update

deadlypants1973 · deadlypants1973 · commit 7dfd991ed072 · 2025-07-30T17:55:52.000+01:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 0
 ---
 
-import { Render, Tabs, TabItem } from "~/components";
+import { MetaInfo, Render, Tabs, TabItem, Type } from "~/components";
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client.
 
@@ -129,12 +129,111 @@ By following these steps, you will ensure that your WARP diagnostic logs have ca
 
 <Render file="dex/pcaps-download" />
 
+After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+
 ### Collect logs via the CLI
 
-To collect WARP diagnostic logs via the `warp-diag` CLI, run:
+Collect WARP diagnostic logs by downloading them to your desktop using the `warp-diag` CLI.
 
 <Render file="warp/warpdiag-run" />
 
 :::tip[Best practice]
 
-To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps.
+To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps for review within the logs.
+
+:::
+
+After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+
+## 2. Review diagnostics logs
+
+WARP diagnostic logs display WARP information relevant to the target device after all MDM and other software operations have been applied, allowing you to determine whether WARP is misconfigured or affected by conflicting software. After downloading the WARP diagnostic logs and/or PCAPs, you will review key files to troubleshoot your issue by checking for potential misconfigurations.
+
+### 2a. Check WARP status
+
+Open the `warp-status.txt` file to review the status of the WARP connection when the `warp-diag` was collected. A connected WARP client will appear as:
+
+```
+Ok(Connected)
+```
+
+### Common connectivity issues
+
+#### WARP client failing to connect
+
+If connectivity fails, reset the encryption keys to force re-establishement of the WARP tunnel without deleting registration.
+
+###### Windows, Mac, Linux
+
+To reset the encryption keys on a Windows, Mac, or Linux device:
+
+1. Open the WARP GUI > select the gear icon > **Preferences**.
+2. Select **Connection**.
+3. Select **Reset encryption keys**.
+
+##### iOS, Android
+
+To reset the encryption keys on an iOS or Android device:
+
+1. Open the Cloudflare One Agent.
+2. Select **Settings** > **Advanced** > **Connection options**.
+3. Select **Reset security keys**.
+
+### 2b. Check WARP settings
+
+Open the `warp-status.txt` file to review the WARP client settings, split tunnel configuration, and the applied device profile. Use this information to identify any discrepancies from the expected behavior you configure pre-deployment.
+
+#### Example `warp-settings.txt` file
+
+Review the following `warp-settings.txt` file and the descriptions of its content.
+
+```txt
+Merged configuration:
+(derived)   Always On: true # Current state of the WARP toggle on the GUI
+(network policy)    Switch Locked: false # If false, does not allows the user to [turn off the WARP switch](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) and disconnect the client.
+(network policy)    Mode: WarpWithDnsOverHttps <-- This is WARP with Gateway mode
+(network policy)    WARP tunnel protocol: WireGuard
+(default)   Disabled for Wifi: false
+(default)   Disabled for Ethernet: false
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] <- The SNI we'll use and the IP address for DoH requests
+(user set)  qlog logging: Enabled
+(default)   Onboarding: true <-- Does the user see a onboarding prompt when they first install the client?
+(network policy)    Exclude mode, with hosts/ips:
+  1xx.1xx.1xx.1xx/25 (zoom)
+...
+  cname.user.net
+
+(network policy)    Fallback domains:
+  intranet
+...
+  test
+(not set)   Daemon Teams Auth: false
+(network policy)    Disable Auto Fallback: false
+(network policy)    Captive Portal: 180
+(network policy)    Support URL: my-organizations-support-portal.com
+(user set)  Organization: Organization-Name
+(network policy)    Allow Mode Switch: true  <-- Is the user allowed to switch between configurations (DoH -> Gateway Mode)
+(network policy)    Allow Updates: false <------- Will the client perform the update checks, doesn't necessarily mean they'll be able to install them (depends on user permissions)
+(network policy)    Allowed to Leave Org: true <-- Is the button in the GUI grayed out or not.  Note, it'll always be grayed out if they have an MDM file
+(api defaults)  Known apple connectivity check IPs: xx.xxx.0.0/16;
+(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet  <-- The maximum size of network that'll be allowed when Access Lan is clicked.
+(network policy)    Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
+```
+
+:::tip[Quick debugging]
+
+The command `warp-cli settings` will generate the same information in your device's terminal that is present in the `warp-settings.txt` file.
+
+:::
+
+#### Contents of `warp-settings.txt` file
+
+- `Always On`
+
+This
+
+### Common misconfiguration issues
+
+#### Wrong profile ID
+
+#### Wrong split tunnel configuration
