diff --git a/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx b/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx index d7ae0556086d172..104e40c2ecf8f2e 100644 --- a/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx +++ b/src/content/docs/cloudflare-one/data-loss-prevention/detection-entries.mdx @@ -52,8 +52,8 @@ To select which Exact Data Match columns to use, you will need to [reupload any
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **Detection entries**. -2. Go to **Datasets**. -3. Select **Add a dataset**. In **Exact Data Match (EDM)**, choose **Select**. +2. From the **Datasets** tab, select **Add a dataset**. +3. Select **Exact Data Match (EDM)**. 4. Upload your dataset file. Select **Next**. 5. Review and choose the detected columns you want to include. Select **Next**. 6. Name your dataset. Optionally, add a description. Select **Next**. @@ -66,8 +66,8 @@ DLP will encrypt your dataset and save its hash.
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **Detection entries**. -2. Go to **Datasets**. -3. Select **Add a dataset**. In **Custom Wordlist (CWL)**, choose **Select**. +2. From the **Datasets** tab, select **Add a dataset**. +3. Select **Custom Wordlist (CWL)**. 4. Name your dataset. Optionally, add a description. 5. (Optional) In **Settings**, turn on **Enforce case sensitivity** to require matched values to contain exact capitalization. 6. In **Upload file**, choose your dataset file. diff --git a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx index de034f810c3ca0f..aa29f4734643b81 100644 --- a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/manage-pii.mdx @@ -23,7 +23,7 @@ Cloudflare Gateway can log the following types of PII: Enabling this setting means Cloudflare Gateway will log activity without storing any employee PII. Changes to this setting will not change PII storage of any previous logs. This means if Exclude PII is enabled and then disabled, there will be no PII data for logs captured while Exclude PII was enabled. The PII data will be unavailable to all roles within your Zero Trust organization, including the Super Admin. -To enable or disable this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Settings** > **Network** > **Exclude PII**. +To enable or disable this setting, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Traffic policies** > **Traffic settings** > **Exclude personally identifiable information (PII) from logs**. ## Redact PII diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx index 67c0d9027a7f160..c4b586f5e1e8d51 100644 --- a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx +++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access.mdx @@ -129,7 +129,7 @@ To turn off SSH command logging, delete your uploaded public key: -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network** > **SSH encryption public key**. +1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings** > **SSH log encryption public key**. 2. Select **Remove**. diff --git a/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx b/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx index fce27e282ed5762..22b5513c5746674 100644 --- a/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx +++ b/src/content/docs/cloudflare-one/remote-browser-isolation/setup/non-identity.mdx @@ -19,6 +19,6 @@ If you want to apply Isolate policies based on user identity, you will need to e - Configure your browser to forward traffic to a Gateway proxy endpoint with [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/). - Connect your enterprise site router to Gateway with the [anycast GRE or IPsec tunnel on-ramp to Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/). 3. Enable non-identity browser isolation: - 1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Browser isolation** > *Browser isolation settings**. - 2. Turn on **Non-identity on-ramp support**. + 1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Browser isolation** > **Browser isolation settings**. + 2. Turn on **Allow isolated HTTP traffic when user identity is unknown**. 4. Build a non-identity [HTTP policy](/cloudflare-one/remote-browser-isolation/isolation-policies/) to isolate websites in a remote browser. diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx index 5ae92d5c7abc072..accbaf0e2e4ae76 100644 --- a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx +++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/require-warp.mdx @@ -31,8 +31,8 @@ Cloudflare One enables you to restrict access to your applications to devices ru ## 1. Enable the WARP check -1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Settings** > **Network**. -2. Ensure that **Proxy** is enabled. +1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**. +2. Ensure that *Allow Secure Web Gateway to proxy traffic** is enabled. 3. Go to **Reusable components** > **Posture checks**. 4. In **WARP client checks**, select **Add a check**. 5. Select **WARP**, then select **Save**. