I am facing a similar issue in my setup but under different circumstances. For instance, I have multiple endpoints that require Gateway device posture which work well when they are accessed from Belgium (where I live). However, when I tried accessing the same endpoints the next day from another country I received 403 Forbidden from Cloudflare. There is no Gateway Network or Application Policy to enforce a specific Geolocation. This is an abnormal behaviour since with the exact same setup I was able accessing my endpoints from the same country (where now I have this issue) a month or two ago.
As a result of debugging in the country where the endpoints are not working, similarly to @RasAI, when I debug on Cloudflare endpoint with /cdn-cgi/trace everything is fine, warp/gateway=on. When I debug on one of my endpoints with /cdn-cgi/trace, the result is warp/gateway=off.
Seems to be a real issue faced by others too.