From d6817e35acda557c816889cd8feeae5b189c20db Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Fri, 25 Jul 2025 13:30:56 +0100
Subject: [PATCH 01/21] [CF1] warp troubleshooting

---
 .../troubleshooting/troubleshooting-guide.mdx | 108 ++++++++++++++++++
 .../insights/dex/remote-captures.mdx          |  24 +---
 .../partials/cloudflare-one/dex/pcaps-run.mdx |  17 +++
 .../cloudflare-one/warp/warp-comprises.mdx    |  10 ++
 .../cloudflare-one/warp/warp-modes.mdx        |  13 +++
 5 files changed, 154 insertions(+), 18 deletions(-)
 create mode 100644 src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
 create mode 100644 src/content/partials/cloudflare-one/dex/pcaps-run.mdx
 create mode 100644 src/content/partials/cloudflare-one/warp/warp-comprises.mdx
 create mode 100644 src/content/partials/cloudflare-one/warp/warp-modes.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
new file mode 100644
index 00000000000000..d62ccbdab20221
--- /dev/null
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -0,0 +1,108 @@
+---
+pcx_content_type: reference
+title: WARP troubleshooting guide
+sidebar:
+  order: 0
+---
+
+import { Render } from "~/components";
+
+This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers various aspects of WARP's functionality and provides steps for effective troubleshooting.
+
+## Prerequisites
+
+To use this guide, you must have:
+
+- Completed the [Zero Trust onboarding flow](/cloudflare-one/setup/).
+- Question for MM
+
+## WARP basics
+
+Review the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy.
+
+### WARP architecture
+
+<Render file="warp/warp-comprises" />
+
+### WARP installation details
+
+The GUI and daemon (or service) have different names and are stored in the following locations:
+
+<details>
+<summary>Windows</summary>
+
+|                      | Windows                                                                                                                                                                                                          |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Service / Daemon** | `C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe`                                                                                                                                                       |
+| **GUI application**  | `C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe`                                                                                                                                                |
+| **Logs Location**    | <details><summary>Daemon</summary><br/>`C:\ProgramData\Cloudflare\`</details><br/><details><summary>GUI Logs</summary><br/>`C:\Users\<USER>.WARP\AppData\Local`<br/>or<br/>`%LOCALAPPDATA%\Cloudflare`</details> |
+
+</details>
+
+<details>
+<summary>macOS</summary>
+
+|                      | macOS                                                                                                                                                                           |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Service / Daemon** | `/Applications/Cloudflare WARP.app/Contents/Resources/CloudflareWARP`                                                                                                           |
+| **GUI application**  | `/Applications/Cloudflare WARP.app/Contents/MacOS/Cloudflare WARP`                                                                                                              |
+| **Logs Location**    | <details><summary>Daemon</summary><br/>`/Library/Application Support/Cloudflare/`</details><br/><details><summary>GUI Logs</summary><br/>`~/Library/Logs/Cloudflare/`</details> |
+
+</details>
+
+<details>
+<summary>Linux</summary>
+
+|                      | Linux                                                      |
+| -------------------- | ---------------------------------------------------------- |
+| **Service / Daemon** | `/bin/warp-svc`                                            |
+| **GUI application**  | `/bin/warp-taskbar`                                        |
+| **Logs Location**    | `/var/log/cloudflare-warp/`<br/>`/var/lib/cloudflare-warp` |
+
+</details>
+
+Along with the WARP GUI and daemon, `warp-cli` and `warp-diag` are also [installed](/cloudflare-one/connections/connect-devices/warp/download-warp/) on the machine and added to the system path for use from any terminal session.
+
+[`warp-diag`](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) is a command-line diagnostics tool that collects logs, configuration details, and connectivity data from the WARP client to help troubleshoot issues.
+
+`warp-cli` is the command-line interface (CLI) for managing and configuring the Cloudflare WARP client, allowing users to connect, disconnect, and adjust settings programmatically.
+
+:::tip
+
+Run `warp-cli help` and `warp-diag help` in your terminal to review the available subcommands and options.
+
+:::
+
+### WARP modes
+
+WARP operates in several modes, each with different traffic handling capabilities:
+
+<Render file="warp/warp-modes" />
+
+:::tip
+
+Run `warp-cli settings` to review your device’s current WARP mode and other configured [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/).
+
+:::
+
+## General troubleshooting steps
+
+## 1. Collect diagnostic logs
+
+You can collect diagnostic logs in two ways: the Cloudflare dashboard or the CLI.
+
+### Collect logs via the Cloudflare dashboard
+
+For WARP client versions higher than `2024.12.492.0`, you can collect diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring's (DEX) remote captures.
+
+<Render file="dex/pcaps-run">
+
+:::tip
+
+If you do not require traffic packet capture for debugging, leave **Packet captures (PCAP)** unselected and select only **WARP diagnostics logs**.
+
+:::
+
+### Collects logs via the CLI
+
+## 2.
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
index 99d2bf73421803..7b39167e260481 100644
--- a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -28,19 +28,7 @@ Remote captures allow administrators to collect packet captures (PCAPs) and WARP
 
 ## Start a remote capture
 
-To capture data from a remote device:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
-2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
-3. Configure the types of captures to run.
-   - **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
-   - **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
-     :::note
-     **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
-     :::
-4. Select **Start a capture**.
-
-DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
+<Render file="dex/pcaps-run">
 
 ## Check remote capture status
 
@@ -77,11 +65,11 @@ Refer to [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp
 
 - Packet captures are subject to the following limits:
 
-    | Limit Type     | Maximum Value  |
-    |----------------|----------------|
-    | Time limit     | 600 seconds    |
-    | File size      | 50 MB          |
-    | Packet size    | 1500 bytes     |
+  | Limit Type  | Maximum Value |
+  | ----------- | ------------- |
+  | Time limit  | 600 seconds   |
+  | File size   | 50 MB         |
+  | Packet size | 1500 bytes    |
 
 - WARP diagnostic logs have no file size limit, but files larger than 100 MB cannot be uploaded to Cloudflare and must be shared directly with the admin.
 
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
new file mode 100644
index 00000000000000..c31b60a8eab34d
--- /dev/null
+++ b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
@@ -0,0 +1,17 @@
+---
+{}
+---
+
+To capture data from a remote device:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
+3. Configure the types of captures to run.
+   - **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
+   - **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
+     :::note
+     **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
+     :::
+4. Select **Start a capture**.
+
+DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
diff --git a/src/content/partials/cloudflare-one/warp/warp-comprises.mdx b/src/content/partials/cloudflare-one/warp/warp-comprises.mdx
new file mode 100644
index 00000000000000..925b0fe545fa17
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/warp-comprises.mdx
@@ -0,0 +1,10 @@
+---
+{}
+---
+
+The WARP client consists of:
+
+- **Graphical User Interface (GUI)**: Control panel that allows end users to view WARP's [status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) and perform actions such as turning WARP on or off.
+- **WARP daemon (or service)**: Core background component responsible for establishing secure tunnels (using WireGuard or MASQUE) and handling all WARP functionality on your device.
+
+Refer to [WARP architecture](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/) for more information on how WARP client interacts with a device's operating system to route traffic.
diff --git a/src/content/partials/cloudflare-one/warp/warp-modes.mdx b/src/content/partials/cloudflare-one/warp/warp-modes.mdx
new file mode 100644
index 00000000000000..daa616c0431ead
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/warp-modes.mdx
@@ -0,0 +1,13 @@
+---
+{}
+---
+
+Each WARP mode offers a different set of Zero Trust features.
+
+| WARP Mode                                                                                                                                                            | DNS Filtering | Network Filtering | HTTP Filtering | Service mode (displayed in `warp-cli settings`) |
+| -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ----------------- | -------------- | ----------------------------------------------- |
+| [**Gateway with WARP (default)**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default)                             | ✅            | ✅                | ✅             | `WarpWithDnsOverHttps`                          |
+| [**Gateway with DoH**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh)                                                 | ✅            | ❌                | ❌             | `DnsOverHttps`                                  |
+| [**Secure Web Gateway without DNS filtering**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#secure-web-gateway-without-dns-filtering) | ❌            | ✅                | ✅             | `TunnelOnly`                                    |
+| [**Proxy mode**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#proxy-mode)                                                             | ❌            | ❌                | ✅             | `WarpProxy on port 40000`                       |
+| [**Device Information Only**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#device-information-only)                                   | ❌            | ❌                | ❌             | `PostureOnly`                                   |

From e216b1ca5eff7fcfdce131baa8421df21ce64880 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Tue, 29 Jul 2025 18:38:48 +0100
Subject: [PATCH 02/21] updates

---
 .../troubleshooting/troubleshooting-guide.mdx | 58 ++++++++++++++-----
 .../warp/troubleshooting/warp-logs.mdx        | 38 +-----------
 .../insights/dex/remote-captures.mdx          | 11 +---
 .../cloudflare-one/dex/pcaps-check.mdx        | 10 ++++
 .../cloudflare-one/dex/pcaps-download.mdx     |  9 +++
 .../partials/cloudflare-one/dex/pcaps-run.mdx |  4 +-
 .../cloudflare-one/warp/warpdiag-run.mdx      | 39 +++++++++++++
 7 files changed, 111 insertions(+), 58 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/dex/pcaps-check.mdx
 create mode 100644 src/content/partials/cloudflare-one/dex/pcaps-download.mdx
 create mode 100644 src/content/partials/cloudflare-one/warp/warpdiag-run.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index d62ccbdab20221..a49736b61dad76 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -5,16 +5,24 @@ sidebar:
   order: 0
 ---
 
-import { Render } from "~/components";
+import { Render, Tabs, TabItem } from "~/components";
 
-This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers various aspects of WARP's functionality and provides steps for effective troubleshooting.
+This guide helps you diagnose and resolve common issues with the Cloudflare WARP client.
 
 ## Prerequisites
 
-To use this guide, you must have:
+To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on your device.
 
-- Completed the [Zero Trust onboarding flow](/cloudflare-one/setup/).
-- Question for MM
+## Troubleshooting steps
+
+This guide uses [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) to help you verify that your WARP configuration is working as intended.
+
+To troubleshoot if WARP misconfiguration is the source of your issue, you will:
+
+1. Run a remote capture to download WARP diagnostic logs from the Cloudflare dashboard.
+2. Review the best practice to
+3. Check the WARP diagnostic logs to ensure WARP is working according to the configuration you set in the Zero Trust dashboard.
+4. File a support ticket if your configuration looks correct but you are still having issues.
 
