You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx
+38-10Lines changed: 38 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,14 +26,14 @@ WARP settings define the WARP client modes and permissions available to end user
26
26
<Renderfile="warp/all-systems-modes-plans" />
27
27
28
28
:::note
29
-
30
-
To use **Admin override**, you must first have enabled the [**Lock WARP switch**](#lock-warp-switch). **Admin override** is only needed and used when the WARP lock switch is turned on.
31
-
29
+
To use **Admin override**, you must first have enabled [**Lock WARP switch**](#lock-warp-switch).
32
30
:::
33
31
34
-
When the [**Lock WARP switch**](#lock-warp-switch) is enabled, users cannot toggle the WARP client on and off on their device. Enabling **Admin override** gives users the ability to temporarily turn off the WARP client using an override code provided by an admin. **Admin override** is only needed in a configuration where the **lock WARP switch** is enabled.
32
+
When [**Lock WARP switch**](#lock-warp-switch) is enabled, users cannot toggle the WARP client on and off on their device. Enabling **Admin override** gives users the ability to temporarily turn on or off the WARP client using an override code provided by an admin. **Admin override** is only needed in a configuration where **Lock WARP switch** is enabled.
35
33
36
-
**Admin override** allows end users to momentarily turn off WARP with an override code to work around a temporary network issue (for example, an incompatible public Wi-Fi, or a firewall at a customer site blocking the connection).
34
+
Example use cases for **Admin override** include:
35
+
- Allowing users to momentarily turn off WARP to work around a temporary network issue such as an incompatible public Wi-Fi, or a firewall at a customer site blocking the connection.
36
+
- Allowing test users to turn on WARP when [Global WARP override](#global-warp-override) is in effect.
37
37
38
38
As admin, you can set a **Timeout** to define how long a user can toggle the WARP switch on or off after entering the override code. Cloudflare generates a new override code every hour that an admin can send to end users. The override code's validity adheres to fixed-hour time blocks and aims to be generous to the end user.
39
39
@@ -53,20 +53,19 @@ To retrieve the one-time code for a user:
53
53
2. Go to **My Team** > **Devices**.
54
54
3. Select **View** for a connected device.
55
55
4. Scroll down to **User details** and copy the 7-digit **Override code**.
56
-
5. Share this code with the end user for them to enter on their device.
56
+
5. Share this code with the user for them to enter on their device.
57
57
58
58
The user will have an unlimited amount of time to activate their code.
59
59
60
60
#### Enter the override code
61
61
62
-
To turn off the WARP client on a user device:
62
+
To activate the override code on a user device:
63
63
64
64
1. In the WARP client, go to **Settings** > **Preferences** > **Advanced**.
65
65
2. Select **Enter code**.
66
-
3. Enter the override code. The WARP client will display a pop-up window showing when the override expires.
67
-
4. Turn off the WARP switch.
66
+
3. Enter the override code.
68
67
69
-
The client will automatically reconnect after the [Auto connect period](#auto-connect), but the user can continue to turn off WARP until the override expires.
68
+
The user can now toggle the WARP switch or use the `warp-cli connect` command. The client will automatically reconnect after the [Auto connect period](#auto-connect), but the user can continue to turn on or off WARP until the override expires.
70
69
71
70
### Install CA to system certificate store
72
71
@@ -111,6 +110,35 @@ This setting is primarily used as a prerequisite for [WARP Connector](/cloudflar
111
110
112
111
The CGNAT IP assigned to a WARP device is permanent until the device unregisters from your Zero Trust organization. Disconnects and reconnects do not change the IP address assignment.
Requires the [Super Administrator](/cloudflare-one/roles-permissions/) role.
134
+
:::
135
+
136
+
Global WARP override allows administrators to fail open WARP in case of an incident or outage. When you turn on **Global WARP override**, Cloudflare will disconnect all Windows, macOS, and Linux WARP clients that are connected to your Zero Trust organization. This includes end user devices, [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) hosts, and [WARP-to-WARP](/cloudflare-one/connections/connect-networks/private-net/warp-to-warp/) devices. End users will receive a notification on their device and the WARP client will display `The administrator for your account has disconnected WARP`.
137
+
138
+
[Auto connect](#auto-connect) and [Lock WARP switch](#lock-warp-switch) will not apply while the global override is on. Additionally, the global override will clear any existing [Admin override](#admin-override) codes. The only way for users to reconnect during a global override is by using a new [Admin override](#admin-override) code. For example, you may want to provide IT staff with a code so that they can test resolution of the incident that led to the global disconnect.
139
+
140
+
To resume normal operations, turn off **Global WARP override**. If you configured an [Auto connect](#auto-connect) value, the WARP client will automatically reconnect. Otherwise WARP will remain disconnected until the user manually reconnects.
0 commit comments