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx index 35640fbd621ef99..ed755713b92a717 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx @@ -129,7 +129,7 @@ The [WARP Diagnostics Analyzer](/cloudflare-one/team-and-resources/devices/warp/ After you run a [DEX remote capture](#option-a-collect-logs-via-the-cloudflare-dashboard) for WARP diagnostics: -1. Go to **DEX** > **Remote captures**. +1. Go to **Insights** > **Digital experience** and select the **Diagnotics** tab. 2. Find your capture in the list of captures. 3. Select the three-dot icon next to **Status** > select **View WARP Diag** to generate an AI summary. diff --git a/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx b/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx index 09b5beb09c610bd..bb5a0de7016251c 100644 --- a/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx +++ b/src/content/docs/cloudflare-one/traffic-policies/egress-policies/dedicated-egress-ips.mdx @@ -20,8 +20,8 @@ An account can have any number of additional dedicated egress IPs. To request ad To start routing traffic through dedicated egress IPs: 1. Contact your account team to obtain a dedicated egress IP. -2. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**. -3. In **Firewall**, turn on **Proxy**. +2. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**. +3. Turn on **Allow Secure Web Gateway to proxy traffic**. 4. Select **TCP**. 5. (Optional) Select **UDP**. This will allow HTTP/3 traffic to egress with your dedicated IPs. diff --git a/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx index 22bd3f5a554ca0b..fc8d9bf2c319d4a 100644 --- a/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx +++ b/src/content/docs/cloudflare-one/traffic-policies/http-policies/file-sandboxing.mdx @@ -49,8 +49,8 @@ flowchart TD To begin quarantining downloaded files, turn on file sandboxing: -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Network**. -2. In **Firewall**, turn on **File sandboxing**. +1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Traffic policies** > **Traffic settings**. +2. Turn on **File sandboxing**. 3. (Optional) To block requests containing [non-scannable files](#non-scannable-files), select **Block requests for files that cannot be scanned**. You can now create [Quarantine HTTP policies](/cloudflare-one/traffic-policies/http-policies/#quarantine) to determine what files to scan in the sandbox. diff --git a/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx b/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx index 0a26ecf0b47b8a7..e792b006526fe91 100644 --- a/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx +++ b/src/content/docs/cloudflare-one/traffic-policies/network-policies/index.mdx @@ -318,7 +318,7 @@ The inferred network protocol based on Cloudflare's [protocol detection](/cloudf :::note -To enable Gateway filtering on TCP and UDP, go to **Settings** > **Network** > **Proxy**. Network policies apply to all enabled protocols unless you use the **Protocol** selector within a policy. +To enable Gateway filtering on TCP and UDP, go to **Traffic policies** > **Traffic settings** > **Allow Secure Web Gateway to proxy traffic**. Network policies apply to all enabled protocols unless you use the **Protocol** selector within a policy. ::: ### Proxy Endpoint diff --git a/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx index 8afb9c357be702f..b274e4098f79f15 100644 --- a/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx +++ b/src/content/docs/learning-paths/secure-internet-traffic/configure-device-agent/enable-proxy.mdx @@ -11,8 +11,8 @@ import { Render } from "~/components"; ## Enable the proxy -1. Go to **Settings** > **Network**. -2. Enable **Proxy** for TCP. +1. Go to **Traffic policies** > **Traffic settings**. +2. Enable **Allow Secure Web Gateway to proxy traffic** for TCP. 3. (Recommended) To proxy all port `443` traffic, including internal DNS queries, select **UDP**. 4. (Optional) To scan file uploads and downloads for malware, [enable anti-virus scanning](/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/). diff --git a/src/content/glossary/cloudflare-one.yaml b/src/content/glossary/cloudflare-one.yaml index 1f5b92535c5c1d0..6ee18347c9931fc 100644 --- a/src/content/glossary/cloudflare-one.yaml +++ b/src/content/glossary/cloudflare-one.yaml @@ -3,11 +3,11 @@ productName: Cloudflare One entries: - term: App Launcher general_definition: |- - the App Launcher portal provides end users with a single dashboard to open applications secured by Cloudflare Zero Trust. + the App Launcher portal provides end users with a single dashboard to open applications secured by Cloudflare One. - term: application general_definition: |- - the resource protected by Cloudflare Zero Trust, which can be a subdomain, a path, or a SaaS application. + the resource protected by Cloudflare One, which can be a subdomain, a path, or a SaaS application. - term: application token general_definition: |- @@ -19,7 +19,7 @@ entries: - term: CGNAT IP general_definition: |- - a unique, virtual IP address assigned to each WARP device from the `100.96.0.0/12` range. You can view the CGNAT IP for a device in **My Team** > **Devices** > **Virtual