cloudflare · deadlypants1973 · Jul 4, 2025 · Jul 3, 2025 · Jul 3, 2025 · Jul 3, 2025
@@ -6,7 +6,7 @@ sidebar:
   label: Self-hosted public application
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 You can securely publish internal tools and applications by adding Cloudflare Access as an authentication layer between the end user and your origin server.
 
@@ -37,4 +37,7 @@ Users can now connect to your self-hosted application after authenticating with
 
 ## Product compatibility
 
- <Render file="access/self-hosted-app/product-compatibility" product="cloudflare-one" />
+<Render
+	file="access/self-hosted-app/product-compatibility"
+	product="cloudflare-one"
+/>
@@ -48,3 +48,8 @@ Local Domain Fallback configuration only impacts where DNS requests get resolved
 4. Find the domain in the list and select **Delete**.
 
 The domain will no longer be excluded from Gateway DNS policies, effective immediately.
+
+## Related resources
+
+- [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) - Control which traffic goes through WARP by including or excluding specific IPs or domains.
+- [WARP with firewall](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/) - Learn which IPs, domains, and ports to allow so users can deploy and connect WARP successfully behind a firewall.
@@ -100,3 +100,8 @@ Removing default Split Tunnel entries may cause users to lose Internet connectiv
 <Render file="warp/client-notification-lag" product="cloudflare-one" />
 
 If you need to revert to the default Split Tunnel entries recommended by Cloudflare, select **Restore default entries**.
+
+## Related resources
+
+- [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) - Resolve selected domains via local DNS instead of Cloudflare Gateway.
+- [WARP with firewall](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/) - Learn which IPs, domains, and ports to allow so users can deploy and connect WARP successfully behind a firewall.
@@ -61,3 +61,7 @@ This mode is best suited for organizations that only want to enforce [WARP clien
 | DNS filtering | Network filtering | HTTP filtering | Features enabled                                                            |
 | ------------- | ----------------- | -------------- | --------------------------------------------------------------------------- |
 | No            | No                | No             | Device posture rules in [Access policies](/cloudflare-one/policies/access/) |
+
+## Related resources
+
+- [Connectivity status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) - Learn about the status messages displayed by the WARP client during its connection process, and understand each stage as WARP establishes a secure tunnel to Cloudflare.
@@ -58,3 +58,7 @@ If the user has an active browser session with the IdP, WARP will use the existi
 - **Only one user per device** — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. To switch the device registration to a different user, User A must first log out from Zero Trust (if [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) is enabled), or an admin can revoke the registration from **My Team** > **Devices**. User B can then properly [enroll](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).
 - **Active connections are not terminated** — Active sessions such as SSH and RDP will remain connected beyond the timeout limit.
 - **Binding Cookie is not supported** - WARP authentication will not work for Access applications that have the [Binding Cookie](/cloudflare-one/identity/authorization-cookie/#binding-cookie) enabled.
+
+## Related resources
+
+- [Connectivity status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) - Learn about the status messages displayed by the WARP client during its connection process, and understand each stage as WARP establishes a secure tunnel to Cloudflare.
@@ -5,7 +5,7 @@ sidebar:
   order: 3
 ---
 
-import { Details, Badge } from "~/components";
+import { Details, Badge, Render } from "~/components";
 
 Captive portals are used by public Wi-Fi networks (such as airports, coffee shops, and hotels) to make a user agree to their Terms of Service or provide payment before allowing access to the Internet. When a user connects to the Wi-Fi, the captive portal blocks all HTTPS traffic until the user completes a captive portal login flow in their browser. This prevents the WARP client from connecting to Cloudflare. At the same time, WARP creates [firewall rules](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic) on the device to send all traffic to Cloudflare. The user is therefore unable to access the captive portal login screen unless they temporarily disable WARP.
 
