diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
index 235549d1a8..5816e3d7e1 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway/index.md
@@ -474,6 +474,13 @@ external service.
     EOF
     {{< /text >}}
 
+    {{< warning >}}
+    [Network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+    are implemented by the network plugin in your Kubernetes cluster.
+    Depending on your test cluster, the traffic may not be blocked in the following
+    step.
+    {{< /warning >}}
+
 1.  Resend the previous HTTPS request to [https://edition.cnn.com/politics](https://edition.cnn.com/politics). Now it
     should fail since the traffic is blocked by the network policy. Note that the `sleep` pod cannot bypass
     `istio-egressgateway`. The only way it can access `edition.cnn.com` is by using an Istio sidecar proxy and by
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-gateway/test.sh b/content/en/docs/tasks/traffic-management/egress/egress-gateway/test.sh
index bc1c8c9cc9..5ce0f2fa06 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-gateway/test.sh
+++ b/content/en/docs/tasks/traffic-management/egress/egress-gateway/test.sh
@@ -92,7 +92,8 @@ snip_apply_kubernetes_network_policies_7
 
 # Verify failure
 #_verify_contains snip_apply_kubernetes_network_policies_8 "port 443 failed: Connection timed out"
-# TODO: ^^^ this check is not working - gets 200 repsonse
+# TODO: ^^^ this check fails as the test cluster doesn't have a network plugin
+# installed which can enforce network policies.
 
 # Enable sidecar injection
 snip_apply_kubernetes_network_policies_9