 ## WARP basics
 
@@ -85,24 +93,48 @@ Run `warp-cli settings` to review your device’s current WARP mode and other co
 
 :::
 
-## General troubleshooting steps
-
 ## 1. Collect diagnostic logs
 
-You can collect diagnostic logs in two ways: the Cloudflare dashboard or the CLI.
+You can collect diagnostic logs in two ways: the Cloudflare dashboard or the `warp-diag` command-line interface (CLI).
 
 ### Collect logs via the Cloudflare dashboard
 
 For WARP client versions higher than `2024.12.492.0`, you can collect diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring's (DEX) remote captures.
 
-<Render file="dex/pcaps-run">
+#### Start a remote capture
 
-:::tip
+<Render file="dex/pcaps-run" />
+
+:::tip[Best practice]
+
+To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges when capturing logs. Though recreating the issue may not be possible in all cases, the following troubleshooting regimen will ensure the most accurate capture of the state of WARP:
+
+1. In **Zero Trust** > **DEX** > **Remote captures**, select **WARP diagnostic logs** and **Packet captures (PCAP)**. You can leave **Test all routes** unselected.
+2. Select **Run diagnostics**.
+3. While the diagnostics are running on the target device, recreate the steps that cause the problem.
 
-If you do not require traffic packet capture for debugging, leave **Packet captures (PCAP)** unselected and select only **WARP diagnostics logs**.
+   If you set your **Time limit** on the **Remote captures** page to five minutes, recreate the steps that cause the problem on the target device in that five minute window before logs are generated. Keep timestamps of when you executed your steps to successfully review logs later.
 
+4. [Check the status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-remote-capture-status) of your remote capture to verify its readiness.
+5. [Download the remote captures](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-remote-capture-status) when they have finished running.
+
+By following these steps, you will ensure that your WARP diagnostic logs have captured WARP activity relevant to your issue.
 :::
 
-### Collects logs via the CLI
+#### Check remote capture status
+
+<Render file="dex/pcaps-check" />
+
+#### Download remote captures
+
+<Render file="dex/pcaps-download" />
+
+### Collect logs via the CLI
+
+To collect WARP diagnostic logs via the `warp-diag` CLI, run:
+
+<Render file="warp/warpdiag-run" />
+
+:::tip[Best practice]
 
-## 2.
+To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps.
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
index b25e512878a948..8a54df339c7e64 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
@@ -6,7 +6,7 @@ sidebar:
   label: Diagnostic logs
 ---
 
-import { TabItem, Tabs } from "~/components";
+import { Render, TabItem, Tabs } from "~/components";
 
 The WARP client provides diagnostic logs that you can use to troubleshoot connectivity issues on a device.
 
@@ -14,39 +14,7 @@ The WARP client provides diagnostic logs that you can use to troubleshoot connec
 
 ### Retrieve logs
 
-To view WARP logs on desktop devices:
-
-<Tabs> <TabItem label="macOS">
-
-1. Open a Terminal window.
-2. Run the `warp-diag` tool:
-   ```sh
-   warp-diag
-   ```
-
-This will place a `warp-debugging-info-<date>-<time>.zip` on your desktop.
-
-</TabItem> <TabItem label="Windows">
-
-1. Open a Command Prompt or PowerShell window.
-2. Run the `warp-diag` tool:
-   ```bash
-   C:\Users\JohnDoe>warp-diag
-   ```
-
-This will place a `warp-debugging-info-<date>-<time>.zip` on your desktop.
-
-</TabItem> <TabItem label="Linux">
-
-1. Open a Terminal window.
-2. Run the `warp-diag` tool:
-   ```sh
-   warp-diag
-   ```
-
-This will place a `warp-debugging-info-<date>-<time>.zip` in the same folder you ran the command from.
-
-</TabItem> </Tabs>
+<Render file="warp/warpdiag-run" />
 
 :::note
 You can also use Digital Experience Monitoring to run `warp-diag` commands on remote devices. For more information, refer to [Remote captures](/cloudflare-one/insights/dex/remote-captures/).
@@ -64,7 +32,7 @@ The `warp-debugging-info-<date>-<time>.zip` archive contains the following files
 | `boringtun.log`                                                                                     | Log for the WARP tunnel that serves traffic from the device to Cloudflare's global network.                                                                                                                                                                                                                                                 |
 | `bound-dns-ports.txt`                                                                               | Active processes on port `53`.                                                                                                                                                                                                                                                                                                              |
 | `captive-portal-hotspot-detect.txt`                                                                 | HTTP response of `captive.apple.com`                                                                                                                                                                                                                                                                                                        |
-| `connectivity.txt`                                                                                  | DNS resolution and HTTP trace requests to [validate a successful connection](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-checks). Can be used to determine whether traffic is routing through the WARP tunnel.                                                                                        |
+| `connectivity.txt`                                                                                  | DNS resolution and HTTP trace requests to [validate a successful connection](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-checks). Can be used to determine whether traffic is routing through the WARP tunnel.                                                                                       |
 | `daemon_dns.log`                                                                                    | Contains detailed DNS logs if **Log DNS queries** is enabled in the WARP client.                                                                                                                                                                                                                                                            |
 | `daemon.log`                                                                                        | Detailed log of all actions performed by the WARP client, including all communication between the device and Cloudflare's global network. **Note:** This is the most useful debug log.                                                                                                                                                      |
 | `date.txt`                                                                                          | Date and time (UTC) when you ran the `warp-diag` command.                                                                                                                                                                                                                                                                                   |
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
index 7b39167e260481..8dc8c087467476 100644
--- a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 5
 ---
 
-import { Details } from "~/components";
+import { Details, Render } from "~/components";
 
 <Details header="Feature availability">
 
@@ -28,16 +28,11 @@ Remote captures allow administrators to collect packet captures (PCAPs) and WARP
 
 ## Start a remote capture
 
-<Render file="dex/pcaps-run">
+<Render file="dex/pcaps-run" />
 
 ## Check remote capture status
 
-To view a list of captures, go to **DEX** > **Remote captures**. The **Status** column displays one of the following options:
-
-- **Success**: The capture is complete and ready for download. Any partially successful captures will still upload to Cloudflare. For example, there could be a scenario where the PCAP succeeds on the primary network interface but fails on the WARP tunnel interface. You can [review PCAP results](/cloudflare-one/insights/dex/remote-captures/#download-remote-captures) to determine which PCAPs succeeded or failed.
-- **Running**: The capture is in progress on the device.
-- **Pending Upload**: The capture is complete but not yet ready for download.
-- **Failed**: The capture has either timed out or encountered an error. To retry the capture, check the WARP client version and [connectivity status](/cloudflare-one/insights/dex/monitoring/#fleet-status), then start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
+<Render file="dex/pcaps-check" />
 
 ## Download remote captures
 
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-check.mdx b/src/content/partials/cloudflare-one/dex/pcaps-check.mdx
new file mode 100644
index 00000000000000..4496256b9e05d1
--- /dev/null
+++ b/src/content/partials/cloudflare-one/dex/pcaps-check.mdx
@@ -0,0 +1,10 @@
+---
+{}
+---
+
+To view a list of captures, go to **DEX** > **Remote captures**. The **Status** column displays one of the following options:
+
+- **Success**: The capture is complete and ready for download. Any partially successful captures will still upload to Cloudflare. For example, there could be a scenario where the PCAP succeeds on the primary network interface but fails on the WARP tunnel interface. You can [review PCAP results](/cloudflare-one/insights/dex/remote-captures/#download-remote-captures) to determine which PCAPs succeeded or failed.
+- **Running**: The capture is in progress on the device.
+- **Pending Upload**: The capture is complete but not yet ready for download.
+- **Failed**: The capture has either timed out or encountered an error. To retry the capture, check the WARP client version and [connectivity status](/cloudflare-one/insights/dex/monitoring/#fleet-status), then start a [new capture](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture).
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-download.mdx b/src/content/partials/cloudflare-one/dex/pcaps-download.mdx
new file mode 100644
index 00000000000000..1dc1b862e6683b
--- /dev/null
+++ b/src/content/partials/cloudflare-one/dex/pcaps-download.mdx
@@ -0,0 +1,9 @@
+---
+{}
+---
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Find a successful capture.
+3. Select the three-dot menu and select **Download**.
+
+This will download a ZIP file to your local machine called `<capture-id>.zip`. DEX will store capture data according to our [log retention policy](/cloudflare-one/insights/logs/#log-retention).
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
index c31b60a8eab34d..edbd996b3da813 100644
--- a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
+++ b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
@@ -7,11 +7,11 @@ To capture data from a remote device:
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
 2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
 3. Configure the types of captures to run.
-   - **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
+   - **Packet captures (PCAP)**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
    - **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
      :::note
      **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
      :::
-4. Select **Start a capture**.
+4. Select **Run diagnostics**.
 
 DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
diff --git a/src/content/partials/cloudflare-one/warp/warpdiag-run.mdx b/src/content/partials/cloudflare-one/warp/warpdiag-run.mdx
new file mode 100644
index 00000000000000..f60f227a8a9a50
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/warpdiag-run.mdx
@@ -0,0 +1,39 @@
+---
+{}
+---
+
+import { Tabs, TabItem } from "~/components";
+
+To view WARP logs on desktop devices:
+
+<Tabs> <TabItem label="macOS">
+
+1. Open a Terminal window.
+2. Run the `warp-diag` tool:
+   ```sh
+   warp-diag
+   ```
+
+This will place a `warp-debugging-info-<date>-<time>.zip` on your desktop.
+
+</TabItem> <TabItem label="Windows">
+
+1. Open a Command Prompt or PowerShell window.
+2. Run the `warp-diag` tool:
+   ```bash
+   C:\Users\JohnDoe>warp-diag
+   ```
+
+This will place a `warp-debugging-info-<date>-<time>.zip` on your desktop.
+
+</TabItem> <TabItem label="Linux">
+
+1. Open a Terminal window.
+2. Run the `warp-diag` tool:
+   ```sh
+   warp-diag
+   ```
+
+This will place a `warp-debugging-info-<date>-<time>.zip` in the same folder you ran the command from.
+
+</TabItem> </Tabs>

From 7dfd991ed072d0a77bbda140b5651e2a898d6977 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Wed, 30 Jul 2025 17:55:52 +0100
Subject: [PATCH 03/21] update

---
 .../troubleshooting/troubleshooting-guide.mdx | 105 +++++++++++++++++-
 1 file changed, 102 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index a49736b61dad76..0b10eda77ff2ea 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 0
 ---
 
-import { Render, Tabs, TabItem } from "~/components";
+import { MetaInfo, Render, Tabs, TabItem, Type } from "~/components";
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client.
 