@@ -38,7 +38,7 @@ If WARP cannot establish a connection to Cloudflare, it will:
 ## Limitations
 
 - Due to [how captive portal detection works](#how-captive-portal-detection-works), it may be possible for an employee to spoof a captive portal in order to turn off WARP.
-- Some captive portals, particularly those on airlines, may be slow to respond and exceed the captive portal detection timeout. Users will likely see a [CF_CAPTIVE_PORTAL_TIMED_OUT](/cloudflare-one/connections/connect-devices/warp/troubleshooting/client-errors/#cf_captive_portal_timed_out) error when they try to connect.
+- Some captive portals, particularly those on airlines, may be slow to respond and exceed the captive portal detection timeout. Users will likely see a [CF_CAPTIVE_PORTAL_TIMED_OUT](/cloudflare-one/connections/connect-devices/warp/troubleshooting/client-errors/#cf_captive_portal_timed_out) error when they try to connect. For context on the steps leading up to these errors, refer to [Connectivity status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/).
 - WARP may not be able to detect multi-stage captive portals, which redirect the user to different networks during the login process. Users will need to manually turn off WARP to get through the captive portal.
 - Some public Wi-Fi networks are incompatible with running WARP:
 
@@ -51,12 +51,12 @@ If WARP cannot establish a connection to Cloudflare, it will:
 
 | [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
 | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
-|  All modes   | All plans                                                     |
+| All modes                                                                                 | All plans                                                     |
 
 | System   | Availability | Minimum WARP version |
 | -------- | ------------ | -------------------- |
-| Windows  | ✅           | 2025.4.589.1        |
-| macOS    | ✅           | 2025.4.589.1        |
+| Windows  | ✅           | 2025.4.589.1         |
+| macOS    | ✅           | 2025.4.589.1         |
 | Linux    | ❌           |                      |
 | iOS      | ❌           |                      |
 | Android  | ❌           |                      |
@@ -73,4 +73,8 @@ To get captive portal logs:
 3. Select **Collect Captive Portal Diag**.
 4. The WARP client will ask if the device is connected (or attempting to connect) to the Wi-Fi network that is causing issues. Select **Yes** to confirm.
 
-Once the diagnostic finishes running, WARP will place a `warp-captive-portal-diag-<date>-<time>.zip` file on the user's desktop. The end user can now share this file with their IT administrator.
+Once the diagnostic finishes running, WARP will place a `warp-captive-portal-diag-<date>-<time>.zip` file on the user's desktop. The end user can now share this file with their IT administrator.
+
+## Related resources
+
+- [Connectivity status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) - Learn about the status messages displayed by the WARP client during its connection process, and understand each stage as WARP establishes a secure tunnel to Cloudflare.
@@ -153,3 +153,8 @@ To use the network connectivity tests built into the WARP GUI, you will need to
 
 - Windows: `C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe`
 - macOS: `/Applications/Cloudflare WARP.app`
+
+## Related resources
+
+- [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) - Resolve selected domains via local DNS instead of Cloudflare Gateway.
+- [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) - Control which traffic goes through WARP by including or excluding specific IPs or domains.
@@ -12,6 +12,7 @@ If you plan to direct your users to manually download and configure the WARP cli
 ## Prerequisites
 
 - [Set device enrollment permissions](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/) to specify which users can connect.
+- <Render file="warp/connectivity-status-check" />
 
 ## Windows, macOS, and Linux
 
@@ -89,9 +90,9 @@ The device is now protected by your organization's Zero Trust policies.
 | Windows  | ❌           |                      |
 | macOS    | ❌           |                      |
 | Linux    | ❌           |                      |
-| iOS      | ✅           | 1.10                  |
-| Android  | ✅           | 2.4                   |
-| ChromeOS | ✅           | 2.4                   |
+| iOS      | ✅           | 1.10                 |
+| Android  | ✅           | 2.4                  |
+| ChromeOS | ✅           | 2.4                  |
 
 </Details>
 
@@ -104,45 +105,45 @@ The WARP client supports URLs accessed through a direct link or with a URL handl
 To generate a URL for device enrollment:
 
 1. Copy the following link, replacing `<your-team-name>` with your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>:
-		```txt
-		cf1app://oneapp.cloudflare.com/team?name=<your-team-name>
-		```
+   `txt
+cf1app://oneapp.cloudflare.com/team?name=<your-team-name>
+`
 2. (Optional) Use any QR code generator to embed the link in a QR code.
 3. Distribute the link or QR code to users.
 
