From 48525d87a48bede0623fc24dc6edf378f55e0c27 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Mon, 27 Jan 2025 14:34:51 +0000 Subject: [PATCH 1/5] [Magic Firewall] IDS Limitation --- .../docs/magic-firewall/how-to/enable-ids.mdx | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx index 7c4f4672fe7454..0c0fb55a6bc233 100644 --- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx +++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx @@ -78,6 +78,18 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e +## IDS limitations + +Currently, IDS does not run on every packet. IDS rules are run on a sampled subset. + +IDS does not run on WAN-to-Internet traffic sent to Gateway. IDS will run on WAN-to-Internet traffic if Gateway upgrade is disabled. + +| Flow | Magic Firewall | IDS | +| ---- | ---- | --- | +| WAN-to-Gateway | Applied | Not applied | +| WAN-to-Cloudflare Tunnel | Applied | Not applied | +| WAN-to-WAN | Applied | Applied | + ## Next steps You must configure Logpush to log detected risks. Refer to [Configure a Logpush destination](/magic-firewall/how-to/use-logpush-with-ids/) for more information. Additionally, all traffic that is analyzed can be accessed via [network analytics](/analytics/network-analytics/). Refer to [GraphQL Analytics](/magic-firewall/tutorials/graphql-analytics/) to query the analytics data. From 2bba6bb6df841c6912499c2423bce761ad6fa191 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Thu, 30 Jan 2025 14:18:37 +0000 Subject: [PATCH 2/5] Remove limitations --- src/content/docs/magic-firewall/how-to/enable-ids.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx index 0c0fb55a6bc233..9eb95dff5a05de 100644 --- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx +++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx @@ -78,11 +78,11 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e -## IDS limitations +## IDS rules -Currently, IDS does not run on every packet. IDS rules are run on a sampled subset. +IDS rules are run on a subset of packets. -IDS does not run on WAN-to-Internet traffic sent to Gateway. IDS will run on WAN-to-Internet traffic if Gateway upgrade is disabled. +IDS will run on WAN-to-Internet traffic if Gateway upgrade is disabled. IDS also supports the current flows: | Flow | Magic Firewall | IDS | | ---- | ---- | --- | From 7cf1abe5a3c098dc293366ea3f283ca08f1f8233 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Mon, 3 Feb 2025 13:40:50 +0000 Subject: [PATCH 3/5] Update IDS rules --- src/content/docs/magic-firewall/how-to/enable-ids.mdx | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx index 9eb95dff5a05de..1e401a292f8e52 100644 --- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx +++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx @@ -80,15 +80,10 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e ## IDS rules -IDS rules are run on a subset of packets. +IDS rules are run on a subset of packets. IDS also supports the current flows: -IDS will run on WAN-to-Internet traffic if Gateway upgrade is disabled. IDS also supports the current flows: - -| Flow | Magic Firewall | IDS | -| ---- | ---- | --- | -| WAN-to-Gateway | Applied | Not applied | -| WAN-to-Cloudflare Tunnel | Applied | Not applied | -| WAN-to-WAN | Applied | Applied | +- Magic WAN to Magic WAN. +- Magic Transit in both directions. ## Next steps From 166936e8550e625f10df5f83f40a55de37032682 Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Thu, 6 Feb 2025 11:57:53 +0000 Subject: [PATCH 4/5] Adding more info --- src/content/docs/magic-firewall/how-to/enable-ids.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx index 1e401a292f8e52..acd1397ba07e9b 100644 --- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx +++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx @@ -83,8 +83,9 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e IDS rules are run on a subset of packets. IDS also supports the current flows: - Magic WAN to Magic WAN. -- Magic Transit in both directions. +- Magic Transit ingress traffic only when traffic is handled through direct server return. +- Ingress and egress traffic when Magic Transit has the [Egress option enabled](/reference-architecture/architectures/magic-transit/#magic-transit-with-egress-option-enabled). ## Next steps -You must configure Logpush to log detected risks. Refer to [Configure a Logpush destination](/magic-firewall/how-to/use-logpush-with-ids/) for more information. Additionally, all traffic that is analyzed can be accessed via [network analytics](/analytics/network-analytics/). Refer to [GraphQL Analytics](/magic-firewall/tutorials/graphql-analytics/) to query the analytics data. +You must configure Logpush to log detected risks. Refer to [Configure a Logpush destination](/magic-firewall/how-to/use-logpush-with-ids/) for more information. Additionally, all traffic that is analyzed can be accessed via [network analytics](/analytics/network-analytics/). Refer to [GraphQL Analytics](/magic-firewall/tutorials/graphql-analytics/) to query the analytics data. \ No newline at end of file From 4d4baf523795e657445172ed0471871f4558ca7c Mon Sep 17 00:00:00 2001 From: Maddy <130055405+Maddy-Cloudflare@users.noreply.github.com> Date: Thu, 6 Feb 2025 16:19:06 +0000 Subject: [PATCH 5/5] Updating steps --- src/content/docs/magic-firewall/how-to/enable-ids.mdx | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/content/docs/magic-firewall/how-to/enable-ids.mdx b/src/content/docs/magic-firewall/how-to/enable-ids.mdx index acd1397ba07e9b..662c1ad3a149b7 100644 --- a/src/content/docs/magic-firewall/how-to/enable-ids.mdx +++ b/src/content/docs/magic-firewall/how-to/enable-ids.mdx @@ -82,9 +82,8 @@ Similarly, sending a patch request with the `enabled` field set to `true` will e IDS rules are run on a subset of packets. IDS also supports the current flows: -- Magic WAN to Magic WAN. -- Magic Transit ingress traffic only when traffic is handled through direct server return. -- Ingress and egress traffic when Magic Transit has the [Egress option enabled](/reference-architecture/architectures/magic-transit/#magic-transit-with-egress-option-enabled). +- Magic Transit ingress traffic (when egress traffic is handled through direct server return). +- Magic Transit ingress and egress traffic when Magic Transit has the [Egress option enabled](/reference-architecture/architectures/magic-transit/#magic-transit-with-egress-option-enabled). ## Next steps