Test your first application
You have now set up your Zero Trust organization, configured the WARP client, installed it on devices, and created your Access and Gateway policies. The next step is to test those policies.
Test if the Access or Gateway policy that you configured is working by using a device with the WARP client installed to reach an internal application or external website.
If you cannot reach an application protected by Access or an external application through Gateway as expected, Cloudflare recommends starting with reviewing your WARP configuration.
If your manual test fails, troubleshoot the WARP client. Cloudflare recommends starting with reviewing your WARP configuration because misconfiguration is the most common cause of connectivity issues.
- WARP troubleshooting guide: Step-by-step instructions to debug WARP client issues.
- WARP client errors: If you are receiving an error, review the associated solutions.
- WARP connectivity status: Review the connectivity stage of the WARP daemon as it establishes a connection from the device to Cloudflare.
- WARP with Firewall: Ensure you have exempted the correct IP addresses and domains to allow the WARP client to connect.
Analytics provide visualizations of log data. To review Access or Gateway analytics:
- In Cloudflare One ↗, go to Insights > Analytics > Dashboards.
- Select Access event analytics for a summary of login events or Application Access Report for a summary of overall Access Activity.
- Select the HTTP request analytics, DNS query analytics or Network session analytics depending on your Gateway investigation scope.
Logs provide event-level (such as an authentication attempt or a DNS query) visibility into your Cloudflare One environment.
To review traffic activity for applications protected by Access:
- In Cloudflare One ↗, go to Insights > Analytics > Logs.
- Select Access authentication logs.
- Review the per-request logs for your application.
To review traffic activity in the Gateway logs:
- In Cloudflare One ↗, go to Insights > Analytics > Logs.
- Select HTTP request logs, Network logs, or DNS query logs depending on your investigation scope.
Refer to Troubleshoot Gateway to troubleshoot common issues with Gateway egress policies.
After you confirm your policies work by testing manually, use DEX to monitor connectivity and performance over time.
Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Zero Trust organization.
With DEX, you can monitor the state of your WARP client deployment and resolve issues impacting end-user productivity. DEX is designed for IT and security teams who need to proactively monitor and troubleshoot device and network health across distributed environments. DEX is available on all Cloudflare Zero Trust and SASE plans.
Refer to Digital Experience Monitoring (DEX) for more information.
- Imagine that you have three devices, with the WARP client installed, set up in your testing environment.
- You have set up a Cloudflare Tunnel and an Access policy for your internal wiki that is available at
wiki.acme.org. - You manually tested the three WARP client devices, and you confirmed they can all reach
wiki.acme.org. - You want to set up automated connectivity and performance testing to
wiki.acme.orgfor each of these WARP client devices so you can monitor them over time. - You set up a DEX test, and it sends an HTTP GET request to
wiki.acme.orgfrom all three WARP devices on a five minute interval. - If WARP device connectivity drops, or if there are performance problems, you can see the DEX test results to troubleshoot the problem.
With Digital Experience Monitoring (DEX), you can test if your devices can connect to a private or public endpoint through the WARP client. Tests allow you to monitor availability for a given application and investigate performance issues reported by your end users.
Refer to DEX tests for more information.
An HTTP test sends a GET request from an end-user device to a specific web application. You can use the response metrics to troubleshoot connectivity issues. For example, you can check whether the application is inaccessible for all users in your organization, or only certain ones.
To set up an HTTP test for an application:
- In Cloudflare One ↗, go to Insights > Digital experience.
- Select the Tests tab.
- Select Add a Test.
- Fill in the following fields:
- Name: Enter any name for the test.
- Target: Enter the URL of the website or application that you want to test (for example,
https://jira.site.com). Both public and private hostnames are supported. If testing a private hostname, ensure that the domain is on your local domain fallback list. - Source device profiles: (Optional) Select the WARP device profiles that you want to run the test on. If no profiles are selected, the test will run on all supported devices connected to your Zero Trust organization.
- Test type: Select HTTP Get.
- Test frequency: Specify how often the test will run. Input a minute value between 5 and 60.
- Select Add test.
- After the test is created and running, you can view the results of your test.
An HTTP test measures the following data:
| Data | Description |
|---|---|
| Resource fetch time | Total time of all steps of the request, measured from startTime to responseEnd ↗. |
| Server response time | Round-trip time for the device to receive a response from the target. |
| DNS response time | Round-trip time for the DNS query to resolve. |
| HTTP status codes | Status code ↗ returned by the target. |
Administrators can receive alerts when Cloudflare detects connectivity issues with the WARP client or degraded application performance. Notifications can be delivered via email, webhook, and third-party services.
Refer to DEX Notifications for more information on DEX-specific notifications.
Customers who want to be notified when Cloudflare detects a spike or drop in the number of devices connected to the WARP client can create a Device connectivity anomaly notification.
To create a device connectivity anomaly notification:
-
In the Cloudflare dashboard, go to the Notifications page.
Go to Notifications -
Select Add.
-
Find Product DEX and Alert type Device connectivity anomaly, and choose Select.
-
Name the notification.
-
Enter an email address to receive the notifications or set up a webhook.
-
(Optional) Specify any additional options for the notification, if required. For example, some notifications require that you select one or more domains or services.
-
Select Create.
Refer to Notifications for more information on editing, testing, and disabling notifications.
Once your policies are live, you can use DEX tests and notifications to ensure your team has secure, reliable access to internal and external resources.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
