WARP - Understand Cloudflare WARP basics

In this episode, we explain the core features of the Cloudflare WARP client and how to troubleshoot common issues. After watching, you will have an understanding of the GUI, the differences between the consumer and corporate WARP, device profiles, the various operating modes of WARP, split tunneling, and more.

Chapters

• 
  Introduction and WARP GUI Basics 0s
• 
  Consumer vs Corporate WARP 57s
• 
  Device Profiles Explained 01m35s
• 
  WARP Operating Modes 02m12s
• 
  Split Tunneling 03m4s
• 
  Conclusion 04m56s

Transcript

Hi, I'm Jess from Cloudflare.

Welcome. In this video, you'll learn the basics of Cloudflare WARP.

Our support team will always be here to help,

but this guide is all about empowering you to understand and solve issues faster on your

own. We will learn the Cloudflare WARP client and how it differs from the consumer version

the different operating modes of WARP, split tunneling exclude versus include modes,

and the WARP GUI and its intended versus actual state.

These are the basic concepts that will prepare you to troubleshoot any issues you

may encounter. Let's get started with What is the Cloudflare WARP client?

Cloudflare WARP client allows you to protect corporate devices by securely and privately

sending traffic from those devices to Cloudflare's global network,

where Cloudflare Gateway can apply advanced web filtering.

is available to the public for free.

The corporate version integrates with Cloudflare Zero Trust,

giving your IT team the ability to manage security policies,

control traffic routing, and monitor usage.

If you're not sure which version of WARP you're currently using,

you can tell them apart easily by its color.

The consumer version will display WARP in red,

whereas the corporate version will display Zero Trust in blue.

If your intention is to use the corporate version,

make sure you're seeing a blue Zero Trust WARP banner by authenticating with your

Cloudflare Zero Trust organization.

Next, what is the device profile?

A device profile represents a different set of parameters assigned to your device,

based on its relationship with the policy attributes.

You can create multiple profiles and apply different settings based on your user's

identity, the device location, and other criteria.

IT administrators can assign different device profiles to their users.

For example, depending on office locations, teams,

device types, operating systems, or other attributes,

users might have different routes that need to be excluded from their WARP Tunnel,

or different DNS settings to accommodate local development services.

All right, it's important to know that WARP client can operate in different modes,

because each mode controls the types of traffic sent to Cloudflare Gateway

differently. The WARP mode determines which Zero Trust features are available on the

device. Selecting the right mode depends on your organization's needs.

For example, for Internet security or remote access gateway with WARP or Secure Web

Gateway without DNS filtering would be ideal,

and the latter should only be used in cases where Cloudflare cannot control DNS

resolution on the device.

Both Gateway with DoH and Proxy Mode are used for Internet filtering.

Gateway with DoH is only DNS traffic, while Proxy Mode is only HTTP traffic.

Lastly, Device Information Only mode would be useful for clientless access or browser based

remote access to use device posture without proxying traffic to Cloudflare.

If you encounter a problem, understanding which mode you're in will help

you narrow down where the problem might be.

And that's because WARP modes are combinations or absences of particular

features. For example, Gateway with WARP includes both DNS and

Tunnel components. So when you're troubleshooting,

you have to look at both the DNS and Tunnel components as opposed to Gateway with DoH

where you will only have to look at the DNS component.

But don't worry, you don't have to memorize all of this.

You can always refer to our documentation.

Next up, split tunneling, a feature that allows you to control what IP

traffic goes through the WARP virtual interface or tunnel.

There are two ways to configure it.

The first mode is exclude IPs and domains.

This is the default setting.

All traffic will be sent to Cloudflare Gateway except for IPs and domains you

specify. The second mode is include IPs and domains.

Only traffic destined to IPs or domains you specify will be sent to Cloudflare Gateway.

All other traffic will bypass Gateway and will no longer be filtered by your network or

HTTP policies. Secure Web Gateway without DNS filtering and Device Information Only mode

will automatically disable domain based split tunneling.

So if you're experiencing issues related to domains,

it's good to check your WARP mode.

And lastly, here's a common point of confusion.

The toggle button in the WARP GUI shows the intended state,

not the actual state. For example, if the toggle is on,

it means that the client intends to connect, but the actual status may show disconnected

if there's an issue. So always check the message below the toggle for the current

connection state. You now understand the foundation of WARP client components.

If you want to learn more, we also have additional resources on

Cloudflare docs. Thanks for watching and see you soon!