Zero Trust Gateway Firewall policy not working


my Cloudflare Zero Trust Gateway Firewall Policy is not working. I am trying to insert a firewall policy which denies access to an IP range based on a users email domain. Therefore I created the following Policy:
Destination IP in
User Email not in *
User Email not in".

The issue I am experiencing is that a user of is blocked, but should not according to my rule. When I look up the Block in the logs I see, that the Identity Email is corret: [email protected] but the user gets block.

Thanks for all replies in advance.

Assuming you want to allow only users in or, and block others, then you need to use AND instead of OR as you are using NOT in.

Thank you for the answer.
I already tried with AND but this did not work as well.
I just tried again and can confirm that it is not working with AND.