Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Require Gateway

Feature availability
Operating SystemsWARP mode requiredZero Trust plans
All systemsWARP with GatewayAll plans

With Require Gateway, you can allow access to your applications only to devices enrolled in your organization’s instance of Gateway. Unlike Require WARP, which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization’s Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.

​​ 1. Enable the Gateway check

  1. In the Zero Trust Dashboard, go to Settings > WARP Client.
  2. Scroll down to WARP client checks and select Add new.
  3. Select Gateway.
  4. Select Save.

You are now ready to start requiring Gateway for your Access applications.

​​ 2. Add the check to an Access policy

  1. In the Zero Trust Dashboard, go to Access > Applications.

  2. Locate the application for which you want to require Gateway.

  3. Select Edit.

  4. To have an existing policy require Gateway, select Edit for that specific policy. Then, add an Include or Require rule which uses the Gateway selector.

  5. Select Save rule.

Before granting access to the application, your policy will now check that the device is running the WARP client and enrolled in your Zero Trust organization.