@@ -129,12 +129,111 @@ By following these steps, you will ensure that your WARP diagnostic logs have ca
 
 <Render file="dex/pcaps-download" />
 
+After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+
 ### Collect logs via the CLI
 
-To collect WARP diagnostic logs via the `warp-diag` CLI, run:
+Collect WARP diagnostic logs by downloading them to your desktop using the `warp-diag` CLI.
 
 <Render file="warp/warpdiag-run" />
 
 :::tip[Best practice]
 
-To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps.
+To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps for review within the logs.
+
+:::
+
+After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+
+## 2. Review diagnostics logs
+
+WARP diagnostic logs display WARP information relevant to the target device after all MDM and other software operations have been applied, allowing you to determine whether WARP is misconfigured or affected by conflicting software. After downloading the WARP diagnostic logs and/or PCAPs, you will review key files to troubleshoot your issue by checking for potential misconfigurations.
+
+### 2a. Check WARP status
+
+Open the `warp-status.txt` file to review the status of the WARP connection when the `warp-diag` was collected. A connected WARP client will appear as:
+
+```
+Ok(Connected)
+```
+
+### Common connectivity issues
+
+#### WARP client failing to connect
+
+If connectivity fails, reset the encryption keys to force re-establishement of the WARP tunnel without deleting registration.
+
+###### Windows, Mac, Linux
+
+To reset the encryption keys on a Windows, Mac, or Linux device:
+
+1. Open the WARP GUI > select the gear icon > **Preferences**.
+2. Select **Connection**.
+3. Select **Reset encryption keys**.
+
+##### iOS, Android
+
+To reset the encryption keys on an iOS or Android device:
+
+1. Open the Cloudflare One Agent.
+2. Select **Settings** > **Advanced** > **Connection options**.
+3. Select **Reset security keys**.
+
+### 2b. Check WARP settings
+
+Open the `warp-status.txt` file to review the WARP client settings, split tunnel configuration, and the applied device profile. Use this information to identify any discrepancies from the expected behavior you configure pre-deployment.
+
+#### Example `warp-settings.txt` file
+
+Review the following `warp-settings.txt` file and the descriptions of its content.
+
+```txt
+Merged configuration:
+(derived)   Always On: true # Current state of the WARP toggle on the GUI
+(network policy)    Switch Locked: false # If false, does not allows the user to [turn off the WARP switch](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) and disconnect the client.
+(network policy)    Mode: WarpWithDnsOverHttps <-- This is WARP with Gateway mode
+(network policy)    WARP tunnel protocol: WireGuard
+(default)   Disabled for Wifi: false
+(default)   Disabled for Ethernet: false
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] <- The SNI we'll use and the IP address for DoH requests
+(user set)  qlog logging: Enabled
+(default)   Onboarding: true <-- Does the user see a onboarding prompt when they first install the client?
+(network policy)    Exclude mode, with hosts/ips:
+  1xx.1xx.1xx.1xx/25 (zoom)
+...
+  cname.user.net
+
+(network policy)    Fallback domains:
+  intranet
+...
+  test
+(not set)   Daemon Teams Auth: false
+(network policy)    Disable Auto Fallback: false
+(network policy)    Captive Portal: 180
+(network policy)    Support URL: my-organizations-support-portal.com
+(user set)  Organization: Organization-Name
+(network policy)    Allow Mode Switch: true  <-- Is the user allowed to switch between configurations (DoH -> Gateway Mode)
+(network policy)    Allow Updates: false <------- Will the client perform the update checks, doesn't necessarily mean they'll be able to install them (depends on user permissions)
+(network policy)    Allowed to Leave Org: true <-- Is the button in the GUI grayed out or not.  Note, it'll always be grayed out if they have an MDM file
+(api defaults)  Known apple connectivity check IPs: xx.xxx.0.0/16;
+(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet  <-- The maximum size of network that'll be allowed when Access Lan is clicked.
+(network policy)    Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
+```
+
+:::tip[Quick debugging]
+
+The command `warp-cli settings` will generate the same information in your device's terminal that is present in the `warp-settings.txt` file.
+
+:::
+
+#### Contents of `warp-settings.txt` file
+
+- `Always On`
+
+This
+
+### Common misconfiguration issues
+
+#### Wrong profile ID
+
+#### Wrong split tunnel configuration

From db0f6b3319c53e8736b1312d63738c814806e8d7 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 31 Jul 2025 14:30:14 +0100
Subject: [PATCH 04/21] updates

---
 .../warp/configure-warp/device-profiles.mdx   | 150 +++++++++---------
 .../troubleshooting/troubleshooting-guide.mdx | 136 +++++++++++++++-
 .../warp/edit-profile-settings.mdx            |  21 +++
 3 files changed, 223 insertions(+), 84 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/warp/edit-profile-settings.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
index 5cfa39b4ab164a..71d3498aa35474 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
@@ -35,86 +35,73 @@ Your profile will appear in the **Profile settings** list. You can rearrange the
 Send a `POST` request to the [Devices API](/api/resources/zero_trust/subresources/devices/subresources/policies/subresources/custom/methods/create/):
 
 <APIRequest
-  path="/accounts/{account_id}/devices/policy"
-  method="POST"
-  json={{
-    "allow_mode_switch": false,
-		"allow_updates": false,
-		"allowed_to_leave": false,
-		"auto_connect": 600,
-		"captive_portal": 180,
-		"description": "Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/",
-		"disable_auto_fallback": true,
-		"enabled": true,
-		"exclude_office_ips": false,
-		"match": "identity.email in {\"jdoe@example.com\"} or any(identity.groups.name[*] in {\"developers\" \"admin\"}) and os.name == \"windows\"",
-		"name": "Example device profile",
-		"precedence": 101,
-		"service_mode_v2": {
-			"mode": "warp"
+	path="/accounts/{account_id}/devices/policy"
+	method="POST"
+	json={{
+		allow_mode_switch: false,
+		allow_updates: false,
+		allowed_to_leave: false,
+		auto_connect: 600,
+		captive_portal: 180,
+		description:
+			"Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/",
+		disable_auto_fallback: true,
+		enabled: true,
+		exclude_office_ips: false,
+		match:
+			'identity.email in {"jdoe@example.com"} or any(identity.groups.name[*] in {"developers" "admin"}) and os.name == "windows"',
+		name: "Example device profile",
+		precedence: 101,
+		service_mode_v2: {
+			mode: "warp",
 		},
-		"support_url": "https://support.example.com",
-		"switch_locked": true
-  }}
+		support_url: "https://support.example.com",
+		switch_locked: true,
+	}}
 />
 
 </TabItem>
 <TabItem label="Terraform (v5)">
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
-	- `Zero Trust Write`
+   - `Zero Trust Write`
 
 2. Create a new profile using the [`cloudflare_zero_trust_device_custom_profile`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_device_custom_profile) resource:
 
-	```tf
-	resource "cloudflare_zero_trust_device_custom_profile" "example" {
-		account_id            = var.cloudflare_account_id
-		name                  = "Example device profile"
-		description           = "Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/"
-		allow_mode_switch     = false
-		allow_updates         = false
-		allowed_to_leave      = false
-		auto_connect          = 600
-		captive_portal        = 180
-		disable_auto_fallback = true
-		enabled               = true
-		exclude_office_ips    = false
-		precedence            = 101
-		service_mode_v2       = {mode = "warp"}
-		support_url           = "https://support.example.com"
-		switch_locked         = true
-		tunnel_protocol       = "wireguard"
-
-		match = trimspace(replace(<<-EOT
-			identity.email in {"jdoe@example.com"}
-			or any(identity.groups.name[*] in {"developers" "admin"})
-			and os.name == "windows"
-		EOT
-		, "\n", " "))
-	}
-	```
+   ```tf
+   resource "cloudflare_zero_trust_device_custom_profile" "example" {
+   	account_id            = var.cloudflare_account_id
+   	name                  = "Example device profile"
+   	description           = "Example device profile recommended in the implementation documentation. For details, refer to https://developers.cloudflare.com/learning-paths/replace-vpn/configure-device-agent/device-profiles/"
+   	allow_mode_switch     = false
+   	allow_updates         = false
+   	allowed_to_leave      = false
+   	auto_connect          = 600
+   	captive_portal        = 180
+   	disable_auto_fallback = true
+   	enabled               = true
+   	exclude_office_ips    = false
+   	precedence            = 101
+   	service_mode_v2       = {mode = "warp"}
+   	support_url           = "https://support.example.com"
+   	switch_locked         = true
+   	tunnel_protocol       = "wireguard"
+
+   	match = trimspace(replace(<<-EOT
+   		identity.email in {"jdoe@example.com"}
+   		or any(identity.groups.name[*] in {"developers" "admin"})
+   		and os.name == "windows"
+   	EOT
+   	, "\n", " "))
+   }
+   ```
 
 </TabItem>
 </Tabs>
 
 ## Edit profile settings
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. In the **Profile settings** card, find the profile you want to update and select **Configure**.
-3. Modify [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-settings) for this profile.
-   :::note
-
-   Changing any of the settings below will cause the WARP connection to restart. The user may experience a brief period of connectivity loss while the new settings are being applied.
-
-   - [Service mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#service-mode)
-   - [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#local-domain-fallback)
-   - [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#split-tunnels)
-
-   :::
-
-4. Select **Save profile**.
-
- <Render file="warp/client-notification-lag" product="cloudflare-one" />
+<Render file="warp/edit-profile-settings" />
 
 ## Verify device profile
 
@@ -136,50 +123,59 @@ You can configure device profiles to match against the following selectors, or c
 
 Apply a device profile based on the user's email.
 
