Within a few minutes, Jamf Security Cloud will begin to initiate IPSec connections with Cloudflare as configured. If this is successful, the tunnel is marked as active in Jamf Security Cloud.
Note:
Cloudflare's Tunnel Health checks attempt to connect to the internet usingJamf Security Cloud. Jamf does not allow this traffic, so those health checks will fail. Even in this state, the IPSec tunnel will be fully operational.
If your organization uses an internal DNS server, you will probably need to configure a DNS zone. For more information, see Custom DNS Zones in the Jamf Security Cloud Setup Guide.
If traffic doesn't appear to be flowing as expected even though the IPSec state or if the connection indicates "Active", try the following steps:- Confirm that you have configured an access policy correctly for the hostname being accessed, such that you see the connection requests in Jamf Security Cloud: .
- Verify that all static and dynamic routes are configured correctly in your environment.
- Verify that all applicable security ACLs allow traffic originating from the Jamf Security Cloud subnet (e.g. 10.0.0.0/24) to your various applications and destinations. All Jamf Security Cloud end user traffic will originate from that IP range.
- Download and install NetCheck Connectivity Checker from the App Store to help troubleshoot connectivity.
- Modify the "Test URL" towards the bottom of the table to enter the app hostname you are trying to connect to and re-run the tests.
- Look for any errors or warnings and try to resolve them.