From e34640a2b9cfda0b2590ff76e09a88f08f829857 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 15 Nov 2024 16:34:54 -0600 Subject: [PATCH 1/8] Move certs page --- .../user-side-certificates/automated-deployment.mdx | 4 ++-- .../user-side-certificates/custom-certificate.mdx | 0 .../{warp => }/user-side-certificates/index.mdx | 2 +- .../user-side-certificates/manual-deployment.mdx | 0 .../connections/connect-devices/warp/index.mdx | 9 ++++----- 5 files changed, 7 insertions(+), 8 deletions(-) rename src/content/docs/cloudflare-one/connections/connect-devices/{warp => }/user-side-certificates/automated-deployment.mdx (91%) rename src/content/docs/cloudflare-one/connections/connect-devices/{warp => }/user-side-certificates/custom-certificate.mdx (100%) rename src/content/docs/cloudflare-one/connections/connect-devices/{warp => }/user-side-certificates/index.mdx (99%) rename src/content/docs/cloudflare-one/connections/connect-devices/{warp => }/user-side-certificates/manual-deployment.mdx (100%) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx similarity index 91% rename from src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment.mdx rename to src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx index 3cf32c9e48f050e..4f65744a7679d0b 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx @@ -29,9 +29,9 @@ import { Details } from "~/components"; * Only supported on Debian-based systems. -The WARP client can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/). +The [WARP client](/cloudflare-one/connections/connect-devices/warp/) can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/). -The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), display custom block pages, and more. +The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), display custom [block pages](/cloudflare-one/policies/gateway/block-page/), and more. ## Install a certificate using WARP diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx similarity index 100% rename from src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate.mdx rename to src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx similarity index 99% rename from src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx rename to src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx index afe9260149ae838..e9e7c9b6b5bc93e 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: get-started title: User-side certificates sidebar: - order: 4 + order: 3 banner: content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-10-17, you must generate a new certificate and activate it for your Zero Trust organization to avoid inspection errors. --- diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx similarity index 100% rename from src/content/docs/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment.mdx rename to src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx index 87eacf7718798e1..3eaeb7e0494231c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx @@ -6,7 +6,6 @@ sidebar: head: - tag: title content: About Cloudflare WARP - --- The Cloudflare WARP client allows you to protect corporate devices by securely and privately sending traffic from those devices to Cloudflare's global network, where Cloudflare Gateway can apply advanced web filtering. The WARP client also makes it possible to apply advanced Zero Trust policies that check for a device's health before it connects to corporate applications. @@ -15,14 +14,14 @@ Downloading and deploying the WARP client to your devices enhances the protectio Here are a few ways in which the WARP client provides in-depth protection for your organization: -* **WARP lets you enforce security policies anywhere**.\ +- **WARP lets you enforce security policies anywhere**. With the WARP client deployed in the Gateway with WARP mode, Gateway policies are not location-dependent — they can be enforced anywhere. -* **WARP lets you enforce HTTP filtering and user-based policies**.\ +- **WARP lets you enforce HTTP filtering and user-based policies**. Download and install the WARP client to enable Gateway features such as [Anti-Virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [HTTP filtering](/cloudflare-one/policies/gateway/http-policies/), [Browser Isolation](/cloudflare-one/policies/gateway/http-policies/#isolate), and [identity-based policies](/cloudflare-one/policies/gateway/network-policies/). -* **WARP lets you have in-depth, application-specific insights**.\ +- **WARP lets you have in-depth, application-specific insights**. With WARP installed on your corporate devices, you can populate the [Zero Trust Shadow IT Discovery](/cloudflare-one/insights/analytics/access/) page with visibility down to the application and user level. This makes it easy to discover, analyze, and take action on any shadow IT your users may be using every day. -* **WARP allows you to build rich device posture rules.**\ +- **WARP allows you to build rich device posture rules.