-<Render file="gateway/selectors/user-email" params={{ UIname: "User email" }}/>
+<Render file="gateway/selectors/user-email" params={{ UIname: "User email" }} />
 
 ### User group emails
 
 Apply a device profile based on an [IdP group](/cloudflare-one/policies/gateway/identity-selectors/#idp-groups-in-gateway) email address of which the user is configured as a member in the IdP.
 
-<Render file="gateway/selectors/user-group-email" params={{ UIname: "User group emails" }}/>
+<Render
+	file="gateway/selectors/user-group-email"
+	params={{ UIname: "User group emails" }}
+/>
 
 ### User group IDs
 
 Apply a device profile based on an [IdP group](/cloudflare-one/policies/gateway/identity-selectors/#idp-groups-in-gateway) ID of which the user is configured as a member in the IdP.
 
-<Render file="gateway/selectors/user-group-ids" params={{ UIname: "User group IDs" }}/>
+<Render
+	file="gateway/selectors/user-group-ids"
+	params={{ UIname: "User group IDs" }}
+/>
 
 ### User group names
 
 Apply a device profile based on an [IdP group](/cloudflare-one/policies/gateway/identity-selectors/#idp-groups-in-gateway) name of which the user is configured as a member in the IdP.
 
-<Render file="gateway/selectors/user-group-names" params={{ UIname: "User group names" }}/>
+<Render
+	file="gateway/selectors/user-group-names"
+	params={{ UIname: "User group names" }}
+/>
 
 ### Operating system
 
 Apply a device profile based on the operating system of the device.
 
-| UI name         | API example                                       |
-| --------------- | ------------------------------------------------- |
+| UI name          | API example                        |
+| ---------------- | ---------------------------------- |
 | Operating system | `os.name in {\"windows\" \"mac\"}` |
 
 ### Operating system version
 
 Apply a device profile based on the [OS version](/cloudflare-one/identity/devices/warp-client-checks/os-version/#determine-the-os-version) of the device.
 
-| UI name         | API example                                       |
-| --------------- | ------------------------------------------------- |
+| UI name                  | API example               |
+| ------------------------ | ------------------------- |
 | Operating system version | `os.version == \"1.2.0\"` |
 
- <Render file="warp/os-version-semver" />
+<Render file="warp/os-version-semver" />
 
 ### Managed network
 
 Apply a device profile based on the [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) that the device is connected to.
 
-| UI name         | API example                                       |
-| --------------- | ------------------------------------------------- |
+| UI name         | API example                    |
+| --------------- | ------------------------------ |
 | Managed network | `network == \"Austin office\"` |
 
 ### SAML attributes
@@ -192,8 +188,8 @@ Apply a device profile based on an attribute name and value from a [SAML IdP](/c
 
 Apply a device profile based on the [service token](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#check-for-service-token) used to enroll the device.
 
-| UI name         | API example                                       |
-| --------------- | ------------------------------------------------- |
+| UI name       | API example                                                               |
+| ------------- | ------------------------------------------------------------------------- |
 | Service Token | `identity.service_token_uuid == \"f174e90a-fafe-4643-bbbc-4a0ed4fc8415\"` |
 
 ## Comparison operators
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 0b10eda77ff2ea..971eb344ed2482 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -185,11 +185,11 @@ Open the `warp-status.txt` file to review the WARP client settings, split tunnel
 
