WARP client
You can use Cloudflare WARP client to connect devices to Cloudflare for DNS filtering or Secure Web Gateway filtering. The WARP client can be deployed in the following modes:
| Mode | Description | DNS Filtering | HTTP Filtering |
|---|---|---|---|
| DNS only | DoH-based filtering | Yes | No |
| DNS with WARP+ | DoH-based filtering with encrypted WARP+ traffic | Yes | No |
| HTTP filtering | DoH-based filtering, HTTP filtering, and encrypted WARP+ traffic | Yes | Yes |
Cloudflare WARP is available on iOS, Android, Mac, and Windows.
DNS filtering
The Cloudflare WARP client can be configured to send all DNS queries from roaming devices, on any network, to Cloudflare for DNS filtering. Deploying DNS filtering with WARP does not require your team to configure source or destination IPs. To begin, follow the steps below:
- Determine which devices can enroll.
- Create a DNS-over-HTTPS destination.
- Deploy Cloudflare WARP to devices.
Alternatively, you can deploy Cloudflare DNS filtering on networks or devices without the WARP client.
Web proxying
You can proxy all traffic leaving devices through Cloudflare for HTTP inspection and filtering using the Cloudflare WARP client. To begin, follow the steps below:
- Determine which devices can enroll or deploy the agent with an MDM provider.
- Enroll a device.
- Install the Cloudflare root certificate on the devices.
- Enable web inspection in the Cloudflare for Teams dashboard.
Port Handling
By default, WARP allows traffic on any port other than 25.