kgess-mirror/cloudflare-docs
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflare-docs.git synced 2026-01-11 20:06:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix merge conflicts
Some checks failed
/ Publish Preview (push) Has been cancelled
Details

Browse source
This commit is contained in:
Ranbel Sun 2026-01-09 14:06:14 -05:00
parent 9ca566c201
commit ff382e5523
1 changed files with 23 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/index.mdx
View file

@ -118,6 +118,25 @@ This setting is primarily used as a prerequisite for [WARP Connector](/cloudflar
The CGNAT IP assigned to a WARP device is permanent until the device unregisters from your Zero Trust organization or switches to a different registration. Disconnects and reconnects do not change the IP address assignment.
### Allow all Cloudflare One traffic to reach enrolled devices
<Details header="Feature availability">
| Operating Systems | [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ----------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| All systems | Gateway with WARP | All plans |
</Details>
Allows traffic on-ramped using [WARP-to-WARP](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/), [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/), or [Magic WAN](/cloudflare-one/networks/connectors/wan-tunnels/) to route to WARP devices enrolled in your Zero Trust organization.
Each WARP device is assigned a virtual IP address in the <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip> space (`100.96.0.0/12`). With this setting `Enabled`, users on your private network will be able to connect to these virtual IPs and access [TCP, UDP, and/or ICMP-based services](/cloudflare-one/traffic-policies/proxy/) on your WARP devices. You can create [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to control which users and devices can access the `100.96.0.0/12`.
:::note
Ensure that traffic destined to `100.96.0.0/12` routes from your private network to Cloudflare Gateway. For example, if you are making a [WARP-to-WARP](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/) connection, you must configure your [Split Tunnel settings](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/) so that traffic to `100.96.0.0/12` routes through the WARP tunnel.
:::
## Global disconnection settings
### Disconnect WARP on all devices
@ -149,23 +168,13 @@ To resume normal operations, turn off **Disconnect WARP on all devices**. The WA
For more information on how **Disconnect WARP on all devices** works with other WARP settings, refer to [WARP settings precedence](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/external-disconnect/#warp-settings-precedence).
### Allow all Cloudflare One traffic to reach enrolled devices
### Manage device connection using an external signal
<Details header="Feature availability">
<Render file="warp/external-disconnect-availability" product="cloudflare-one" />
| Operating Systems | [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ----------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| All systems | Gateway with WARP | All plans |
Allows administrators to disconnect WARP independently from any Cloudflare infrastructure. When `Enabled`, WARP clients will periodically poll the configured HTTPS endpoint and disconnect when it receives a valid disconnect signal.
</Details>
Allows traffic on-ramped using [WARP-to-WARP](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/), [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/), or [Magic WAN](/cloudflare-one/networks/connectors/wan-tunnels/) to route to WARP devices enrolled in your Zero Trust organization.
Each WARP device is assigned a virtual IP address in the <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip> space (`100.96.0.0/12`). With this setting `Enabled`, users on your private network will be able to connect to these virtual IPs and access [TCP, UDP, and/or ICMP-based services](/cloudflare-one/traffic-policies/proxy/) on your WARP devices. You can create [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to control which users and devices can access the `100.96.0.0/12`.
:::note
Ensure that traffic destined to `100.96.0.0/12` routes from your private network to Cloudflare Gateway. For example, if you are making a [WARP-to-WARP](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-to-warp/) connection, you must configure your [Split Tunnel settings](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/) so that traffic to `100.96.0.0/12` routes through the WARP tunnel.
:::
To set up the external HTTPS endpoint, refer to [External emergency disconnect](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/external-disconnect/).
## Device profile settings