 #### Example `warp-settings.txt` file
 
-Review the following `warp-settings.txt` file and the descriptions of its content.
+Review the following `warp-settings.txt` file and the descriptions of its content below.
 
 ```txt
 Merged configuration:
-(derived)   Always On: true # Current state of the WARP toggle on the GUI
+(derived)   Always On: true
 (network policy)    Switch Locked: false # If false, does not allows the user to [turn off the WARP switch](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) and disconnect the client.
 (network policy)    Mode: WarpWithDnsOverHttps <-- This is WARP with Gateway mode
 (network policy)    WARP tunnel protocol: WireGuard
@@ -228,12 +228,134 @@ The command `warp-cli settings` will generate the same information in your devic
 
 #### Contents of `warp-settings.txt` file
 
-- `Always On`
+Review the meanings of the fields in `warp-settings.txt` that are relevant to troubleshooting.
 
-This
+##### Always On
 
-### Common misconfiguration issues
+Refers to the current state of the WARP toggle in the GUI. In the example file, the WARP toggle is switched on.
 
-#### Wrong profile ID
+```txt
+Always On: true
+```
+
+##### Switch Locked
+
+Refers to the [Lock WARP Switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) which allows the user to turn off the WARP switch and disconnect the client. In the example file, the value is `false` meaning the user is able to turn the WARP switch on or off at their discretion.
+
+```txt
+Switch Locked: false
+```
+
+When the Lock WARP switch is enabled (`true`), users will need an [Admin override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) code to temporarily turn off WARP on their device.
+
+##### Mode
+
+Refers to the [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) the device is using. In the example file, the WARP mode is `WarpWithDnsOverHttps` which is Gateway with WARP mode. Refer to the [WARP modes comparison matrix](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) to match your `warp-settings.txt` file's value with the mode name.
+
+```txt
+Mode: WarpWithDnsOverHttps
+```
+
+##### Exclude mode, with hosts/ips
+
+Refers to your [split tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) settings. In the example file, WARP is running in Exclude mode, meaning all traffic except for the traffic destined for these hosts and IPs will be sent through the WARP tunnel. The host `cname.user.net` and the IP `1xx.1xx.1xx.1xx/25 ` are both excluded from the WARP tunnel.
+
+```txt
+Exclude mode, with hosts/ips:
+  1xx.1xx.1xx.1xx/25 (zoom)
+...
+  cname.user.net
+```
+
+##### Fallback domains
+
+Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) settings. In the example file, WARP lists `intranet` as a domain that will not be sent to Gateway for proccessing and will instead be sent directly to the configured fallback servers.
+
+```txt
+(network policy)    Fallback domains:
+  intranet
+...
+```
+
+##### Allow Mode Switch
+
+Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DoH](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
+
+```txt
+Allow Mode Switch: true
+```
+
+##### Allow Updates
+
+Refers to the [Allow updates](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-updates) setting. In the example file, the allow updates setting is set to `false` meaning the user will not receive update notifications when a new version of the WARP client is available and cannot update WARP without administrator approval.
+
+```txt
+Allow Updates: false
+```
+
+##### Allowed to Leave Org
+
+Refers to the [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) setting. In the example file, the value is set to `true` meaning the user can log out from your Zero Trust organization.
+
+```txt
+Allowed to Leave Org: true
+```
+
+##### LAN Access Settings
+
+Refers to the [Allow users to enable local network exclusion](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-users-to-enable-local-network-exclusion) setting. When enabled, it allows users to temporarily access local devices (like printers) by excluding the detected local subnet from the WARP tunnel. This example indicates access is allowed until the next WARP reconnection, and only for subnets up to /24.
+
+```txt
+LAN Access Settings: Allowed until reconnect on a /24 subnet
+```
+
+##### Profile ID
+
+Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) a device is using. In this example, the ID is `000000x1-00x1-1xx0-1xx1-11101x1axx11` which can be cross-referenced in the dashboard by going to **Zero Trust** > **My team** > **Devices** > selecting a device name and reviewing the **Device ID** under **Basic Information**.
+
+```txt
+Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
+```
+
+## Common misconfiguration issues and solutions
+
+Use the following list to help identify and troubleshoot common WARP configuration problems.
+
+- [Wrong profile ID](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules)
+- [Wrong split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration)
+
+### Wrong profile ID
+
+If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precide matcing rules or how profile precedence is configured. Device profiles are evaluated top to bottom based on their order in the UI, and the first matching profile is applied.
+
+To debug a possibly misconfigured device profile, you must:
+
+1. [Check](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-the-applied-device-profile) that the applied device profile is correct.
+2. If the applied device profile is incorrect, you must then [edit your device profile](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) for more precise rule matching.
+3. If the device profile is correct but you are still having issues, note this and move onto another possible WARP misconfiguraton to continue troubleshooting.
+
+#### Check the applied device profile
+
+To check that the applied device profile is the intended device profile:
+
+1. Go to [Zero Trust](https://one.dash.cloudflare.com/) > **Settings** > **WARP Client**.
+2. Find and select the device profile intended for the device.
+3. Under **Profile details** compare the Profile ID with the value found in the `warp-settings.txt` file.
+
+If the profile ID does not match the intended device profile, avoid [reordering profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#order-of-precedence) unless you are confident it will not affect other users.
+
+Instead, [modify the match rules](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) in the intended profile to make them more specific (for example, by adding identity-based [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) like [`email`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-email), or [`group name`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-group-names).)
+
+:::note
+
+Identity-based selectors are only available if the user [enrolled the device](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) by logging in to an identity provider (IdP).
+
+:::
+
+#### Edit your device profile match rules
+
+To modify the match rules of a device profile, you will need to edit the device profile. To edit the device profile:
+
+<Render file="warp/edit-profile-settings" />
 
-#### Wrong split tunnel configuration
+### Wrong split tunnel configuration
diff --git a/src/content/partials/cloudflare-one/warp/edit-profile-settings.mdx b/src/content/partials/cloudflare-one/warp/edit-profile-settings.mdx
new file mode 100644
index 00000000000000..946aebc39b06cd
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/edit-profile-settings.mdx
@@ -0,0 +1,21 @@
+---
+{}
+---
+
+import { Render } from "~/components";
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
+2. In the **Profile settings** card, find the profile you want to update and select **Configure**.
+3. Use [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) to add or adjust match rules, and modify [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-settings) for this profile as needed.
+   :::note
+
+   Changing any of the settings below will cause the WARP connection to restart. The user may experience a brief period of connectivity loss while the new settings are being applied.
+   - [Service mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#service-mode)
+   - [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#local-domain-fallback)
+   - [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#split-tunnels)
+
+   :::
+
+4. Select **Save profile**.
+
+<Render file="warp/client-notification-lag" product="cloudflare-one" />

From e5145aca9ff6c300489c8fdafdad79b8a8d68930 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 31 Jul 2025 18:43:55 +0100
Subject: [PATCH 05/21] updates

---
 .../connect-devices/warp/index.mdx            |  4 ++
 .../troubleshooting/troubleshooting-guide.mdx | 47 +------------------
 .../warp/warp-installation-details.mdx        | 44 +++++++++++++++++
 3 files changed, 49 insertions(+), 46 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/warp/warp-installation-details.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
index 51c19575056b90..6c934743698083 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
@@ -23,6 +23,10 @@ The WARP client consists of:
 
 Refer to [WARP architecture](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/) for more information on how WARP client interacts with a device's operating system to route traffic.
 
+## WARP installation details
+
+<Render file="warp/warp-installation-details" />
+
 ## Key benefits of using WARP
 
 Deploying the WARP client significantly enhances your organization's security and visibility within Cloudflare Zero Trust:
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 971eb344ed2482..e31e825de3197c 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -34,52 +34,7 @@ Review the WARP client’s architecture, installation paths, and modes to help y
 
 ### WARP installation details
 
-The GUI and daemon (or service) have different names and are stored in the following locations:
-
-<details>
-<summary>Windows</summary>
-
-|                      | Windows                                                                                                                                                                                                          |
-| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Service / Daemon** | `C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe`                                                                                                                                                       |
-| **GUI application**  | `C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe`                                                                                                                                                |
-| **Logs Location**    | <details><summary>Daemon</summary><br/>`C:\ProgramData\Cloudflare\`</details><br/><details><summary>GUI Logs</summary><br/>`C:\Users\<USER>.WARP\AppData\Local`<br/>or<br/>`%LOCALAPPDATA%\Cloudflare`</details> |
-
-</details>
-
-<details>
-<summary>macOS</summary>
-
-|                      | macOS                                                                                                                                                                           |
-| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Service / Daemon** | `/Applications/Cloudflare WARP.app/Contents/Resources/CloudflareWARP`                                                                                                           |
-| **GUI application**  | `/Applications/Cloudflare WARP.app/Contents/MacOS/Cloudflare WARP`                                                                                                              |
-| **Logs Location**    | <details><summary>Daemon</summary><br/>`/Library/Application Support/Cloudflare/`</details><br/><details><summary>GUI Logs</summary><br/>`~/Library/Logs/Cloudflare/`</details> |
-
-</details>
-
-<details>
-<summary>Linux</summary>
-
-|                      | Linux                                                      |
-| -------------------- | ---------------------------------------------------------- |
-| **Service / Daemon** | `/bin/warp-svc`                                            |
-| **GUI application**  | `/bin/warp-taskbar`                                        |
-| **Logs Location**    | `/var/log/cloudflare-warp/`<br/>`/var/lib/cloudflare-warp` |
-
-</details>
-
-Along with the WARP GUI and daemon, `warp-cli` and `warp-diag` are also [installed](/cloudflare-one/connections/connect-devices/warp/download-warp/) on the machine and added to the system path for use from any terminal session.
-
-[`warp-diag`](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) is a command-line diagnostics tool that collects logs, configuration details, and connectivity data from the WARP client to help troubleshoot issues.
-
-`warp-cli` is the command-line interface (CLI) for managing and configuring the Cloudflare WARP client, allowing users to connect, disconnect, and adjust settings programmatically.
-
-:::tip
-
-Run `warp-cli help` and `warp-diag help` in your terminal to review the available subcommands and options.
-
-:::
+<Render file="warp/warp-installation-details" />
 
 ### WARP modes
 
diff --git a/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx b/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx
new file mode 100644
index 00000000000000..41e1045abc7139
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx
@@ -0,0 +1,44 @@
+---
+{}
+---
+
+The GUI and daemon (or service) have different names and are stored in the following locations:
+
+<details>
+<summary>Windows</summary>
+
+|                      | Windows                                                                                                                                                                                                          |
+| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Service / Daemon** | `C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe`                                                                                                                                                       |
+| **GUI application**  | `C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe`                                                                                                                                                |
+| **Logs Location**    | <details><summary>Daemon</summary><br/>`C:\ProgramData\Cloudflare\`</details><br/><details><summary>GUI Logs</summary><br/>`C:\Users\<USER>.WARP\AppData\Local`<br/>or<br/>`%LOCALAPPDATA%\Cloudflare`</details> |
+
+</details>
+
+<details>
+<summary>macOS</summary>
+
+|                      | macOS                                                                                                                                                                           |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Service / Daemon** | `/Applications/Cloudflare WARP.app/Contents/Resources/CloudflareWARP`                                                                                                           |
+| **GUI application**  | `/Applications/Cloudflare WARP.app/Contents/MacOS/Cloudflare WARP`                                                                                                              |
+| **Logs Location**    | <details><summary>Daemon</summary><br/>`/Library/Application Support/Cloudflare/`</details><br/><details><summary>GUI Logs</summary><br/>`~/Library/Logs/Cloudflare/`</details> |
+
+</details>
+
+<details>
+<summary>Linux</summary>
+
+|                      | Linux                                                      |
+| -------------------- | ---------------------------------------------------------- |
+| **Service / Daemon** | `/bin/warp-svc`                                            |
+| **GUI application**  | `/bin/warp-taskbar`                                        |
+| **Logs Location**    | `/var/log/cloudflare-warp/`<br/>`/var/lib/cloudflare-warp` |
+
+</details>
+
+Along with the WARP GUI and daemon, `warp-cli` and `warp-diag` are also [installed](/cloudflare-one/connections/connect-devices/warp/download-warp/) on the machine and added to the system path for use from any terminal session.
+
+[`warp-diag`](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) is a command-line diagnostics tool that collects logs, configuration details, and connectivity data from the WARP client to help troubleshoot issues.
+
+`warp-cli` is the command-line interface (CLI) for managing and configuring the Cloudflare WARP client, allowing users to connect, disconnect, and adjust settings programmatically.

From 94d83e3b23e5083b071f625a498c6c7789281c88 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 7 Aug 2025 09:41:08 +0100
Subject: [PATCH 06/21] updates

---
 .../troubleshooting/troubleshooting-guide.mdx | 53 +++++++------------
 1 file changed, 20 insertions(+), 33 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index e31e825de3197c..aabe2a8fb79f20 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -11,7 +11,7 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP
 
 ## Prerequisites
 
-To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on your device.
+To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on an end user device.
 
 ## Troubleshooting steps
 
@@ -102,9 +102,9 @@ After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare
 
 ## 2. Review diagnostics logs
 
-WARP diagnostic logs display WARP information relevant to the target device after all MDM and other software operations have been applied, allowing you to determine whether WARP is misconfigured or affected by conflicting software. After downloading the WARP diagnostic logs and/or PCAPs, you will review key files to troubleshoot your issue by checking for potential misconfigurations.
+WARP diagnostic logs display WARP information relevant to the target device after all MDM and other software operations have been applied, allowing you to determine whether WARP is misconfigured or behaving in an unexpected way. After downloading the WARP diagnostic logs, you will review key files to check that WARP is operating as intended. You will check the device's WARP status, its applied profile ID, and its split tunnel configuration.
 
-### 2a. Check WARP status
+### Check WARP status
 
 Open the `warp-status.txt` file to review the status of the WARP connection when the `warp-diag` was collected. A connected WARP client will appear as:
 
@@ -112,41 +112,21 @@ Open the `warp-status.txt` file to review the status of the WARP connection when
 Ok(Connected)
 ```
 
-### Common connectivity issues
+If the WARP client is experiencing issues, the error will display in the WARP GUI on the device. Use the [Client errors](/cloudflare-one/connections/connect-devices/warp/troubleshooting/client-errors/) documentation to identify your error, its cause, and the solution.
 
-#### WARP client failing to connect
+### Check WARP settings
 
-If connectivity fails, reset the encryption keys to force re-establishement of the WARP tunnel without deleting registration.
-
-###### Windows, Mac, Linux
-
-To reset the encryption keys on a Windows, Mac, or Linux device:
-
-1. Open the WARP GUI > select the gear icon > **Preferences**.
-2. Select **Connection**.
-3. Select **Reset encryption keys**.
-
-##### iOS, Android
-
-To reset the encryption keys on an iOS or Android device:
-
-1. Open the Cloudflare One Agent.
-2. Select **Settings** > **Advanced** > **Connection options**.
-3. Select **Reset security keys**.
-
-### 2b. Check WARP settings
-
-Open the `warp-status.txt` file to review the WARP client settings, split tunnel configuration, and the applied device profile. Use this information to identify any discrepancies from the expected behavior you configure pre-deployment.
+After you have checked WARP status, you will review WARP's settings on the device to check if the expected configuration has been applied. Open the `warp-settings.txt` file to review the WARP client settings. You will check the device's applied device profile and split tunnel configuration.
 
 #### Example `warp-settings.txt` file
 
-Review the following `warp-settings.txt` file and the descriptions of its content below.
+After you have downloaded the WARP diagnostic logs, open the `warp-settings.txt` file. Review the following example `warp-settings.txt` file and the descriptions of its content below.
 
 ```txt
 Merged configuration:
 (derived)   Always On: true
-(network policy)    Switch Locked: false # If false, does not allows the user to [turn off the WARP switch](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) and disconnect the client.
-(network policy)    Mode: WarpWithDnsOverHttps <-- This is WARP with Gateway mode
+(network policy)    Switch Locked: false # If false, does not allows the user to turn off the WARP toggle and disconnect the WARP client
+(network policy)    Mode: WarpWithDnsOverHttps # The device's WARP mode, this is WARP with Gateway mode
 (network policy)    WARP tunnel protocol: WireGuard
 (default)   Disabled for Wifi: false
 (default)   Disabled for Ethernet: false
@@ -171,13 +151,13 @@ Merged configuration:
 (network policy)    Allow Updates: false <------- Will the client perform the update checks, doesn't necessarily mean they'll be able to install them (depends on user permissions)
 (network policy)    Allowed to Leave Org: true <-- Is the button in the GUI grayed out or not.  Note, it'll always be grayed out if they have an MDM file
 (api defaults)  Known apple connectivity check IPs: xx.xxx.0.0/16;
-(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet  <-- The maximum size of network that'll be allowed when Access Lan is clicked.
+(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet  <-- The maximum size of network that will be allowed when Access Lan is clicked.
 (network policy)    Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 ```
 
 :::tip[Quick debugging]
 
-The command `warp-cli settings` will generate the same information in your device's terminal that is present in the `warp-settings.txt` file.
+The command `warp-cli settings` in a terminal will generate the same information that is present in the `warp-settings.txt` file.
 
 :::
 
@@ -266,7 +246,7 @@ LAN Access Settings: Allowed until reconnect on a /24 subnet
 
 ##### Profile ID
 
-Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) a device is using. In this example, the ID is `000000x1-00x1-1xx0-1xx1-11101x1axx11` which can be cross-referenced in the dashboard by going to **Zero Trust** > **My team** > **Devices** > selecting a device name and reviewing the **Device ID** under **Basic Information**.
+Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) a device is using. In this example, the ID is `000000x1-00x1-1xx0-1xx1-11101x1axx11`. To verify if the applied ID is  in the dashboard by going to **Zero Trust** > **My team** > **Devices** > selecting a device name and reviewing the **Device ID** under **Basic Information**.
 