IPv4/IPv6**. + a unique, virtual IP address assigned to each WARP device from the `100.96.0.0/12` range. You can view the CGNAT IP for a device in **Team & Resources** > **Devices** > **Virtual IPv4/IPv6**. - term: cloudflared general_definition: |- @@ -47,7 +47,7 @@ entries: - term: Cloudflare DEX general_definition: |- - Cloudflare Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Zero Trust organization. + Cloudflare Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Cloudflare One organization. - term: Cloudflare Gateway general_definition: |- @@ -91,7 +91,7 @@ entries: - term: DoH subdomain general_definition: |- - a unique DoH subdomain for each DNS location in Cloudflare Zero Trust used in WARP client settings. + a unique DoH subdomain for each DNS location in Cloudflare One used in WARP client settings. - term: DNS location general_definition: |- @@ -101,7 +101,7 @@ entries: - term: fleet general_definition: |- - a fleet is a collection of user devices. All devices in a fleet have WARP installed and are connected to a [Cloudflare Zero Trust organization](/cloudflare-one/setup/#create-a-zero-trust-organization). + a fleet is a collection of user devices. All devices in a fleet have WARP installed and are connected to a [Cloudflare One organization](/cloudflare-one/setup/#create-a-cloudflare-one-organization). - term: identity provider general_definition: |- @@ -133,7 +133,7 @@ entries: - term: MCP server portal general_definition: |- - a web application in Cloudflare Zero Trust that serves as a gateway to multiple MCP servers. + a web application in Cloudflare One that serves as a gateway to multiple MCP servers. - term: MCP server tool general_definition: |- @@ -169,7 +169,7 @@ entries: - term: remotely-managed tunnel general_definition: |- - a Cloudflare Tunnel that was created in Zero Trust under **Networks** > **Tunnels**. Tunnel configuration is stored in Cloudflare, which allows you to manage the tunnel from the dashboard or using the API. + a Cloudflare Tunnel whose configuration is stored on Cloudflare rather than on your local machine. You can manage the tunnel in the dashboard under **Networks** > **Connectors** or by using the API. - term: RDP general_definition: |- @@ -241,11 +241,11 @@ entries: - term: team domain general_definition: |- - a unique subdomain assigned to your Cloudflare account (for example, `.cloudflareaccess.com`), where users will find the apps you have secured behind Cloudflare Zero Trust. + a unique subdomain assigned to your Cloudflare account (for example, `.cloudflareaccess.com`), where users will find the apps you have secured behind Cloudflare One. - term: team name general_definition: |- - the customizable portion of your team domain (`.cloudflareaccess.com`). You can view your team name in Zero Trust under **Settings** > **Custom Pages**. + the customizable portion of your team domain (`.cloudflareaccess.com`). You can view your team name in Cloudflare One under **Settings**. - term: Terraform general_definition: |- @@ -259,11 +259,11 @@ entries: - term: User risk score general_definition: |- - Cloudflare Zero Trust user risk score ranks the likelihood of a user to introduce risk to your organization's systems and data based on the detection of security risk behaviors. Risk scores add user and entity behavior analytics (UEBA) to the Zero Trust platform. + ranks the likelihood of a user to introduce risk to your organization's systems and data based on the detection of security risk behaviors. Risk scores add user and entity behavior analytics (UEBA) to the Cloudflare One platform. - term: User risk score level general_definition: |- - Cloudflare Zero Trust assigns a risk score of Low, Medium or High based on detections of users' activities, posture, and settings. A user's risk score is equal to the highest-level risk behavior they trigger. + Cloudflare One assigns a risk score of Low, Medium or High based on detections of users' activities, posture, and settings. A user's risk score is equal to the highest-level risk behavior they trigger. - term: Virtual network general_definition: |- diff --git a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx index b4fc070e092651e..0ed7f41fa8a3a7c 100644 --- a/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx +++ b/src/content/partials/cloudflare-one/tunnel/troubleshoot-private-networks.mdx @@ -64,7 +64,7 @@ Determine whether the user is matching any policy, or if they are matching a pol ## 6. Are the correct Gateway proxy settings enabled? -Under **Settings** > **Network**, ensure that **Proxy** is enabled for TCP, UDP, and ICMP traffic. UDP is required for proxying DNS traffic and other UDP packets, while ICMP is required for `ping` and other administrative functions. +Under **Traffic policies** > **Traffic settings**, ensure that **Allow Secure Web Gateway to proxy traffic** is enabled for TCP, UDP, and ICMP traffic. UDP is required for proxying DNS traffic and other UDP packets, while ICMP is required for `ping` and other administrative functions. ## 7. Is the user's traffic reaching the tunnel?