 #### Use the login URL
 
 To enroll a device using a login URL:
 
-1. [Download](/cloudflare-one/connections/connect-devices/warp/download-warp/) and install the Cloudflare One Agent app.
-2. Go to the [login URL](#generate-a-login-url) provided by your account administrator. To use a QR code, open the QR scanner app on your device and scan the QR code.
+1.  [Download](/cloudflare-one/connections/connect-devices/warp/download-warp/) and install the Cloudflare One Agent app.
+2.  Go to the [login URL](#generate-a-login-url) provided by your account administrator. To use a QR code, open the QR scanner app on your device and scan the QR code.
 
-		The Cloudflare One Agent app will open and start the onboarding flow.
+        The Cloudflare One Agent app will open and start the onboarding flow.
 
-		:::note
-		If the device is already enrolled in the account associated with this URL, Cloudflare One agent will bypass onboarding and show the **Connected** switch.
-		:::
+        :::note
+        If the device is already enrolled in the account associated with this URL, Cloudflare One agent will bypass onboarding and show the **Connected** switch.
+        :::
 
-3. To complete the onboarding flow:
+3.  To complete the onboarding flow:
 
-		a. Review the privacy policy and select **Accept**.
+        a. Review the privacy policy and select **Accept**.
 
     b. On the **Enter team name** screen, confirm that the pre-populated <GlossaryTooltip term="team name">team name</GlossaryTooltip> matches your organization.
 
-		:::note[`Already Authenticated` error]
-		If Cloudflare One Agent is logged in using another team name, you must first log out of that account. Go to **Settings** > **Account** to log out, and then retry the QR code or login link.
-		:::
+        :::note[`Already Authenticated` error]
+        If Cloudflare One Agent is logged in using another team name, you must first log out of that account. Go to **Settings** > **Account** to log out, and then retry the QR code or login link.
+        :::
 
     c. Complete the authentication steps required by your organization.
 
- 		d. After authenticating, select **Install VPN Profile**.
+        d. After authenticating, select **Install VPN Profile**.
 
-		e. In the **Connection request** popup window, select **OK**.
+        e. In the **Connection request** popup window, select **OK**.
 
-4. If you did not enable [auto-connect](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#auto-connect), manually turn on the switch to **Connected**.
+4.  If you did not enable [auto-connect](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#auto-connect), manually turn on the switch to **Connected**.
 
 The device is now protected by your organization's Zero Trust policies.
 
 ## Virtual machines
 
-By default, virtual machines (VMs) are subject to the WARP client settings of the host. If you want to deploy a separate instance of WARP in a VM, you must configure the VM to operate in bridged networking mode.
+By default, virtual machines (VMs) are subject to the WARP client settings of the host. If you want to deploy a separate instance of WARP in a VM, you must configure the VM to operate in bridged networking mode.
@@ -19,7 +19,8 @@ This page provides generic instructions for an automated deployment. If you want
 
 ## Prerequisites
 
-Visit the [Download page](/cloudflare-one/connections/connect-devices/warp/download-warp/#windows) to review system requirements and download the installer for your operating system.
+- Refer to the [Download page](/cloudflare-one/connections/connect-devices/warp/download-warp/#windows) to review system requirements and download the installer for your operating system.
+- <Render file="warp/connectivity-status-check" />
 
 ## Windows
 

@@ -5,6 +5,8 @@ sidebar:
   order: 1
 ---
 
+import { Render } from "~/components";
+
 This guide covers how to deploy the Cloudflare WARP client using [Fleet](https://fleetdm.com/) device management software.
 
 ## macOS
@@ -21,8 +23,8 @@ This guide covers how to deploy the Cloudflare WARP client using [Fleet](https:/
 3. Select **OS settings** > **Custom settings**.
 4. Select **Add profile** and upload the custom `.mobileconfig`.
 5. Select the hosts which require Cloudflare WARP:
-		- **All hosts**: Deploys WARP to all hosts in the team.
-		- **Custom**: Deploys WARP to a subset of the hosts in the team. Use [labels](https://fleetdm.com/guides/managing-labels-in-fleet#basic-article) to define the hosts that should be included or excluded.
+   - **All hosts**: Deploys WARP to all hosts in the team.
+   - **Custom**: Deploys WARP to a subset of the hosts in the team. Use [labels](https://fleetdm.com/guides/managing-labels-in-fleet#basic-article) to define the hosts that should be included or excluded.
 6. Select **Add profile**.
 
 The defined hosts will immediately receive the deployment profile, but WARP is not yet installed.
@@ -48,7 +50,7 @@ To deploy the uploaded `.pkg` file to your hosts:
 3. Go to **Software** and search for `Cloudflare`.
 4. Select **Actions** > **Install**.
 
