Skip to content

[CF1] gateway posture checks note #20995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 21, 2025
Merged

[CF1] gateway posture checks note #20995

merged 3 commits into from
Mar 21, 2025

Conversation

@deadlypants1973
Copy link
Contributor

@deadlypants1973 deadlypants1973 commented Mar 20, 2025

Summary

PCX-9128

Screenshots (optional)

Documentation checklist

  • The documentation style guide has been adhered to.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@deadlypants1973 deadlypants1973 requested review from a team, kennyj42 and ranbel as code owners March 20, 2025 17:47
@deadlypants1973 deadlypants1973 requested a review from kkrum March 20, 2025 17:47
@hyperlint-ai
Copy link
Contributor

hyperlint-ai bot commented Mar 20, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Added a cautionary note regarding the behavior of Gateway posture checks during active sessions.

  • Introduced a caution note explaining that Gateway does not terminate active sessions despite posture check failures.
  • Clarified that posture checks are only evaluated at the beginning of a session.

Modified Files

  • src/content/docs/cloudflare-one/identity/devices/index.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

What is Hyperlint?

Hyperlint is an AI agent that helps you write, edit, and maintain your documentation.

Learn more about the Hyperlint AI reviewer and the checks that we can run on your documentation.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 20, 2025
edited
Loading

Preview URL: https://fa76b054.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-posturewarp.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/identity/devices/ https://kate-fixes-posturewarp.preview.developers.cloudflare.com/cloudflare-one/identity/devices/

ranbel
ranbel reviewed Mar 20, 2025
View reviewed changes
src/content/docs/cloudflare-one/identity/devices/index.mdx Outdated

:::caution

Gateway does not terminate an active session, even if a subsequent posture check fails during that session. Gateway only evaluates posture checks at the beginnning of a session, and ongoing sessions will remain uninterrupted.
Copy link
Contributor

@ranbel ranbel Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What counts as an "active Gateway session"?

Copy link
Contributor

@ranbel ranbel Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We currently have WARP session durations https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/
and Access session durations https://developers.cloudflare.com/cloudflare-one/identity/users/session-management/

Copy link
Contributor

@kkrum kkrum Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the same "Active connections are not terminated" note that is included here: https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#limitations

That same product behavior applies to policies subject to a posture rule whose result changes mid "Active Connection".

deadlypants1973
deadlypants1973 commented Mar 21, 2025
View reviewed changes
marciocloudflare
marciocloudflare approved these changes Mar 21, 2025
View reviewed changes
@deadlypants1973 deadlypants1973 merged commit 6d61cf1 into production Mar 21, 2025
11 checks passed
@deadlypants1973 deadlypants1973 deleted the kate/fixes-posturewarp branch March 21, 2025 17:20
RebeccaTamachiro pushed a commit that referenced this pull request Apr 21, 2025
@deadlypants1973 @marciocloudflare @RebeccaTamachiro
[CF1] gateway posture checks note (#20995)
28d2d3c 
* [CF1] gateway posture checks note

* Update src/content/docs/cloudflare-one/identity/devices/index.mdx

* Update src/content/docs/cloudflare-one/identity/devices/index.mdx

Co-authored-by: marciocloudflare <[email protected]>

---------

Co-authored-by: marciocloudflare <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ranbel ranbel ranbel left review comments

@marciocloudflare marciocloudflare marciocloudflare approved these changes

@kennyj42 kennyj42 Awaiting requested review from kennyj42 kennyj42 is a code owner

@kkrum kkrum Awaiting requested review from kkrum

Assignees

@kennyj42 kennyj42

@ranbel ranbel

Labels

product:cloudflare-one size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@deadlypants1973 @kkrum @marciocloudflare @ranbel @kennyj42