 ```txt
 Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
@@ -276,12 +256,19 @@ Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 
 Use the following list to help identify and troubleshoot common WARP configuration problems.
 
+- [WARP connection error]()
 - [Wrong profile ID](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules)
 - [Wrong split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration)
 
 ### Wrong profile ID
 
-If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precide matcing rules or how profile precedence is configured. Device profiles are evaluated top to bottom based on their order in the UI, and the first matching profile is applied.
+If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precise matcing rules or how profile precedence is configured.
+
+:::tip[Consider]
+
+
+
+:::
 
 To debug a possibly misconfigured device profile, you must:
 

From bbcb3f19e36a4053829ddb9b06ed16397b97c17e Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 7 Aug 2025 18:38:00 +0100
Subject: [PATCH 07/21] updates

---
 .../warp/configure-warp/device-profiles.mdx   |   4 +-
 .../route-traffic/split-tunnels.mdx           |   8 +-
 .../troubleshooting/troubleshooting-guide.mdx | 158 ++++++++++++++----
 .../device-profile-order-of-precedence.mdx    |   9 +
 .../warp/split-tunnel-intro.mdx               |  11 ++
 .../cloudflare-one/warp/warp-modes.mdx        |   2 +-
 6 files changed, 152 insertions(+), 40 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
 create mode 100644 src/content/partials/cloudflare-one/warp/split-tunnel-intro.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
index 71d3498aa35474..667682c1128792 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
@@ -212,6 +212,4 @@ To evaluate multiple conditions in an expression, select a logical operator:
 
 ## Order of precedence
 
-Profiles are evaluated from top to bottom as shown in the UI and follows the first match principle — once a device matches a profile, evaluation stops and no subsequent profiles can override the decision.
-
-The **Default** profile is always at the bottom of the list, meaning that it will only apply if the device does not match any of the previous profiles. If you make another custom profile the default, all settings will be copied over into the **Default** profile.
+<Render file="warp/device-profile-order-of-precedence" />
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
index a56f5c9b76f02d..1fa3b9b18c6c32 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
@@ -7,13 +7,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-Split Tunnels can be configured to exclude or include IP addresses or domains from going through WARP. This feature is commonly used to run WARP alongside a VPN (in Exclude mode) or to provide access to a specific private network (in Include mode).
-
-:::caution
-Split Tunnels only impacts the flow of IP traffic. DNS requests are still resolved by Gateway and subject to DNS policies unless you add the domains to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) configuration.
-:::
-
-Because Split Tunnels controls what Gateway has visibility on at the network level, we recommend testing all changes before rolling out updates to end users.
+<Render file="warp/split-tunnel-intro" />
 
 ## Change Split Tunnels mode
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index aabe2a8fb79f20..4c4b398ab7fdb2 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -7,22 +7,22 @@ sidebar:
 
 import { MetaInfo, Render, Tabs, TabItem, Type } from "~/components";
 
-This guide helps you diagnose and resolve common issues with the Cloudflare WARP client.
+This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
 ## Prerequisites
 
 To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on an end user device.
 
-## Troubleshooting steps
+## Troubleshooting overview
 
 This guide uses [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) to help you verify that your WARP configuration is working as intended.
 
 To troubleshoot if WARP misconfiguration is the source of your issue, you will:
 
-1. Run a remote capture to download WARP diagnostic logs from the Cloudflare dashboard.
-2. Review the best practice to
-3. Check the WARP diagnostic logs to ensure WARP is working according to the configuration you set in the Zero Trust dashboard.
-4. File a support ticket if your configuration looks correct but you are still having issues.
+1. Review the WARP basics to familiarize yourself with WARP functionality.
+2. Review the best practice advice and run a remote capture to download WARP diagnostic logs.
+3. Check your WARP diagnostic logs for connection status, profile ID accuracy, and split tunnel configuration accuracy.
+4. Before filing a support ticket, review the support ticket checklist to ensure a fast response to your problem.
 
 ## WARP basics
 
@@ -126,28 +126,28 @@ After you have downloaded the WARP diagnostic logs, open the `warp-settings.txt`
 Merged configuration:
 (derived)   Always On: true
 (network policy)    Switch Locked: false # If false, does not allows the user to turn off the WARP toggle and disconnect the WARP client
-(network policy)    Mode: WarpWithDnsOverHttps # The device's WARP mode, this is WARP with Gateway mode
+(network policy)    Mode: WarpWithDnsOverHttps # The device's WARP mode, this mode is WARP with Gateway mode
 (network policy)    WARP tunnel protocol: WireGuard
 (default)   Disabled for Wifi: false
 (default)   Disabled for Ethernet: false
-(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] <- The SNI we'll use and the IP address for DoH requests
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] <- The SNI Cloudflare will use and the IP address for DNS-over-HTTP (DoH) requests
 (user set)  qlog logging: Enabled
-(default)   Onboarding: true <-- Does the user see a onboarding prompt when they first install the client?
-(network policy)    Exclude mode, with hosts/ips:
+(default)   Onboarding: true # If true, the user sees a onboarding prompt when they first install the WARP client
+(network policy)    Exclude mode, with hosts/ips: # Split tunnel configuration
   1xx.1xx.1xx.1xx/25 (zoom)
 ...
   cname.user.net
 
-(network policy)    Fallback domains:
+(network policy)    Fallback domains: # Local domain fallback configuration
   intranet
 ...
   test
 (not set)   Daemon Teams Auth: false
 (network policy)    Disable Auto Fallback: false
 (network policy)    Captive Portal: 180
-(network policy)    Support URL: my-organizations-support-portal.com
+(network policy)    Support URL: my-organizations-support-portal.com # Your organization's support portal or IT help desk
 (user set)  Organization: Organization-Name
-(network policy)    Allow Mode Switch: true  <-- Is the user allowed to switch between configurations (DoH -> Gateway Mode)
+(network policy)    Allow Mode Switch: true  # The user is allowed to switch between WARP with configurations (DoH -> Gateway Mode)
 (network policy)    Allow Updates: false <------- Will the client perform the update checks, doesn't necessarily mean they'll be able to install them (depends on user permissions)
 (network policy)    Allowed to Leave Org: true <-- Is the button in the GUI grayed out or not.  Note, it'll always be grayed out if they have an MDM file
 (api defaults)  Known apple connectivity check IPs: xx.xxx.0.0/16;
@@ -246,7 +246,7 @@ LAN Access Settings: Allowed until reconnect on a /24 subnet
 
