Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

WARP client

You can use Cloudflare WARP client to connect devices to Cloudflare for DNS filtering or Secure Web Gateway filtering. The WARP client can be deployed in the following modes:

ModeDescriptionDNS FilteringHTTP Filtering
DNS onlyDoH-based filteringYesNo
DNS with WARP+DoH-based filtering with encrypted WARP+ trafficYesNo
HTTP filteringDoH-based filtering, HTTP filtering, and encrypted WARP+ trafficYesYes

Cloudflare WARP is available on iOS, Android, Mac, and Windows.

DNS filtering

The Cloudflare WARP client can be configured to send all DNS queries from roaming devices, on any network, to Cloudflare for DNS filtering. Deploying DNS filtering with WARP does not require your team to configure source or destination IPs. To begin, follow the steps below:

  1. Determine which devices can enroll.
  2. Create a DNS-over-HTTPS destination.
  3. Deploy Cloudflare WARP to devices.

Alternatively, you can deploy Cloudflare DNS filtering on networks or devices without the WARP client.

Web proxying

You can proxy all traffic leaving devices through Cloudflare for HTTP inspection and filtering using the Cloudflare WARP client. To begin, follow the steps below:

  1. Determine which devices can enroll or deploy the agent with an MDM provider.
  2. Enroll a device.
  3. Install the Cloudflare root certificate on the devices.
  4. Enable web inspection in the Cloudflare for Teams dashboard.

Port Handling

By default, WARP allows traffic on any port other than 25.