and select **Approve changes**. @@ -103,24 +103,24 @@ You have successfully created your Magic WAN on-ramp. However, on-ramp creation 4. Go to **Create a new hub & connect it to Cloudflare** > **Select**. 5. Give your new on-ramp a name and a description (optional), then select **Continue**. 6. Configure your cloud in **Select your cloud details**: - 1. From the drop-down menu, choose your cloud provider. You can choose between AWS, GCP, and Azure. - 2. Choose an existing integration. This list comes from the [cloud integrations](/magic-cloud-networking/get-started/) you have already set up. - 3. Choose a region in which to create the new hub. - 4. Select **Continue**. -7. (*Optional*) In **VPC peering configuration**, you can enable **Manage VPC peering**. This allows Cloudflare to attach your chosen VPCs to the hub: - 1. Select **Manage VPC peering** to enable this feature. - 2. Choose the VPCs you want Cloudflare to attach to the hub. + 1. From the drop-down menu, choose your cloud provider. You can choose between AWS, GCP, and Azure. + 2. Choose an existing integration. This list comes from the [cloud integrations](/magic-cloud-networking/get-started/) you have already set up. + 3. Choose a region in which to create the new hub. + 4. Select **Continue**. +7. (_Optional_) In **VPC peering configuration**, you can enable **Manage VPC peering**. This allows Cloudflare to attach your chosen VPCs to the hub: + 1. Select **Manage VPC peering** to enable this feature. + 2. Choose the VPCs you want Cloudflare to attach to the hub. 8. Select **Continue**. -9. (*Optional*) In **Configure hub peering**, you can enable **Manage hub peering**. Enabling this option allows Cloudflare to attach remote hubs you have chosen to this hub (establishing connectivity between VPCs attached to any of the peered hubs): - 1. Select **Manage hub peering** to enable this feature. - 2. Select the remote hubs you want Cloudflare to attach to this hub. +9. (_Optional_) In **Configure hub peering**, you can enable **Manage hub peering**. Enabling this option allows Cloudflare to attach remote hubs you have chosen to this hub (establishing connectivity between VPCs attached to any of the peered hubs): + 1. Select **Manage hub peering** to enable this feature. + 2. Select the remote hubs you want Cloudflare to attach to this hub. 10. Select **Continue**. 11. **Configure route propagation** shows where Cloudflare will install the new routes. Installing these routes is required to correctly configure both Magic WAN and your cloud provider, and ensure successful communication between them: - 1. **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. - :::caution[Warning] - Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. - ::: - 2. **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. + 1. **Add routes for your Magic WAN address space to your cloud network**: Select this option to install routes for reaching Magic WAN in your cloud network's route tables (refer to [Magic WAN Address Space](#magic-wan-address-space) to learn what routes are installed and how to customize them). If you prefer to do this manually, unselect this option. + :::caution[Warning] + Cloudflare recommends that you leave this option selected. If you unselect **Add routes for your Magic WAN address space to your cloud network**, you will need to manually create all the required configurations to allow Magic WAN to connect to your cloud, such as routing tables, transit gateways, and VPNs. Refer to the [Magic WAN How to](/magic-wan/configuration/manually/how-to/) section, or consult the documentation for your cloud provider for more information. + ::: + 2. **Add routes for your cloud network to Magic WAN**: Select this option to create routes for reaching your cloud network in Magic WAN. 12. Select **Continue**. Applying your settings might take a few seconds to complete. 13. Review the changes in your cloud environment, and select **Approve changes**. @@ -128,10 +128,9 @@ You have successfully created your Magic WAN on-ramp. However, on-ramp creation ## Set up with Terraform -You can download a Terraform configuration for a cloud on-ramp. You might want to do this to: +You can download a Terraform configuration for a cloud on-ramp. -- Review the proposed configuration for an on-ramp before deploying it with Cloudflare. -- Deploy the on-ramp using your own infrastructure-as-code pipeline instead of deploying it with Cloudflare. + The download will contain two files: @@ -215,4 +214,4 @@ You can view estimated costs associated with your cloud resources in the Cloudfl 2. Select **Magic WAN** > **Cloud on-ramps**. 3. Find the cloud on-ramp for which you want to check the estimated costs. 4. Select the three dots > **Associated Resources**. -5. In the **Associated Resources** page, you can view the estimated monthly costs for all the resources associated with the on-ramp you chose. You can also search for a specific resource using the search box. \ No newline at end of file +5. In the **Associated Resources** page, you can view the estimated monthly costs for all the resources associated with the on-ramp you chose. You can also search for a specific resource using the search box. diff --git a/src/content/partials/magic-cloud-networking/terraform-setup-scenarios.mdx b/src/content/partials/magic-cloud-networking/terraform-setup-scenarios.mdx new file mode 100644 index 000000000000000..b70f6552a36cce4 --- /dev/null +++ b/src/content/partials/magic-cloud-networking/terraform-setup-scenarios.mdx @@ -0,0 +1,8 @@ +--- +{} +--- + +You might want to do this to: + +- Review the proposed configuration for an on-ramp before deploying it with Cloudflare. +- Deploy the on-ramp using your own infrastructure-as-code pipeline instead of deploying it with Cloudflare. diff --git a/src/content/partials/network-interconnect/bgp-peering-overview.mdx b/src/content/partials/network-interconnect/bgp-peering-overview.mdx new file mode 100644 index 000000000000000..7f431899e43fa10 --- /dev/null +++ b/src/content/partials/network-interconnect/bgp-peering-overview.mdx @@ -0,0 +1,18 @@ +--- +{} +--- + +Magic WAN and Magic Transit customers can use the Cloudflare dashboard to configure and manage BGP peering between their networks and their Magic routing table when using a Direct CNI on-ramp. + +Using BGP peering with a CNI allows customers to: + +- Automate the process of adding or removing networks and subnets. +- Take advantage of failure detection and session recovery features. + +With this functionality, customers can: + +- Establish an eBGP session between their devices and the Magic WAN / Magic Transit service when connected via CNI. +- Secure the session by MD5 authentication to prevent misconfigurations. +- Exchange routes dynamically between their devices and their Magic routing table. + +Refer to [Magic WAN BGP peering](/magic-wan/configuration/manually/how-to/bgp-peering/) or [Magic Transit BGP peering](/magic-transit/how-to/bgp-peering/) to learn more about this feature and how to set it up. diff --git a/src/content/products/risk-score.yaml b/src/content/products/risk-score.yaml new file mode 100644 index 000000000000000..00ba51800e48bda --- /dev/null +++ b/src/content/products/risk-score.yaml @@ -0,0 +1,7 @@ +name: Risk Score + +product: + title: Risk Score + group: Cloudflare One + url: /cloudflare-one/insights/risk-score/ + show: false