Require Gateway not working

  • I have a Policy set for an Internal Cloudflare Access Application, which is exposed via Argo Tunnel.
  • The Policy is set to Include my IdP group, but Require Gateway.
  • When I do this, I receive a Forbidden message after authentication to my IdP.
  • If I remove the Require Gateway, the site loads after authenticating to my IdP.
  • If I create an additional Bypass policy that Includes Gateway, the site loads without authenticating to my IdP.

https://help.teams.cloudflare.com shows I am connected to WARP and Gateway proxy.

It really seems like Require Gateway is broken.

once try to remove that policy for Internal Cloudflare Access Application , and see if it works or not

In the warp client enter doh domain you find In cloudflare teams dashboard

It doesn’t seem like this would be necessary, but I did this. It did not help, unfortunately. Further, I tried Require WARP too, which has the same results.

https://cloudflare.com/cdn-cgi/trace also shows warp=on, gateway=on

I also tried Require on my IdP’s group name, which broke access too. Require is not working as expected.

https://help.teams.cloudflare.com/

What you get?

Hi! I took a break on this project, but am back at it.

Here’s a screenshot. I feel as if Team name was not N/A before, but it is today.

Require for IdP Group Name is working today. But if I add an addtional Require for Gateway, it is Access Forbidden still today. Using the latest WARP Client on macOS.

I got it working! I debugged using the /cdn-cgi/trace path for each hostname that wasn’t working and kept seeing loc=XX, warp=off, and gateway=off. These domains are on the CF Network, and I had to turn off HTTP/3 (with QUIC). Now, the Require WARP or Gateway rules are working!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.