Skip to content
Cloudflare Docs

WARP

The Cloudflare WARP client allows you to protect corporate devices by securely and privately sending traffic from those devices to Cloudflare's global network, where Cloudflare Gateway can apply advanced web filtering. The WARP client also makes it possible to apply advanced Zero Trust policies that check for a device's health before it connects to corporate applications.

WARP is a lightweight device client, which builds proxy tunnels using either Wireguard or MASQUE, and builds a DNS proxy using DNS-over-HTTPS. WARP supports all major operating systems, all common forms of endpoint management tooling, and has a robust series of management parameters and profiles to accurately scope the needs of a diverse user base.

WARP has flexible operating modes and can control device traffic as a proxy, control device DNS traffic as a DNS proxy, or both. It is the most common method to send traffic from user devices to be filtered and decrypted by Cloudflare Gateway.

Downloading and deploying the WARP client to your devices enhances the protection Cloudflare Zero Trust can provide to your users and data, wherever they are.

The WARP client provides in-depth protection for your organization in a few ways:

  • WARP lets you enforce security policies anywhere. With the WARP client deployed in the Gateway with WARP mode, Gateway policies are not location-dependent — they can be enforced anywhere.
  • WARP lets you enforce HTTP filtering and user-based policies. Download and install the WARP client to enable Gateway features such as Anti-Virus scanning, HTTP filtering, Browser Isolation, and identity-based policies.
  • WARP lets you have in-depth, application-specific insights. With WARP installed on your corporate devices, you can populate the Zero Trust Shadow IT Discovery page with visibility down to the application and user level. This makes it easy to discover, analyze, and take action on any shadow IT your users may be using every day.
  • WARP allows you to build rich device posture rules. The WARP client provides advanced Zero Trust protection by making it possible to check for device posture. By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more.