| pcx_content_type | title | weight |
|---|---|---|
concept |
Proxy |
14 |
You can forward HTTP and network traffic to Gateway for logging and filtering. Gateway can proxy both outbound traffic and traffic directed to resources connected via a Cloudflare Tunnel, GRE tunnel, or IPsec tunnel.
The Gateway proxy is required for filtering HTTP and network traffic via the WARP client in Gateway with WARP mode. To proxy HTTP traffic without deploying the WARP client, you can configure PAC files on your devices.
Gateway supports proxying TCP, UDP, and ICMP traffic.
When the proxy is enabled, Gateway will always forward TCP traffic.
By default, TCP connection attempts will timeout after 30 seconds and idle connections will disconnect after 8 hours.
The UDP proxy forwards UDP traffic such as VoIP, internal DNS requests, and thick client applications.
When the UDP proxy is enabled, Gateway will force all HTTP/3 traffic to HTTP/2 to allow inspection. Otherwise, HTTP/3 traffic will bypass inspection. For more information, refer to HTTP/3 inspection.
{{}}ICMP{{}}
The ICMP proxy forwards traffic for diagnostic tools such as ping and traceroute.
{{
}}Gateway cannot log or filter ICMP traffic.{{}}- In Zero Trust, go to Settings > Network.
- Enable Proxy for TCP.
- (Optional) Depending on your use case, you can enable UDP and/or ICMP.