Gateway's new DNS Policies

I had an e-mail regarding an update to Gateway asking me to recreate my policies. I have done that but I can’t see how to attach them to my “Locations”. I have also deleted my old policy and it won’t allow me to create a new one to attach? How can I fix this?

The new upgrade does not seem very user-friendly compared to the old setup. It seems they had made things harder than it should be.

Is anyone able to help? From looking at another feed someone said that the new DNS policies should work on all Locations? Sadly this is not the case here - none of them are working and I am still able to access blocked sites.

@MoreHelp

The MoreHelp tag is reserved for posts that have not received a reply in 72 hours.

@MoreHelp

Can anyone help???

@MoreHelp

I have created a location for cloudflare gateway. Also, I have create policy for the location, but I’m not able to assign policy to the location. Can anyone please help me to understand, how can I do so?

With the new policy engine in the “DNS (New)” tab, policies are applied to all configured locations unless you create a rule that includes the “Location” selector. Then the rule would apply to a specific location or set of locations.

1 Like

Mine does not work. None of the new policies are working with any of my “Locations”.

Same is happening with me.

I’m getting a message that no policy have been created.

Help?

@MoreHelp

Still not working and I have not used the “Location” selector.

I’m getting annoyed with the lack of support…

None of my policies are applied to any of my locations. I do not have any “Location” selector in my policies.

My DNS is working as I can see traffic in the Gateway logs but all saying that there is “0”
policies applied.

Using the @MoreHelp seems to be pointless (7 days!).

Hi @JohnUK,

unfortunately the @MoreHelp tag requires that the people that are tagged might know about it, but most, if not all are customers and volunteers. This is not support.

2 Likes

From the automatic reply from the support email that I first sent:

" If you don’t receive a reply within 72-hours of asking the Community, let us know by replying to your own Community post and at mentioning @MoreHelp to bring your post to our attention."

Hi John,

I’m happy to personally help you with your policies. If you’re interested, you can grab a spot on my calendar here: Calendly - Pete Zimmerman

7 Likes

Thank you.

After speaking to real technical support you have to add your locations to each new policy by selecting “Location” in the policy. They are NOT applied to all configured locations as stated above!

See screenshot: https://p13.zdusercontent.com/attachment/184946/MHrjkFMr3Y12xhrVderDGnUrR?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..LHTQMLRAIVkuZwpnSJ_mJg.Q2s48DubO-Pjt9p4I8S-4Tk2LBZpDzwokyfAQdxO8FyAuZr1N1xSxBLNgjLxDxNQUHIr9epTdrD9jAzGLW4qDVHlmQNnUsfGOD5i4wcdRRMjCMORc1CpJLh0E7loHavIvsyciYIc2zy1sM5MA4v9dzSyA1Kzxe1FlJw0eyttTnMKEidklx5uW1jiR02LVSeosS90FgjzaxU-Yac3-AKIZ_lbpq0V8lwrWH6ZHKFsJvBLF_nBcOKH5sHzSnoq3eljKVMGqiuqf3SyRYNW-av1jfUu6suAxSN7RyQW7vSE2pY.xFlnZ8Bmvq8p2gAs-EFWvw

Hi @JohnUK, PM for Cloudflare Gateway here. If you configure a set of Locations, rules will apply to all locations unless the more specific “location” selector is used in a DNS rule. When you configure a location, you must specify a source IPv4 address if you’re sending queries in plaintext from a stub resolver at that IP address. Alternatively, you can send queries to the DoH or DoT endpoints for that location. Unlike the policy configuration, the correlation of locations to Teams accounts hasn’t changed:

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/locations#how-gateway-matches-queries-to-locations

I’m happy to help you set up your policies or explain anything that’s not clear–looks like you cancelled our meeting for Friday but happy to chat.

6 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.