[CF1] clarity on usage for connectivity.cloudflareclient.com

deadlypants1973 · deadlypants1973 · commit 509e99a5a726 · 2025-07-03T13:23:32.000-07:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx
@@ -91,12 +91,15 @@ The client connects to the following destinations to verify general Internet con
 
 ### Inside tunnel
 
-The client connects to the following destinations to verify connectivity inside of the WARP tunnel. Because this check happens inside of the tunnel, you do not need to add these IPs and domains to your firewall allowlist. However, since the requests go through Gateway, ensure that they are not blocked by a Gateway HTTP or Network policy.
+The client connects to the following IPs to verify connectivity inside of the WARP tunnel:
 
-- `connectivity.cloudflareclient.com`
 - `162.159.197.4`
 - `2606:4700:102::4`
 
+Because this check happens inside of the tunnel, you do not need to add these IPs and domains to your firewall allowlist. However, since the requests go through Gateway, ensure that they are not blocked by a Gateway HTTP or Network policy.
+
+`connectivity.cloudflareclient.com` is used internally by WARP and should not be used in firewall policies.
+
 ## NEL reporting (optional)
 
 The WARP client reports connectivity issues to our NEL endpoint via `a.nel.cloudflare.com`. This is not technically required to operate but will result in errors in our logs if not excluded properly.
