With Require Gateway, you can allow access to your applications only to devices enrolled in your organization’s instance of Gateway. Unlike , which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization’s Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.
- Cloudflare WARP client is on the device. For a list of supported modes and operating systems, refer to .
Enable the Gateway check
In WARP client checks, select Add new.
Select Gateway, then select Save.
Add the check to an Access policy
Select the application for which you want to require Gateway, then select Configure.
To create a new Access policy, select Add a policy. To require Gateway for an existing policy, select a policy, then select Configure.
Add an Include or Require rule which uses the Gateway selector. Select Save policy.
Before granting access to the application, your policy will now check that the device is running the WARP client and enrolled in your Zero Trust organization.