Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

Require Gateway

Feature availability
Operating SystemsWARP mode requiredTeams plans
All systemsWARP with GatewayAll plans

With Require Gateway you can allow access to your applications only to devices enrolled in your organization's instance of Gateway. Unlike Require WARP, which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization's Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.

The process involves two steps:

  1. Setting up Require Gateway as a device posture check.
  2. Adding the check to new or existing Zero Trust policies to enforce the check for one or more of your applications.

Set up a device posture check

  1. On your Teams dashboard, navigate to My Team > Devices > Device Posture.

    Device Posture

  2. Select Gateway.

  3. Click Save.

You are now ready to start requiring Gateway for your Access applications.

Add the check to a Zero Trust policy

  1. On the Teams dashboard, navigate to Access > Applications.

  2. Locate the application for which you want to require Gateway.

  3. Click Edit.

  4. To have an existing policy require Gateway, click Edit for that specific policy. Then, add an Include or Require rule with the option Gateway selected.

  5. Click Save rule.

Before granting access to the application, your policy will now check that the user is running your organization's Gateway configuration, or the WARP client, on their machine.