Cloudflare Docs
Learning Paths
Edit this page on GitHub
Set theme to dark (⇧+D)

WARP client settings

  2 min read

WARP settings define the client mode, user permissions, DNS traffic routing, and other WARP client behavior.

To configure these settings for your organization:

  1. Go to Settings > WARP Client.

  2. Under Device settings, select the default profile and select Configure.

  3. We recommend the following device settings as a starting point. Feel free to modify this configuration to the needs of your organization.

    SettingStateNotes
    Captive portal detectionEnabled
    Mode switchDisabledGateway with WARP mode is unnecessary if you are only filtering DNS.
    Lock WARP switchEnabledEnsures that DNS traffic is always inspected. Only disable if your users frequently travel to unmanaged locations where the firewall could block the WARP IPs.
    Allow device to leave organizationDisabled
    Allow updatesDisabledUsually disabled on managed devices.
    Auto connectEnabledTimeout is usually set between 10min - 30min.
    Support URLEnabled
    Service modeGateway with DoH
    Local Domain FallbackAdd internal domains that do not have a public DNS record. The WARP client is still responsible for proxying all DNS traffic but will query a private DNS server for domains on this list. To learn more, refer to Local Domain Fallback.
    Split TunnelsUnused for DNS filtering.
    Directly route Office 365 trafficDisabledUnused for DNS filtering.
  4. Save the profile.

  5. Under Global settings,

    1. (Recommended) Enable Admin override code if you turned on Lock WARP switch.
    2. Enable Install CA to system certificate store if you want users to see a custom block page.