Zero Trust Tunnel Disable Auth block all countries accept two

Hello all:

I have a Tunnel Running in zero trust that is supporting a simple web application. In that application have an allow policy that is set to allow with the settings"

Selector: Everyone Value: Everyone

Require is set to a group, that contains the allowed countries USA and CA.

Basically I want un authenticated access for anyone in US or CA.

When I enable to policy I get the Cloudflare Access screen with the send me a code prompt asking for email authentication.

Please advice, what am I doing wrong.

You should configure this as a Bypass policy, with Include selector instead of Require.

1 Like


Thanks for the reply.

I think I have it working after a lot of trial an error. I had to create two bypass policies. I used the following in the bypass policy:

selector Everyone
Country USA

selector Everyone
Country CA

I am not really sure how to test this out at the moment, other than removing my country and seeing the block page.

I tried the include setting you mentioned but in my testing I could not get it to work.

What about using a second device with a VPN set to a country outside of USA or CA and see if you can access or if it shows you the blocked page?