 ##### Profile ID
 
-Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) a device is using. In this example, the ID is `000000x1-00x1-1xx0-1xx1-11101x1axx11`. To verify if the applied ID is  in the dashboard by going to **Zero Trust** > **My team** > **Devices** > selecting a device name and reviewing the **Device ID** under **Basic Information**.
+Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) a device is using. In this example, the ID is `000000x1-00x1-1xx0-1xx1-11101x1axx11`.
 
 ```txt
 Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
@@ -254,39 +254,36 @@ Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 
 ## Common misconfiguration issues and solutions
 
-Use the following list to help identify and troubleshoot common WARP configuration problems.
+To verify that WARP is configured and working properly, review the following:
 
-- [WARP connection error]()
-- [Wrong profile ID](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules)
-- [Wrong split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration)
+1. Is the [wrong profile ID](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) applied to the device?
+2. Is the [split tunnel configuration wrong](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration)?
 
 ### Wrong profile ID
 
-If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precise matcing rules or how profile precedence is configured.
+A profile ID is a unique identifier assigned to each [device profile]((/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)) in the Zero Trust dashboard, used to determine which configuration settings apply to a device.
 
-:::tip[Consider]
+If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precise matcing rules or how profile precedence is configured.
 
+:::tip[WARP evaluates profile IDs according to chronological order in the dashboard]
 
+<Render file="warp/device-profile-order-of-precedence" />
 
 :::
 
-To debug a possibly misconfigured device profile, you must:
-
-1. [Check](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-the-applied-device-profile) that the applied device profile is correct.
-2. If the applied device profile is incorrect, you must then [edit your device profile](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) for more precise rule matching.
-3. If the device profile is correct but you are still having issues, note this and move onto another possible WARP misconfiguraton to continue troubleshooting.
-
 #### Check the applied device profile
 
 To check that the applied device profile is the intended device profile:
 
 1. Go to [Zero Trust](https://one.dash.cloudflare.com/) > **Settings** > **WARP Client**.
 2. Find and select the device profile intended for the device.
-3. Under **Profile details** compare the Profile ID with the value found in the `warp-settings.txt` file.
+3. Under **Profile details** compare the displayed **Profile ID** with the `Profile ID` in the `warp-settings.txt` file.
+
+If the profile ID displayed in the `warp-settings.txt` file matches the intended device profile's ID shown in the dashboard, you may need to troubleshoot your managed network settings.
 
-If the profile ID does not match the intended device profile, avoid [reordering profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#order-of-precedence) unless you are confident it will not affect other users.
+If the profile ID displayed in the `warp-settings.txt` file does not match the intended device profile's ID shown in the dashboard, [edit your device profile's match rules](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) in the intended profile to make them more specific (for example, by adding identity-based [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) like [`email`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-email), or [`group name`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-group-names).)
 
-Instead, [modify the match rules](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) in the intended profile to make them more specific (for example, by adding identity-based [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) like [`email`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-email), or [`group name`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-group-names).)
+Avoid [reordering profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#order-of-precedence) unless you are confident it will not affect other users.
 
 :::note
 
@@ -300,4 +297,107 @@ To modify the match rules of a device profile, you will need to edit the device
 
 <Render file="warp/edit-profile-settings" />
 
+#### Review your managed network settings
+
+A [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) is a network location that you define with a TLS endpoint, like a physical office. The WARP client checks for this TLS endpoint to determine its location and apply the corresponding device profile. If the managed network is misconfigured or the TLS endpoint is unreachable, the device may fall back to an unintended profile.
+
+When troubleshooting a managed network, check these things:
+
+1. Verify the endpoint is reachable.
+
+	The WARP client connects to the TLS endpoint to identify the network. If the endpoint is down or unreachable, the WARP client will fail to detect the network and apply the wrong profile.
+
+	// how would they do this //
+
+2. Use a single profile for a single location.
+
+	To simplify management and prevent errors, avoid creating multiple managed network profiles for the same location. For example, if you have multiple TLS endpoints in one office, link them all to a single device profile. This reduces the risk of a device matching an unintended profile due to a configuration error.
+
+	// are 2 and 3 saying the same thing //
+
+3. Ensure the device can only reach one managed network.
+
+	If a device can reach more than one managed network simultaneously, WARP cannot determine which profile to apply, leading to unpredictable results. Make sure the managed network configuration is unique to each location.
+
 ### Wrong split tunnel configuration
+
+<Render file="warp/split-tunnel-intro" />
+
+A misconfigured [split tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) can cause connectivity issues.
+
+For example, if you set your mode to Exclude IPs and domains and accidentally exclude an IP address needed by an application, that application may not work correctly. Similarly, in Include IPs and domains mode, forgetting to include a necessary IP or domain will cause traffic to bypass WARP, and you will lose access to your Zero Trust security features.
+
+#### Check the applied split tunnel configuration
+
+After downloading the WARP diagnostic logs, review your configuration is working as intended:
+
+1. Open the `warp-settings.txt` file and find `Exclude mode, with hosts/ips:` or `Include mode, with hosts/ips:`.
+
+	:::tip[Exclude mode versus Include mode]
+	`Exclude mode` means all traffic will be sent through the WARP tunnel except for the IPs and domains you specify.
+
+	`Include mode` means only traffic destined to the IPs or domains you specify will be sent through the WARP tunnel.
+	:::
+
+2. Log into [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP client**.
+3. Find and select the device profile intended for the device.
+4. Select **Edit**.
+5. Find **Split Tunnels** and note the mode you have selected > select **Manage**.
+6. Cross-reference the IPs/hosts you have configured in the Zero Trust dashboard with the IPs/hosts listed in `warp-settings.txt`.
+
+If your dashboard split tunnel configuration does not match your `warp-settings.txt` file configuration, you may need to force the WARP client to [update its settings](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#update-the-warp-clients-settings).
+
+#### Update the WARP client's settings
+
+If your `warp-settings.txt` split tunnel configuration is not matching what is in the dashboard, you can force the WARP client to fetch the latest configuration to resolve the discrepancy. You can either instruct the end user to toggle WARP off and on, reset their encryption keys, or force the fetch as an admin. All three options will result in the WARP client fetching the latest data.
+
+##### Toggle WARP off and back on
+
+On the end user device, open the WARP GUI and toggle WARP on and off.
+
+If the end user's WARP switch is locked, they will need an admin override code to be able to toggle the WARP switch.
+
+After you toggle WARP back on, the WARP client will fetch new settings when it reconnects.
+
+##### Reset the encryption keys
+
+To reset the encyrption keys on an end user's desktop:
+
+1. Open the WARP GUI.
+2. Select the gear icon.
+3. Select **Preferences** > **Connection** > **Reset encryption keys**.
+
+Resetting the encryption keys forces the WARP client to reestablish its tunnel and retrieve the latest configuration.
+
+##### Revoke the user session
+
+An administrator can revoke the user's session to force a complete reenrollment.
+
+1. In the Zero Trust dashboard, go to My Team > Users.
+
+2. Select the checkbox next to the user's name.
+
+3. Select Action > Revoke access.
+
+Revoking access will prompt the user to log back in. The WARP client will then perform a new registration and fetch the latest settings from the dashboard.
+
+To debug quickly that the Split Tunnels settings have been updated, run `warp-cli settings` on the device and review the configuration again.
+
+## File a support ticket
+
+To ensure faster resolution when contacting support, include as much relevant detail as possible in your ticket. Make sure your ticket includes:
+
+`[]` Context: Briefly describe the scenario or use case (for example, where the user was, what they were trying to do).
+`[]` Steps taken so far: Outline any troubleshooting or changes already attempted.
+`[]` Timestamps: Be specific — include the exact time and time zone when the issue occurred.
+
+For example:
+
+❌ Avoid:
+Ken was on the train and had captive portal issues. `warp-diag` is attached.
+
+✅ More helpful:
+Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp-diag was collected immediately after and is attached.
+
+
+
diff --git a/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx b/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
new file mode 100644
index 00000000000000..8a16ff77e3b994
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
@@ -0,0 +1,9 @@
+---
+{}
+---
+
+Cloudflare WARP evaluates device profiles dynamically based on a hierarchy. When a device connects, WARP checks the profiles from top to bottom as they appear in the dashboard. WARP follows the first match principle — once a device matches a profile, WARP stop evaluating and no subsequent profiles can override the decision.
+
+The **Default** profile is always at the bottom of the list. It will only be applied if the device does not meet the criteria of any profile listed above it. If you make another custom profile the default, all settings will be copied over into the **Default** profile.
+
+Administrators can create multiple profiles to apply different settings based on specific criteria such as user identity, location, or operating system. Understanding this top-to-bottom evaluation order is crucial for ensuring that the correct policies are applied to devices.
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/warp/split-tunnel-intro.mdx b/src/content/partials/cloudflare-one/warp/split-tunnel-intro.mdx
new file mode 100644
index 00000000000000..3daf8f9af3a569
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/split-tunnel-intro.mdx
@@ -0,0 +1,11 @@
+---
+{}
+---
+
+Split Tunnels can be configured to exclude or include IP addresses or domains from going through WARP. This feature is commonly used to run WARP alongside a VPN (in Exclude mode) or to provide access to a specific private network (in Include mode).
+
+:::caution
+Split Tunnels only impacts the flow of IP traffic. DNS requests are still resolved by Gateway and subject to DNS policies unless you add the domains to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) configuration.
+:::
+
+Because Split Tunnels controls what Gateway has visibility on at the network level, we recommend testing all changes before rolling out updates to end users.
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/warp/warp-modes.mdx b/src/content/partials/cloudflare-one/warp/warp-modes.mdx
index daa616c0431ead..638ed0a95346aa 100644
--- a/src/content/partials/cloudflare-one/warp/warp-modes.mdx
+++ b/src/content/partials/cloudflare-one/warp/warp-modes.mdx
@@ -9,5 +9,5 @@ Each WARP mode offers a different set of Zero Trust features.
 | [**Gateway with WARP (default)**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default)                             | ✅            | ✅                | ✅             | `WarpWithDnsOverHttps`                          |
 | [**Gateway with DoH**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh)                                                 | ✅            | ❌                | ❌             | `DnsOverHttps`                                  |
 | [**Secure Web Gateway without DNS filtering**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#secure-web-gateway-without-dns-filtering) | ❌            | ✅                | ✅             | `TunnelOnly`                                    |
-| [**Proxy mode**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#proxy-mode)                                                             | ❌            | ❌                | ✅             | `WarpProxy on port 40000`                       |
+| [**Proxy mode**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#proxy-mode)                                                             | ❌            | ❌                | ✅             | `WarpProxy`                                     |
 | [**Device Information Only**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#device-information-only)                                   | ❌            | ❌                | ❌             | `PostureOnly`                                   |

From 2fded6bacd96259d9f705bc2a749d8be22b25688 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 7 Aug 2025 18:55:47 +0100
Subject: [PATCH 08/21] update

---
 .../warp/troubleshooting/troubleshooting-guide.mdx        | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 4c4b398ab7fdb2..1a025b3eb82ca6 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -13,6 +13,14 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP
 
 To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on an end user device.
 
+:::caution[Update WARP before troubleshooting]
