[ZT] Gateway proxy and global WARP settings in Terraform (#23083)

* enable gateway proxy

* global warp settings

Author: ranbel

src/content/docs/learning-paths/replace-vpn/configure-device-agent/enable-proxy.mdx

@@ -12,6 +12,4 @@ import { Render } from "~/components"
 
 ## Enable the proxy
 
-<Render file="tunnel/enable-gateway-proxy" product="cloudflare-one" />
-
-Cloudflare will now proxy traffic from enrolled devices, except for the traffic excluded in your [split tunnel settings](/cloudflare-one/connections/connect-networks/private-net/cloudflared/#3-route-private-network-ips-through-warp). For more information on how Gateway forwards traffic, refer to [Gateway proxy](/cloudflare-one/policies/gateway/proxy/).
+<Render file="tunnel/enable-gateway-proxy" product="cloudflare-one" />

src/content/partials/cloudflare-one/tunnel/enable-gateway-proxy.mdx

@@ -15,7 +15,18 @@ import { Tabs, TabItem } from "~/components";
 </TabItem>
 <TabItem label="Terraform (v5)">
 
-Proxy settings are not currently supported by the Terraform v5 provider (as of version 5.3.0). To turn on the Gateway proxy, use the dashboard or API.
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
+	- `Zero Trust Write`
+
+2. Turn on the TCP and/or UDP proxy using the [`cloudflare_zero_trust_device_settings`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_device_settings) resource:
+
+	```tf
+	resource "cloudflare_zero_trust_device_settings "global_warp_settings" {
+		account_id            = var.cloudflare_account_id
+	  gateway_proxy_enabled = true
+		gateway_udp_proxy_enabled = true
+	}
+	```
 
 </TabItem>
 </Tabs>

src/content/partials/learning-paths/zero-trust/device-profiles.mdx

@@ -36,7 +36,7 @@ To customize the default settings:
 
 4. Save the profile.
 
-5. Under [**Global settings**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-settings),
+5. Configure [global settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-settings) for all device profiles:
    1. (Recommended) Enable **Admin override code** if you turned on **Lock WARP switch**.
    2. Enable **Install CA to system certificate store** if you want users to see a [custom block page](/cloudflare-one/policies/gateway/block-page/).
 
@@ -105,7 +105,16 @@ https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/devices/settings \
 	}
 	```
 
-3. [Global settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-settings) are not currently supported by the Terraform v5 provider (as of version 5.3.0). To turn on **Admin override code** and **Install CA to system certificate store**, use the dashboard or API.
+3. Configure [global settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-settings) using the [`cloudflare_zero_trust_device_settings`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_device_settings) resource:
+
+	```tf
+	resource "cloudflare_zero_trust_device_settings" "global_warp_settings" {
+		account_id            = var.cloudflare_account_id
+		disable_for_time      = 3600
+		root_certificate_installation_enabled = true
+		use_zt_virtual_ip     = false
+	}
+	```
 
 </TabItem>
 </Tabs>