[CF1] firewall IPs clarification #23643

deadlypants1973 · 2025-07-14T17:17:58Z

Summary

PCX-18179
related to #16062

Screenshots (optional)

Documentation checklist

The documentation style guide has been adhered to.
If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
Files which have changed name or location have been allocated redirects.

hyperlint-ai · 2025-07-14T17:18:18Z

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Clarified the IP addresses associated with various Cloudflare domains in the firewall documentation.

Added notes about hardcoded IP addresses for specific Cloudflare domains.
Updated firewall requirements for connectivity-related domains.
Clarified that certain domains may resolve to different IPs but are hardcoded to specific addresses.

Modified Files

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

github-actions · 2025-07-14T17:18:47Z

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
`/src/content/docs/cloudflare-one/connections/connect-devices/`	`@kkrum`, `@kokolocomotion1`, `@ranbel`, `@cloudflare/pcx-technical-writing`
`*`	`@cloudflare/pcx-technical-writing`

github-actions · 2025-07-14T17:26:41Z

Preview URL: https://ad1dd2a9.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-warp-ips.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/	https://kate-fixes-warp-ips.preview.developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

Co-authored-by: ranbel <[email protected]>

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

…rp/deployment/firewall.mdx

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

…rp/deployment/firewall.mdx

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

maxvp · 2025-07-15T19:11:20Z

src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx

 Because this check happens inside of the tunnel, you do not need to add these IPs to your firewall allowlist. However, since the requests go through Gateway, ensure that they are not blocked by a Gateway HTTP or Network policy.

-Thought it may be visible in `warp-diag` and other logs, `connectivity.cloudflareclient.com` is used internally by WARP and should not be used in firewall policies.
+If your firewall allows traffic only by domain, you may need to explicitly allow `connectivity.cloudflareclient.com`. Even though `connectivity.cloudflareclient.com` may resolve to different IP addresses, WARP overrides the resolved IPs with the IPs listed above. To avoid connectivity issues, ensure that the above IPs are permitted through your firewall.


Would it be better to create a flexible partial for these sections of text?

…rp/deployment/firewall.mdx Co-authored-by: Max Phillips <[email protected]>

* [CF1] firewall IPs clarification * Apply suggestions from code review Co-authored-by: ranbel <[email protected]> * Update src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx * Update src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx * Apply suggestions from code review * Update src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/firewall.mdx Co-authored-by: Max Phillips <[email protected]> * partial --------- Co-authored-by: ranbel <[email protected]> Co-authored-by: Max Phillips <[email protected]>

[CF1] firewall IPs clarification

7776fb4

deadlypants1973 requested review from a team and ranbel as code owners July 14, 2025 17:17

github-actions bot added the size/xs label Jul 14, 2025

github-actions bot assigned ranbel Jul 14, 2025

github-actions bot added the product:cloudflare-one label Jul 14, 2025

ranbel reviewed Jul 14, 2025

View reviewed changes