final

Author: deadlypants1973

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture.mdx

@@ -12,15 +12,15 @@ This guide explains how the Cloudflare WARP client interacts with a device's ope
 
 In [Gateway with DoH](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode, the IP traffic information does not apply. In [Secure Web Gateway without DNS filtering](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#secure-web-gateway-without-dns-filtering) mode, the DNS traffic information does not apply.
 
-## Overview
+## WARP traffic flow
 
 The WARP client allows organizations to have granular control over the applications an end user device can access. The client forwards DNS and network traffic from the device to Cloudflare's global network, where Zero Trust policies are applied in the cloud. On all operating systems, the WARP daemon maintains three connections between the device and Cloudflare:
 
-| Connection                                                                                                                                     | Protocol | Purpose                                                                                                         |
-| ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------- |
-| WARP tunnel ([via WireGuard or MASQUE](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol)) | UDP      | Send IP packets to Gateway for network policy enforcement, HTTP policy enforcement, and private network access. |
-| [DoH](https://www.cloudflare.com/learning/dns/dns-over-tls/)                                                                                   | HTTPS    | Send DNS requests to Gateway for DNS policy enforcement. The DoH connection is maintained inside of the WARP tunnel.      |
-| Device orchestration                                                                                                                           | HTTPS    | Perform user registration, check device posture, apply WARP profile settings.                                   |
+| Connection                                                                                                                                     | Protocol | Purpose                                                                                                              |
+| ---------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
+| WARP tunnel ([via WireGuard or MASQUE](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol)) | UDP      | Send IP packets to Gateway for network policy enforcement, HTTP policy enforcement, and private network access.      |
+| [DoH](https://www.cloudflare.com/learning/dns/dns-over-tls/)                                                                                   | HTTPS    | Send DNS requests to Gateway for DNS policy enforcement. The DoH connection is maintained inside of the WARP tunnel. |
+| Device orchestration                                                                                                                           | HTTPS    | Perform user registration, check device posture, apply WARP profile settings.                                        |
 
 ```mermaid
 flowchart LR

src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx

@@ -14,12 +14,14 @@ The Cloudflare WARP client allows you to protect corporate devices by securely a
 
 ## How WARP works
 
-WARP is a lightweight device client, which builds proxy tunnels using either Wireguard or MASQUE, and builds a DNS proxy using DNS-over-HTTPS. WARP supports all major operating systems, all common forms of endpoint management tooling, and has a robust series of management parameters and profiles to accurately scope the needs of a diverse user base.
+WARP is a device client, which builds proxy tunnels using either Wireguard or MASQUE, and builds a DNS proxy using DNS-over-HTTPS. WARP supports all major operating systems, all common forms of endpoint management tooling, and has a robust series of management parameters and profiles to accurately scope the needs of a diverse user base.
 
 The WARP client comprises of:
 
-- Graphical User Interface (GUI): User-friendly application you interact with. It provides a simple control panel to manage WARP's [status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) and [settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/).
-- WARP daemon (or service): Core background component responsible for establishing secure tunnels (using technologies like WireGuard or MASQUE) and managing all interactions with Cloudflare's network. It ensures traffic is securely directed and policies are enforced.
+- Graphical User Interface (GUI): User-friendly control panel to view WARP's [status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) and [settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/).
+- WARP daemon (or service): Core background component responsible for establishing secure tunnels (using WireGuard or MASQUE) and handling all WARP functionality on your device.
+
+Refer to [WARP architecture](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/) for more information on how WARP client interacts with a device's operating system to route traffic.
 
 ## Key benefits of using WARP
 
@@ -38,14 +40,12 @@ Deploying the WARP client significantly enhances your organization's security an
 
 - **Device posture checks**: The WARP client provides advanced Zero Trust protection by making it possible to check for [device posture](/cloudflare-one/identity/devices/). By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more.
 
-Deploying the WARP client significantly enhances your organization's security and visibility within Cloudflare Zero Trust:
-
 ## WARP modes
 
 WARP offers flexible [operating modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) to suit your specific needs. WARP can control device traffic as a full proxy, manage only DNS traffic as a DNS proxy, or both. WARP is the most common method for sending user device traffic through Cloudflare Gateway for filtering and decryption.
 
 ## Next steps
 
 - Review the [first-time setup](/cloudflare-one/connections/connect-devices/warp/set-up-warp/) guide to [install](/cloudflare-one/connections/connect-devices/warp/download-warp/) and [deploy](/cloudflare-one/connections/connect-devices/warp/deployment/) the WARP client on your corporate devices.
-- Configure your [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) and [settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) to best suit your organization's needs.
+- Review possible [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) and [settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) to best suit your organization's needs.
 - Explore [Cloudflare Gateway policies](/cloudflare-one/policies/gateway/) to leverage advanced web filtering, anti-virus scanning, and HTTP policies with WARP.