Require Gateway

With Require Gateway, you can allow access to your applications only to devices enrolled in your Zero Trust organization. Unlike Require WARP, which will check for any WARP instance (including the consumer version), Require Gateway will only allow requests coming from devices whose traffic is filtered by your organization's Cloudflare Gateway configuration. This policy is best used when you want to protect company-owned assets by only allowing access to employees.

Prerequisites

• Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP Client Checks.

1. Enable the Gateway check

1. In Zero Trust ↗, go to Settings > WARP Client.

2. In WARP client checks, select Add new.

3. Select Gateway, then select Save.

2. Add the check to an Access application

1. In Zero Trust ↗, go to Access > Applications.

2. Locate the application for which you want to require Gateway. Select Configure.

3. In the Policies tab, create a new Access policy or edit an existing policy.

4. In the policy builder, add an Include or Require rule which uses the Gateway selector. Save the policy.

5. Save the Access application.

Before granting access to the application, the policy will check that the device is running the WARP client and enrolled in your Zero Trust organization.

Was this helpful?

What did you like?

Accurate

Easy to understand

Solved my problem

Helped me decide to use the product

Other

What went wrong?

Hard to understand

Incorrect information

Missing the information

Other

Thank you for helping improve Cloudflare's documentation!