WARP client settings
2 min read
WARP settings define the client mode, user permissions, DNS traffic routing, and other WARP client behavior.
To configure these settings for your organization:
Go to Settings > WARP Client.
Under Device settings, select the default profile and select Configure.
We recommend the following device settings as a starting point. Feel free to modify this configuration to the needs of your organization.
Setting State Notes Captive portal detection Enabled Mode switch Disabled Gateway with WARP mode is unnecessary if you are only filtering DNS. Lock WARP switch Enabled Ensures that DNS traffic is always inspected. Only disable if your users frequently travel to unmanaged locations where the firewall could block the WARP IPs. Allow device to leave organization Disabled Allow updates Disabled Usually disabled on managed devices. Auto connect Enabled Timeout is usually set between 10min - 30min. Support URL Enabled Service mode Gateway with DoH Local Domain Fallback Add internal domains that do not have a public DNS record. The WARP client is still responsible for proxying all DNS traffic but will query a private DNS server for domains on this list. To learn more, refer to Local Domain Fallback. Split Tunnels Unused for DNS filtering. Directly route Office 365 traffic Disabled Unused for DNS filtering. Save the profile.
Under Global settings,
- (Recommended) Enable Admin override code if you turned on Lock WARP switch.
- Enable Install CA to system certificate store if you want users to see a custom block page.