You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ The WARP client connects to Cloudflare via a standard HTTPS connection outside t
15
15
16
16
<Renderfile="warp/client-orchestration-ips" />
17
17
18
-
Although `zero-trust-client.cloudflareclient.com`may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above.
18
+
If your firewall allows traffic only by domain, you may need to explicitly allow `zero-trust-client.cloudflareclient.com`. Even though `zero-trust-client.cloudflareclient.com`may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above. To avoid connectivity issues, ensure that the above IPs are permitted through your firewall.
19
19
20
20
## DoH IP
21
21
@@ -28,7 +28,8 @@ In [Gateway with DoH](/cloudflare-one/connections/connect-devices/warp/configure
28
28
- IPv4 DoH Addresses: `162.159.36.1` and `162.159.46.1`
29
29
- IPv6 DoH Addresses: `2606:4700:4700::1111` and `2606:4700:4700::1001`
30
30
31
-
Although `<ACCOUNT_ID>.cloudflare-gateway.com` may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above.
31
+
If your firewall allows traffic only by domain, you may need to explicitly allow `<ACCOUNT_ID>.cloudflare-gateway.com`. Even though `<ACCOUNT_ID>.cloudflare-gateway.com` may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above. To avoid connectivity issues, ensure that the above IPs are permitted through your firewall.
32
+
32
33
33
34
### Android devices
34
35
@@ -93,7 +94,7 @@ The client connects to the following destinations to verify general Internet con
93
94
-`162.159.197.3`
94
95
-`2606:4700:102::3`
95
96
96
-
Although `engage.cloudflareclient.com`may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above.
97
+
If your firewall allows traffic only by domain, you may need to explicitly allow `engage.cloudflareclient.com`. Even though `engage.cloudflareclient.com`may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above. To avoid connectivity issues, ensure that the above IPs are permitted through your firewall.
97
98
98
99
### Inside tunnel
99
100
@@ -104,8 +105,6 @@ The WARP client connects to the following IPs to verify connectivity inside of t
104
105
105
106
Because this check happens inside of the tunnel, you do not need to add these IPs to your firewall allowlist. However, since the requests go through Gateway, ensure that they are not blocked by a Gateway HTTP or Network policy.
106
107
107
-
Although `connectivity.cloudflareclient.com` may appear in `warp-diag` and other logs, it is used internally by WARP and should not be used in firewall policies.
108
-
109
108
If your firewall allows traffic only by domain, you may need to explicitly allow `connectivity.cloudflareclient.com`. Even though `connectivity.cloudflareclient.com` may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above. To avoid connectivity issues, ensure that the above IPs are permitted through your firewall.
0 commit comments