** The WARP client provides advanced Zero Trust protection by making it possible to check for [device posture](/cloudflare-one/identity/devices/). By setting up device posture checks, you can build Zero Trust policies that check for a device's location, disk encryption status, OS version, and more. From d2feb83352b432c39a93accddf526e39c7cf6bf6 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 15 Nov 2024 16:35:49 -0600 Subject: [PATCH 2/8] Change order --- .../connect-devices/agentless/index.mdx | 15 +++++++-------- .../user-side-certificates/index.mdx | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/index.mdx index 491a0e253627af4..71961676f536136 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/index.mdx @@ -2,15 +2,14 @@ pcx_content_type: concept title: Agentless options sidebar: - order: 2 - + order: 3 --- If you are unable to install the WARP client on your devices (for example, Windows Server does not support the WARP client), you can use agentless options to enable a subset of Zero Trust features. -* **[Gateway DNS policies](/cloudflare-one/connections/connect-devices/agentless/dns/)** -* **[Gateway HTTP policies](/cloudflare-one/connections/connect-devices/agentless/pac-files/)** without user identity and device posture -* **[Access policies](/cloudflare-one/policies/access/)** without device posture for [web applications](/cloudflare-one/applications/configure-apps/) and [browser-rendered](/cloudflare-one/applications/non-http/browser-rendering/) SSH and VNC connections -* **[Remote Browser Isolation](/cloudflare-one/policies/browser-isolation/)** via an [Access policy](/cloudflare-one/policies/access/isolate-application/), [prefixed URLs](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/), or a [non-identity on-ramp](/cloudflare-one/policies/browser-isolation/setup/non-identity/) -* **[Cloud Access Security Broker (CASB)](/cloudflare-one/applications/scan-apps/)** -* **[Data Loss Prevention (DLP)](/cloudflare-one/applications/scan-apps/casb-dlp/)** for SaaS applications integrated with Cloudflare CASB +- **[Gateway DNS policies](/cloudflare-one/connections/connect-devices/agentless/dns/)** +- **[Gateway HTTP policies](/cloudflare-one/connections/connect-devices/agentless/pac-files/)** without user identity and device posture +- **[Access policies](/cloudflare-one/policies/access/)** without device posture for [web applications](/cloudflare-one/applications/configure-apps/) and [browser-rendered](/cloudflare-one/applications/non-http/browser-rendering/) SSH and VNC connections +- **[Remote Browser Isolation](/cloudflare-one/policies/browser-isolation/)** via an [Access policy](/cloudflare-one/policies/access/isolate-application/), [prefixed URLs](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/), or a [non-identity on-ramp](/cloudflare-one/policies/browser-isolation/setup/non-identity/) +- **[Cloud Access Security Broker (CASB)](/cloudflare-one/applications/scan-apps/)** +- **[Data Loss Prevention (DLP)](/cloudflare-one/applications/scan-apps/casb-dlp/)** for SaaS applications integrated with Cloudflare CASB diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx index e9e7c9b6b5bc93e..fc8bf7c27de5069 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: get-started title: User-side certificates sidebar: - order: 3 + order: 2 banner: content: The default global Cloudflare root certificate will expire on 2025-02-02. If you installed the default Cloudflare certificate before 2024-10-17, you must generate a new certificate and activate it for your Zero Trust organization to avoid inspection errors. --- From 4fe1d95aa03e545c3bc95e24a228f4c4a9815e34 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 15 Nov 2024 16:37:36 -0600 Subject: [PATCH 3/8] Set up redirect --- public/_redirects | 1 + 1 file changed, 1 insertion(+) diff --git a/public/_redirects b/public/_redirects index 3d7a0660232195d..66ac8bbfa976058 100644 --- a/public/_redirects +++ b/public/_redirects @@ -1785,6 +1785,7 @@ /cloudflare-one/connections/connect-apps/use_cases/* /cloudflare-one/connections/connect-networks/use-cases/:splat 301 /cloudflare-one/connections/connect-apps/* /cloudflare-one/connections/connect-networks/:splat 301 /cloudflare-one/connections/connect-devices/warp/exclude-traffic/* /cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/:splat 301 +/cloudflare-one/connections/connect-devices/warp/user-side-certificates/* /cloudflare-one/connections/connect-devices/user-side-certificates/:splat 301 /cloudflare-one/examples/* /cloudflare-one/api-terraform/access-api-examples/:splat 301 /cloudflare-one/faq/teams-* /cloudflare-one/faq/:splat 301 /cloudflare-one/learning-paths/* /cloudflare-one/implementation-guides/:splat 301 From 1161cb4f9a530cd857d674d1c57712843d511dbb Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 15 Nov 2024 16:39:13 -0600 Subject: [PATCH 4/8] Fix broken links --- .../connect-devices/agentless/pac-files.mdx | 2 +- .../automated-deployment.mdx | 8 +- .../custom-certificate.mdx | 4 +- .../user-side-certificates/index.mdx | 4 +- .../manual-deployment.mdx | 4 +- .../configure-warp/warp-settings/index.mdx | 23 ++- .../connect-devices/warp/remove-warp.mdx | 2 +- .../connect-devices/warp/set-up-warp.mdx | 5 +- .../warp/troubleshooting/common-issues.mdx | 8 +- .../warp/troubleshooting/warp-logs.mdx | 142 +++++++++--------- .../cloudflare-one/faq/troubleshooting.mdx | 4 +- .../policies/browser-isolation/index.mdx | 2 +- .../browser-isolation/setup/non-identity.mdx | 2 +- .../gateway/application-app-types.mdx | 2 +- .../policies/gateway/block-page.mdx | 4 +- .../gateway/http-policies/common-policies.mdx | 2 +- .../policies/gateway/http-policies/http3.mdx | 2 +- .../policies/gateway/http-policies/index.mdx | 14 +- .../gateway/http-policies/tls-decryption.mdx | 6 +- .../policies/gateway/initial-setup/dns.mdx | 2 +- .../policies/gateway/initial-setup/http.mdx | 2 +- .../gateway/initial-setup/network.mdx | 2 +- .../gateway/network-policies/ssh-logging.mdx | 2 +- src/content/docs/cloudflare-one/setup.mdx | 7 +- .../data-localization/how-to/zero-trust.mdx | 2 +- .../enable-tls-decryption.mdx | 2 +- .../build-http-policies/tls-inspection.mdx | 4 +- .../manually/third-party/azure.mdx | 2 +- .../zero-trust/cloudflare-gateway.mdx | 2 +- .../architectures/sase.mdx | 4 +- 30 files changed, 139 insertions(+), 132 deletions(-) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx index 84d734868b796be..c2f4bccc1412f62 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx @@ -21,7 +21,7 @@ When end users visit a website, their browser will send the request to a Cloudfl ## Prerequisites -Install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on your device. +Install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on your device. ## 1. Generate a proxy endpoint diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx index 4f65744a7679d0b..d53d6848c1116a4 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment.mdx @@ -29,23 +29,23 @@ import { Details } from "~/components"; * Only supported on Debian-based systems. -The [WARP client](/cloudflare-one/connections/connect-devices/warp/) can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/). +The [WARP client](/cloudflare-one/connections/connect-devices/warp/) can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/). The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), display custom [block pages](/cloudflare-one/policies/gateway/block-page/), and more. ## Install a certificate using WARP -1. (Optional) [Upload](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) a custom root certificate to Cloudflare. +1. (Optional) [Upload](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/) a custom root certificate to Cloudflare. 2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. 3. Turn on [**Install CA to system certificate store**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store). 4. [Install](/cloudflare-one/connections/connect-devices/warp/download-warp/) the WARP client on the device. 5. [Enroll the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) in your Zero Trust organization. 6. (Optional) If the device is running macOS Ventura or newer, [manually trust the certificate](#manually-trust-the-certificate). -WARP will install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#certificate-status). This certificate can be either a [Cloudflare-generated certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#generate-a-cloudflare-root-certificate) or a [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/). If you turn on a new certificate for inspection, WARP will automatically install the new certificate and remove the old certificate from your users' devices. +WARP will install the [certificate set to **In-Use**](/cloudflare-one/connections/connect-devices/user-side-certificates/#certificate-status). This certificate can be either a [Cloudflare-generated certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/#generate-a-cloudflare-root-certificate) or a [custom certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/). If you turn on a new certificate for inspection, WARP will automatically install the new certificate and remove the old certificate from your users' devices. :::note[Important] -WARP only installs the system certificate -- it does not install the certificate to individual applications. You will need to [manually add the certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) to applications that rely on their own certificate store. +WARP only installs the system certificate -- it does not install the certificate to individual applications. You will need to [manually add the certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) to applications that rely on their own certificate store. ::: ## Access the installed certificate diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx index 5b8e271b3edea15..5d77a3fd817589f 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate.mdx @@ -16,7 +16,7 @@ import { Render, Tabs, TabItem } from "~/components"; Only available on Enterprise plans. ::: -Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/policies/gateway/block-page/). +Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/policies/gateway/block-page/). You can upload up to five custom root certificates. If your organization requires more than five certificates, contact your account team. @@ -161,7 +161,7 @@ When you upload a private key to Zero Trust, Cloudflare encrypts the key and sto ## Use a custom root certificate -To use a custom root certificate you generated and uploaded to Cloudflare, refer to [Activate a root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#activate-a-root-certificate). +To use a custom root certificate you generated and uploaded to Cloudflare, refer to [Activate a root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/#activate-a-root-certificate). ## Troubleshoot HTTP errors diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx index fc8bf7c27de5069..fdebfcd6575c12a 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx @@ -9,7 +9,7 @@ banner: Advanced security features such as [HTTPS traffic inspection](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/), [anti-virus scanning](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/), [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/), and [Browser Isolation](/cloudflare-one/policies/browser-isolation/) require users to install and trust a root certificate on their device. You can either install the certificate provided by Cloudflare (default option), or generate your own custom certificate and upload it to Cloudflare. -Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) for each Zero Trust account and deploys its across the Cloudflare global network. Alternatively, Enterprise users can upload and deploy their own [custom certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/). +Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) for each Zero Trust account and deploys its across the Cloudflare global network. Alternatively, Enterprise users can upload and deploy their own [custom certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/). ## Certificate status @@ -51,7 +51,7 @@ To activate your root certificate: 3. Select the certificate you want to activate. 4. Select **Activate**. -The status of the certificate will change to **Pending** while it deploys. Once the status of your certificate is **Active**, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment/) or [manually](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/). +The status of the certificate will change to **Pending** while it deploys. Once the status of your certificate is **Active**, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/) or [manually](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/). Once you deploy and install your certificate, you can turn it on for use in inspection: diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx index 5e752f46b740655..6da5a2e1d8959e9 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment.mdx @@ -18,7 +18,7 @@ This procedure is only required to enable specific Cloudflare Zero Trust feature ::: -If your device does not support [certificate installation via WARP](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment/), you can manually install a Cloudflare certificate. You must add the certificate to both the [system keychain](#add-the-certificate-to-operating-systems) and to [individual application stores](#add-the-certificate-to-applications). These steps must be performed on each new device that is to be subject to HTTP filtering. +If your device does not support [certificate installation via WARP](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/), you can manually install a Cloudflare certificate. You must add the certificate to both the [system keychain](#add-the-certificate-to-operating-systems) and to [individual application stores](#add-the-certificate-to-applications). These steps must be performed on each new device that is to be subject to HTTP filtering. ## Download the Cloudflare root certificate @@ -26,7 +26,7 @@ If your device does not support [certificate installation via WARP](/cloudflare- You can only download certificates from the Zero Trust dashboard. ::: -First, [generate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/#generate-a-cloudflare-root-certificate) and download a Cloudflare certificate. The certificate is available in both `.pem` and `.crt` file format. Certain applications require the certificate to be in a specific file type, so ensure you download the most appropriate file for your use case. +First, [generate](/cloudflare-one/connections/connect-devices/user-side-certificates/#generate-a-cloudflare-root-certificate) and download a Cloudflare certificate. The certificate is available in both `.pem` and `.crt` file format. Certain applications require the certificate to be in a specific file type, so ensure you download the most appropriate file for your use case. 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. 2. In **Certificates**, select **Manage**. diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx index 3db332c87228e53..5fb5df4e33ceda0 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx @@ -5,7 +5,14 @@ sidebar: order: 2 --- -import { Details, GlossaryTooltip, InlineBadge, Render, Tabs, TabItem} from "~/components"; +import { + Details, + GlossaryTooltip, + InlineBadge, + Render, + Tabs, + TabItem, +} from "~/components"; WARP settings define the WARP client modes and permissions available to end users. @@ -61,7 +68,7 @@ The client will automatically reconnect after the [Auto connect period](#auto-co -When `Enabled`, the WARP client will [automatically install](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment/) your organization's root certificate on the device. +When `Enabled`, the WARP client will [automatically install](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/) your organization's root certificate on the device. ### Override local interface IP @@ -241,7 +248,8 @@ Creates [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configur | Android | ✅ | 1.4 | | ChromeOS | ✅ | 1.4 | -[^1]: Current versions of iOS do not allow LAN traffic to route through the WARP tunnel. Therefore, this feature is not needed on iOS. +[^1]: Current versions of iOS do not allow LAN traffic to route through the WARP tunnel. Therefore, this feature is not needed on iOS. + This setting is intended as a workaround for users whose home network uses the same set of IP addresses as your corporate private network. To use this setting, **Split Tunnels** must be set to **Exclude IPs and domains**. @@ -266,10 +274,11 @@ To turn on local network access in the WARP client: 1. Select the Cloudflare logo in the menu bar. 2. Select the gear icon. 3. Select **Access Local Network**. - -1. Open a terminal window. -2. Run `warp-cli override local-network start`. + + +4. Open a terminal window. +5. Run `warp-cli override local-network start`. @@ -278,7 +287,7 @@ To turn on local network access in the WARP client: 1. Open the Cloudflare One Agent app. 2. Go to **Settings** > **Advanced** > **Connection Options**. 3. Select **Access Local Network**. - + diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/remove-warp.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/remove-warp.mdx index dd59a1c34c06626..33819facdfba0d5 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/remove-warp.