Require Gateway issue
Require gateway rule is not working on some of my apps. This is really frustrating. Why is this not working?
10 Replies
Are you talking about
https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/require-gateway/
?
Can you describe exactly in what way it is not working, and what your policies are?
For example, if you're using an "Allow" action, even with Gateway on users would still need to go through an identity provider, would need
Service Auth to let them flow straight throughCloudflare Docs
Require Gateway · Cloudflare Zero Trust docs
With Require Gateway, you can allow access to your applications only to devices enrolled in your organization’s instance of Gateway. Unlike Require …
My issue is I am having issues with required Gateway rule not protecting certain apps but other apps work just fine with it. Some apps it will show my identity provider when not connected to warp. Other times it will show forbidden when not connected to warp (which is what I want) why are some apps not working?
And yes I'm using an allow rule. I've tried include gateway and also require Gateway. Both produce mixed results. Yes, I have intercept TLS enabled in my account. I've tried different browsers which have mixed results. I've tried everything under the sun
Some apps it will show my identity providerProbably Policies set to Allow, which will always force identity provider
Other times it will show forbidden when not connected to warp (which is what I want) why are some apps not working?Probably Policies set to Bypass or Service Auth, which will insta fail if not met conditions
I've tried include gateway and also require Gateway.Include rules in ZT are "ORs", so you only need to meet one of them in the policy. Require are well required to pass.
Okay and also I just have allow policies. I don't have any bypass or service auth policies
Allow will always go through an identity provider then, it requires an identity. The only exception would be if you were already logged in
I understand that but some links that I have protected behind access don't do anything. It's like they're not behind access. I should have explained that part too. I apologize
It's like there's something wrong with my account
Are they proxied in CF and everything? Or what do you mean "don't do anything"? You just skip right through to the app?
Yes they are proxied in CF and yes it just skips right through to the app
Is there an example url of one you can give (that isn't sensitive), and the application you set up for it?
Yes