-Installation will happen automatically when the host comes online. To deploy with REST API or GitOps, refer to the [Fleet documentation](https://fleetdm.com/guides/deploy-software-packages).
+Installation will happen automatically when the host comes online. To deploy with REST API or GitOps, refer to the [Fleet documentation](https://fleetdm.com/guides/deploy-software-packages). <Render file="warp/connectivity-status-check" />
 
 ### 6. Uninstall WARP with Fleet
 
@@ -106,7 +108,7 @@ To deploy the uploaded `.pkg` file to your hosts:
 3. Go to **Software** and search for `Cloudflare`.
 4. Select **Actions** > **Install**.
 
-Installation will happen automatically when the host comes online. To deploy with REST API or GitOps, refer to the [Fleet documentation](https://fleetdm.com/guides/deploy-software-packages).
+Installation will happen automatically when the host comes online. To deploy with REST API or GitOps, refer to the [Fleet documentation](https://fleetdm.com/guides/deploy-software-packages). <Render file="warp/connectivity-status-check" />
 
 ### 4. Uninstall WARP with Fleet
 

@@ -6,6 +6,8 @@ sidebar:
 description: Deploy Cloudflare WARP with Hexnode MDM - Step-by-step guide for Windows, macOS, iOS, and Android.
 ---
 
+import { Render } from "~/components";
+
 ## Windows
 
 1. Create a script file with `.bat`, `.cmd`, and `.ps1` file formats to download, install and configure the Cloudflare WARP client Windows application on the device. Listed below is a sample script with all of the configurable parameters:
@@ -42,17 +44,19 @@ description: Deploy Cloudflare WARP with Hexnode MDM - Step-by-step guide for Wi
 
 5. Select **Actions** > **Execute Custom Script**.
 
-6. Choose the script file source as *Upload file*, then upload the script file.
+6. Choose the script file source as _Upload file_, then upload the script file.
 
 7. Select **Execute**.
 
+<Render file="warp/connectivity-status-check" />
+
 ## macOS
 
 1. [Download](/cloudflare-one/connections/connect-devices/warp/download-warp/#macos) the Cloudflare WARP client for macOS.
 
 2. On your Hexnode console, go to **Apps** > **Add Apps** > **Enterprise App**.
 
-3. Select *macOS* as the app platform.
+3. Select _macOS_ as the app platform.
 
 4. Add an app name, category and description.
 
@@ -90,17 +94,19 @@ description: Deploy Cloudflare WARP with Hexnode MDM - Step-by-step guide for Wi
 
 11. Go to **App Configurations** > **Add new configuration**.
 
-12. Select the *WARP client* app and upload the XML file from Step 6.
+12. Select the _WARP client_ app and upload the XML file from Step 6.
 
 13. Now go to **Policy Targets** and associate the policy with the target entities.
 
 This will push the app along with the configurations to the selected devices.
 
+<Render file="warp/connectivity-status-check" />
+
 ## iOS
 
 1. On your Hexnode console, go to **Apps** > **Add Apps** > **Store App**.
 
-2. Select *iOS* as the app platform.
+2. Select _iOS_ as the app platform.
 
 3. Search for [**Cloudflare One Agent**](https://apps.apple.com/us/app/cloudflare-one-agent/id6443476492) and **Add** the app.
 
@@ -122,6 +128,7 @@ This will push the app along with the configurations to the selected devices.
    ```
 
 5. Upload the app configurations in Hexnode:
+
    1. On your Hexnode console, go to the **Apps** tab.
    2. Find the Cloudflare One Agent app and select its name.
    3. Select the settings icon and choose **App Configuration**.
@@ -137,6 +144,8 @@ This will push the app along with the configurations to the selected devices.
 
 This will push the app along with the configurations to the selected devices.
 
+<Render file="warp/connectivity-status-check" />
+
 ## Android
 
 1. On your Hexnode console, go to **Apps** > **Add Apps** > **Managed Google Apps**.
@@ -149,3 +158,5 @@ This will push the app along with the configurations to the selected devices.
 8. Save the policy.
 
 This will push the app along with the configurations to the selected devices.
+
+<Render file="warp/connectivity-status-check" />