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/remove-warp.mdx @@ -55,5 +55,5 @@ sudo apt remove cloudflare-warp :::note -If you [manually deployed a Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/), remember to manually delete the certificate from the device. +If you [manually deployed a Cloudflare certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/), remember to manually delete the certificate from the device. ::: diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/set-up-warp.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/set-up-warp.mdx index aead7ad7f3d1e83..51e08086ae8cd1b 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/set-up-warp.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/set-up-warp.mdx @@ -6,10 +6,9 @@ sidebar: head: - tag: title content: Set up WARP for your organization - --- -import { GlossaryTooltip } from "~/components" +import { GlossaryTooltip } from "~/components"; This is a high-level, step-by-step walkthrough on how to get started with WARP in your organization. From downloading the client to sending the first queries to Cloudflare's edge, here is a guide on how to do it for the first time. @@ -33,7 +32,7 @@ Create [device enrollment rules](/cloudflare-one/connections/connect-devices/war ### 4. Install the Cloudflare root certificate on your devices. -Advanced security features including HTTP traffic inspection require users to install and trust the [Cloudflare root certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) on their machine or device. If you are installing certificates manually on all your devices, these steps will need to be performed on each new device that is to be subject to HTTP filtering. +Advanced security features including HTTP traffic inspection require users to install and trust the [Cloudflare root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on their machine or device. If you are installing certificates manually on all your devices, these steps will need to be performed on each new device that is to be subject to HTTP filtering. ### 5. Download and deploy the WARP client to your devices. diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues.mdx index 0583042c10199c1..3084880a73ee358 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues.mdx @@ -120,17 +120,17 @@ A misconfigured Gateway firewall policy can result in traffic to some or all sit ### The device does not have a root certificate installed -Installing and trusting a [root CA](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/) is a necessary step to enable advanced security features such as Browser Isolation, [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), AV scanning, and device posture. +Installing and trusting a [root CA](/cloudflare-one/connections/connect-devices/user-side-certificates/) is a necessary step to enable advanced security features such as Browser Isolation, [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/), AV scanning, and device posture. If the root CA is not installed on the device, you will see untrusted certificate warnings on every website. Example warnings include `Certificate not trusted`, `Not trusted identity` or `SSL Error`. #### Solution -[Install a Cloudflare certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/) on all of your devices, or [upload your own certificate](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/custom-certificate/) to Cloudflare. +[Install a Cloudflare certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/) on all of your devices, or [upload your own certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/custom-certificate/) to Cloudflare. :::note -More and more applications (including browsers) are relying on their own certificate stores. In addition to ensuring a root certificate is trusted at the device level, you may also need to [add the certificate to individual applications](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications). For example, to use Firefox on Linux, you must install the certificate on both the system and on Firefox. +More and more applications (including browsers) are relying on their own certificate stores. In addition to ensuring a root certificate is trusted at the device level, you may also need to [add the certificate to individual applications](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications). For example, to use Firefox on Linux, you must install the certificate on both the system and on Firefox. ::: @@ -156,7 +156,7 @@ Some applications do not support SSL inspection or are otherwise [incompatible w Applications such as Firefox, Docker, Python, and npm rely on their own certificate store and the Cloudflare root certificate must be trusted in each. -Refer to [our instructions](/cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) for adding a root certificate to common applications. For applications not on our list, try searching the Internet for ` proxy support` or ` proxy certificate`. +Refer to [our instructions](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#add-the-certificate-to-applications) for adding a root certificate to common applications. For applications not on our list, try searching the Internet for ` proxy support` or ` proxy certificate`. #### Solution (last resort) diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx index 999793deb351543..4c882ae56ddf63d 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx @@ -55,77 +55,77 @@ You can also use Digital Experience Monitoring to run `warp-diag` commands on re The `warp-debugging-info--