[CF1] warp troubleshooting (#23956)

* [CF1] warp troubleshooting

* updates

* update

* updates

* updates

* updates

* updates

* update

* edits

* final edits to first draft

* first draft edits, links, stream

* sha256 check

* extra additions

* spelling edits

* final edits

* keehun edits

* remove details unnecessary space

* links

* Apply suggestions from code review

Co-authored-by: Pedro Sousa <[email protected]>

* error fix

* error fixes

---------

Co-authored-by: Pedro Sousa <[email protected]>

Author: deadlypants1973

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx

@@ -101,21 +101,7 @@ Send a `POST` request to the [Devices API](/api/resources/zero_trust/subresource
 
 ## Edit profile settings
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. In the **Profile settings** card, find the profile you want to update and select **Configure**.
-3. Modify [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-settings) for this profile.
-   :::note
-
-   Changing any of the settings below will cause the WARP connection to restart. The user may experience a brief period of connectivity loss while the new settings are being applied.
-   - [Service mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#service-mode)
-   - [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#local-domain-fallback)
-   - [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#split-tunnels)
-
-   :::
-
-4. Select **Save profile**.
-
-<Render file="warp/client-notification-lag" product="cloudflare-one" />
+<Render file="warp/edit-profile-settings" product="cloudflare-one" />
 
 ## Verify device profile
 
@@ -233,6 +219,4 @@ To evaluate multiple conditions in an expression, select a logical operator:
 
 ## Order of precedence
 
-Profiles are evaluated from top to bottom as shown in the UI and follows the first match principle — once a device matches a profile, evaluation stops and no subsequent profiles can override the decision.
-
-The **Default** profile is always at the bottom of the list, meaning that it will only apply if the device does not match any of the previous profiles. If you make another custom profile the default, all settings will be copied over into the **Default** profile.
+<Render file="warp/device-profile-order-of-precedence" product="cloudflare-one"/>

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 3
 ---
 
-import { Details, TabItem, Tabs } from "~/components";
+import { Details, Render, TabItem, Tabs } from "~/components";
 
 <Details header="Feature availability">
 
@@ -202,17 +202,7 @@ SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8
 
 </TabItem> <TabItem label="Remote server">
 
-To obtain the SHA-256 fingerprint of a remote server:
-
-```sh
-openssl s_client -connect <private-server-IP>:443 < /dev/null 2> /dev/null | openssl x509 -noout -fingerprint -sha256 | tr -d :
-```
-
-The output will look something like:
-
-```txt
-SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8662
-```
+<Render file="warp/managed-networks-sha-256" product="cloudflare-one"/>
 
 </TabItem> </Tabs>
 
@@ -312,3 +302,4 @@ To check if the WARP client detects the network location:
 
 - [Device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) - How to create and manage the device profiles you apply via managed networks.
 - [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) - Defines how WARP behaves and what users can do.
+- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/) - Troubleshoot common WARP issues.

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx

@@ -7,13 +7,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-Split Tunnels can be configured to exclude or include IP addresses or domains from going through WARP. This feature is commonly used to run WARP alongside a VPN (in Exclude mode) or to provide access to a specific private network (in Include mode).
-
-:::caution
-Split Tunnels only impacts the flow of IP traffic. DNS requests are still resolved by Gateway and subject to DNS policies unless you add the domains to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) configuration.
-:::
-
-Because Split Tunnels controls what Gateway has visibility on at the network level, we recommend testing all changes before rolling out updates to end users.
+<Render file="warp/split-tunnel-intro" product="cloudflare-one"/>
 
 ## Change Split Tunnels mode
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx

@@ -17,25 +17,25 @@ This mode is best suited for organizations that want to use advanced firewall/pr
 
 ## Gateway with DoH
 
-This mode is best suited for organizations that only want to apply DNS filtering to outbound traffic from their company devices. Network and HTTP traffic is handled by the default mechanisms on your devices.
+Gateway with DNS-over-HTTPS (DoH) is best suited for organizations that only want to apply DNS filtering to outbound traffic from their company devices. Network and HTTP traffic is handled by the default mechanisms on your devices.
 
 | DNS filtering | Network filtering | HTTP filtering | Features enabled |
 | ------------- | ----------------- | -------------- | ---------------- |
 | Yes           | No                | No             | DNS policies     |
 
 ## Secure Web Gateway without DNS filtering
 
-This mode (sometimes referred to as tunnel-only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
+Secure Web Gateway without DNS filtering mode (sometimes referred to as tunnel-only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
 
 | DNS filtering | Network filtering | HTTP filtering | Features enabled                                                                                                                          |
 | ------------- | ----------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
 | No            | Yes               | Yes            | Network policies, HTTP policies, Browser Isolation, identity-based policies, device posture checks, AV scanning, and Data Loss Prevention |
 
 :::note
 
-- This mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/).
+- Secure Web Gateway without DNS filtering mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/).
 - Only available on Windows, Linux, and macOS.
-- This mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode).
+- Secure Web Gateway without DNS filtering mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode).
 
 :::
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx

@@ -53,6 +53,10 @@ If the user has an active browser session with the IdP, WARP will use the existi
 
 - [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/#force-user-interaction-during-warp-reauthentication)
 
+## Manually reauthenticate
+
+<Render file="warp/manually-reauth" product="cloudflare-one" />
+
 ## Limitations
 
 - **Only one user per device** — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. To switch the device registration to a different user, User A must first log out from Zero Trust (if [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) is enabled), or an admin can revoke the registration from **My Team** > **Devices**. User B can then properly [enroll](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).

src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx

@@ -8,7 +8,7 @@ head:
     content: About Cloudflare WARP
 ---
 
-import { Stream } from "~/components"
+import { Render, Stream } from "~/components"
 
 ## About Cloudflare WARP
 
@@ -40,6 +40,10 @@ For more information on how the WARP client routes traffic, refer to the [WARP a
 	}}
 />
 
+## WARP installation details
+
+<Render file="warp/warp-installation-details" product="cloudflare-one"/>
+
 ## Key benefits of using WARP
 
 Deploying the WARP client significantly enhances your organization's security and visibility within Cloudflare Zero Trust: