Require Gateway issue

Require gateway rule is not working on some of my apps. This is really frustrating. Why is this not working?
10 Replies
Chaika
Chaika10mo ago
Are you talking about https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/require-gateway/ ? Can you describe exactly in what way it is not working, and what your policies are? For example, if you're using an "Allow" action, even with Gateway on users would still need to go through an identity provider, would need Service Auth to let them flow straight through
Cloudflare Docs
Require Gateway · Cloudflare Zero Trust docs
With Require Gateway, you can allow access to your applications only to devices enrolled in your organization’s instance of Gateway. Unlike Require …
OptiNation Review
OptiNation ReviewOP9mo ago
My issue is I am having issues with required Gateway rule not protecting certain apps but other apps work just fine with it. Some apps it will show my identity provider when not connected to warp. Other times it will show forbidden when not connected to warp (which is what I want) why are some apps not working? And yes I'm using an allow rule. I've tried include gateway and also require Gateway. Both produce mixed results. Yes, I have intercept TLS enabled in my account. I've tried different browsers which have mixed results. I've tried everything under the sun
Chaika
Chaika9mo ago
Some apps it will show my identity provider
Probably Policies set to Allow, which will always force identity provider
Other times it will show forbidden when not connected to warp (which is what I want) why are some apps not working?
Probably Policies set to Bypass or Service Auth, which will insta fail if not met conditions
I've tried include gateway and also require Gateway.
Include rules in ZT are "ORs", so you only need to meet one of them in the policy. Require are well required to pass.
OptiNation Review
OptiNation ReviewOP9mo ago
Okay and also I just have allow policies. I don't have any bypass or service auth policies
Chaika
Chaika9mo ago
Allow will always go through an identity provider then, it requires an identity. The only exception would be if you were already logged in
OptiNation Review
OptiNation ReviewOP9mo ago
I understand that but some links that I have protected behind access don't do anything. It's like they're not behind access. I should have explained that part too. I apologize It's like there's something wrong with my account
Chaika
Chaika9mo ago
Are they proxied in CF and everything? Or what do you mean "don't do anything"? You just skip right through to the app?
OptiNation Review
OptiNation ReviewOP9mo ago
Yes they are proxied in CF and yes it just skips right through to the app
Chaika
Chaika9mo ago
Is there an example url of one you can give (that isn't sensitive), and the application you set up for it?
OptiNation Review
OptiNation ReviewOP9mo ago
Yes
Want results from more Discord servers?
Add your server