+
+Many troubleshooting issues are caused by outdated client versions. For the best performance and compatibility, administrators should check for new releases and [upgrade the WARP client](/cloudflare-one/connections/connect-devices/warp/download-warp/) before attempting to troubleshoot other issues.
+
+After updating the WARP client, monitor the issue to see if it recurs. If the issue persists, continue with the troubleshooting guide.
+
+:::
+
 ## Troubleshooting overview
 
 This guide uses [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) to help you verify that your WARP configuration is working as intended.

From 08bafe88329e959d8c715bdd9d1229d5d51cab1b Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Fri, 8 Aug 2025 12:40:38 +0100
Subject: [PATCH 09/21] edits

---
 .../connect-devices/warp/index.mdx            |  2 +-
 .../troubleshooting/troubleshooting-guide.mdx | 53 ++++++++-----------
 2 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
index e7988d1d7fc6f0..bf6bf6466d2573 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
@@ -8,7 +8,7 @@ head:
     content: About Cloudflare WARP
 ---
 
-import { Stream } from "~/components"
+import { Render, Stream } from "~/components"
 
 ## About Cloudflare WARP
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 1a025b3eb82ca6..89ece5fd60df4d 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -5,62 +5,53 @@ sidebar:
   order: 0
 ---
 
-import { MetaInfo, Render, Tabs, TabItem, Type } from "~/components";
+import { MetaInfo, Render, Steps, Tabs, TabItem, Type } from "~/components";
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
-## Prerequisites
+1. **Before you start**: [Prerequisites](#prequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
+2. **Collect logs**: Through the [dashboard]() (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
+3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#wrong-profile-id), [split tunnel](#wrong-split-tunnel-configuration) configuration.
+4. **Fix common misconfigurations**: Profile mismatch, split tunnel issues, managed network issues.
+5. **File a support ticket**: What to include to solve your issue faster.
 
-To use this guide, you must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created and the WARP client installed on an end user device.
+## 1. Before you start
 
-:::caution[Update WARP before troubleshooting]
+### Prequisites
 
-Many troubleshooting issues are caused by outdated client versions. For the best performance and compatibility, administrators should check for new releases and [upgrade the WARP client](/cloudflare-one/connections/connect-devices/warp/download-warp/) before attempting to troubleshoot other issues.
-
-After updating the WARP client, monitor the issue to see if it recurs. If the issue persists, continue with the troubleshooting guide.
-
-:::
-
-## Troubleshooting overview
+- You must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created.
+- You must have the WARP client installed on an end user device.
+- You must have a [role](/cloudflare-one/roles-permissions/) that gives admin permission to download logs on the Cloudflare dashboard.
 
-This guide uses [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) to help you verify that your WARP configuration is working as intended.
+### Check your WARP version
 
-To troubleshoot if WARP misconfiguration is the source of your issue, you will:
+Many troubleshooting issues are caused by outdated client versions. For the best performance and compatibility, administrators should check for new releases and [upgrade the WARP client](/cloudflare-one/connections/connect-devices/warp/download-warp/) before attempting to troubleshoot other issues.
 
-1. Review the WARP basics to familiarize yourself with WARP functionality.
-2. Review the best practice advice and run a remote capture to download WARP diagnostic logs.
-3. Check your WARP diagnostic logs for connection status, profile ID accuracy, and split tunnel configuration accuracy.
-4. Before filing a support ticket, review the support ticket checklist to ensure a fast response to your problem.
+After updating the WARP client, monitor the issue to see if it recurs. If the issue persists, continue with the troubleshooting guide.
 
-## WARP basics
+### WARP basics
 
 Review the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy.
 
-### WARP architecture
+#### WARP architecture
 
 <Render file="warp/warp-comprises" />
 
-### WARP installation details
+#### WARP installation details
 
 <Render file="warp/warp-installation-details" />
 
-### WARP modes
+#### WARP modes
 
 WARP operates in several modes, each with different traffic handling capabilities:
 
 <Render file="warp/warp-modes" />
 
-:::tip
-
-Run `warp-cli settings` to review your device’s current WARP mode and other configured [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/).
-
-:::
-
-## 1. Collect diagnostic logs
+## 2. Collect diagnostic logs
 
-You can collect diagnostic logs in two ways: the Cloudflare dashboard or the `warp-diag` command-line interface (CLI).
+You can collect diagnostic logs in two ways: the [Cloudflare dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) or the [`warp-diag`]() command-line interface (CLI).
 
-### Collect logs via the Cloudflare dashboard
+### Option A: Collect logs via the Cloudflare dashboard
 
 For WARP client versions higher than `2024.12.492.0`, you can collect diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring's (DEX) remote captures.
 
@@ -94,7 +85,7 @@ By following these steps, you will ensure that your WARP diagnostic logs have ca
 
 After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
 
-### Collect logs via the CLI
+### Option B: Collect logs via the CLI
 
 Collect WARP diagnostic logs by downloading them to your desktop using the `warp-diag` CLI.
 

From 7cdcb2d654d1b78e1896f01f481e71336768f5d2 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Fri, 8 Aug 2025 17:41:38 +0100
Subject: [PATCH 10/21] final edits to first draft

---
 .../troubleshooting/troubleshooting-guide.mdx | 125 ++++++++++--------
 .../partials/cloudflare-one/dex/pcaps-run.mdx |   5 +-
 2 files changed, 76 insertions(+), 54 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 89ece5fd60df4d..6435b81c002b0e 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -11,9 +11,9 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP
 
 1. **Before you start**: [Prerequisites](#prequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
 2. **Collect logs**: Through the [dashboard]() (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
-3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#wrong-profile-id), [split tunnel](#wrong-split-tunnel-configuration) configuration.
-4. **Fix common misconfigurations**: Profile mismatch, split tunnel issues, managed network issues.
-5. **File a support ticket**: What to include to solve your issue faster.
+3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration.
+4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings).
+5. **File a support ticket**: [How to file a ticket](#file-a-support-ticket) after you have exhausted your troubleshooting options.
 
 ## 1. Before you start
 
@@ -29,6 +29,16 @@ Many troubleshooting issues are caused by outdated client versions. For the best
 
 After updating the WARP client, monitor the issue to see if it recurs. If the issue persists, continue with the troubleshooting guide.
 
+:::tip[Check the device's WARP version]
+
+To a device's WARP version:
+
+1. Open the WARP GUI on the desktop.
+2. Select the gear icon.
+3. Select **About WARP**.
+
+:::
+
 ### WARP basics
 
 Review the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy.
@@ -49,7 +59,7 @@ WARP operates in several modes, each with different traffic handling capabilitie
 
 ## 2. Collect diagnostic logs
 
-You can collect diagnostic logs in two ways: the [Cloudflare dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) or the [`warp-diag`]() command-line interface (CLI).
+You can collect diagnostic logs in two ways: the [Cloudflare dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) or the [`warp-diag`](#option-b-collect-logs-via-the-cli) command-line interface (CLI).
 
 ### Option A: Collect logs via the Cloudflare dashboard
 
@@ -57,23 +67,20 @@ For WARP client versions higher than `2024.12.492.0`, you can collect diagnostic
 
 #### Start a remote capture
 
-<Render file="dex/pcaps-run" />
-
 :::tip[Best practice]
 
-To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges when capturing logs. Though recreating the issue may not be possible in all cases, the following troubleshooting regimen will ensure the most accurate capture of the state of WARP:
-
-1. In **Zero Trust** > **DEX** > **Remote captures**, select **WARP diagnostic logs** and **Packet captures (PCAP)**. You can leave **Test all routes** unselected.
-2. Select **Run diagnostics**.
-3. While the diagnostics are running on the target device, recreate the steps that cause the problem.
+To troubleshoot effectively, Cloudflare recommends reproducing the issue and noting your timestamps immediately before collecting logs. Though recreating the issue may not be possible in all cases, reproducing the issue right before WARP diag collection or during the window that a PCAP is running will help you troubleshoot with greater visibility.
 
-   If you set your **Time limit** on the **Remote captures** page to five minutes, recreate the steps that cause the problem on the target device in that five minute window before logs are generated. Keep timestamps of when you executed your steps to successfully review logs later.
+Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#log-retention-window) to learn more.
+:::
 
-4. [Check the status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-remote-capture-status) of your remote capture to verify its readiness.
-5. [Download the remote captures](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#check-remote-capture-status) when they have finished running.
+<Render
+  file="dex/pcaps-run"
+  params={{
+    bestPractice: 'You must select WARP Diagnostic Logs. You can also choose to run a PCAP and reproduce the issue in the window the PCAP is running to gain further network insight. The scope of this troubleshooting covers only WARP diagnostic logs. If not choosing PCAPs, reproduce the right issue before running diagnostics.'
+  }}
+/>
 
-By following these steps, you will ensure that your WARP diagnostic logs have captured WARP activity relevant to your issue.
-:::
 
 #### Check remote capture status
 
@@ -99,9 +106,9 @@ To troubleshoot effectively, Cloudflare recommends that you recreate the steps w
 
 After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
 
-## 2. Review diagnostics logs
+## 3. Review key files
 
-WARP diagnostic logs display WARP information relevant to the target device after all MDM and other software operations have been applied, allowing you to determine whether WARP is misconfigured or behaving in an unexpected way. After downloading the WARP diagnostic logs, you will review key files to check that WARP is operating as intended. You will check the device's WARP status, its applied profile ID, and its split tunnel configuration.
+WARP diagnostic logs capture the final WARP configuration and status on a device after all MDM policies and other software settings have been applied. Reviewing these logs can help you identify misconfigurations or unexpected behavior.
 
 ### Check WARP status
 
@@ -129,7 +136,7 @@ Merged configuration:
 (network policy)    WARP tunnel protocol: WireGuard
 (default)   Disabled for Wifi: false
 (default)   Disabled for Ethernet: false
-(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] <- The SNI Cloudflare will use and the IP address for DNS-over-HTTP (DoH) requests
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] # The SNI Cloudflare will use and the IP address for DNS-over-HTTP (DoH) requests
 (user set)  qlog logging: Enabled
 (default)   Onboarding: true # If true, the user sees a onboarding prompt when they first install the WARP client
 (network policy)    Exclude mode, with hosts/ips: # Split tunnel configuration
@@ -146,11 +153,11 @@ Merged configuration:
 (network policy)    Captive Portal: 180
 (network policy)    Support URL: my-organizations-support-portal.com # Your organization's support portal or IT help desk
 (user set)  Organization: Organization-Name
-(network policy)    Allow Mode Switch: true  # The user is allowed to switch between WARP with configurations (DoH -> Gateway Mode)
-(network policy)    Allow Updates: false <------- Will the client perform the update checks, doesn't necessarily mean they'll be able to install them (depends on user permissions)
-(network policy)    Allowed to Leave Org: true <-- Is the button in the GUI grayed out or not.  Note, it'll always be grayed out if they have an MDM file
+(network policy)    Allow Mode Switch: true  # The user is allowed to switch between WARP modes
+(network policy)    Allow Updates: false # WARP client will not perform update checks
+(network policy)    Allowed to Leave Org: true
 (api defaults)  Known apple connectivity check IPs: xx.xxx.0.0/16;
-(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet  <-- The maximum size of network that will be allowed when Access Lan is clicked.
+(network policy)    LAN Access Settings: Allowed until reconnect on a /24 subnet # The maximum size of network that will be allowed when Access Lan is clicked.
 (network policy)    Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 ```
 
@@ -251,7 +258,7 @@ Refers to the [Device profile](/cloudflare-one/connections/connect-devices/warp/
 Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 ```
 
-## Common misconfiguration issues and solutions
+## 4. Fix common misconfigurations
 
 To verify that WARP is configured and working properly, review the following:
 
@@ -264,7 +271,7 @@ A profile ID is a unique identifier assigned to each [device profile]((/cloudfla
 
 If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precise matcing rules or how profile precedence is configured.
 
-:::tip[WARP evaluates profile IDs according to chronological order in the dashboard]
+:::note[WARP evaluates profile IDs according to chronological order in the dashboard]
 
 <Render file="warp/device-profile-order-of-precedence" />
 
@@ -312,12 +319,6 @@ When troubleshooting a managed network, check these things:
 
 	To simplify management and prevent errors, avoid creating multiple managed network profiles for the same location. For example, if you have multiple TLS endpoints in one office, link them all to a single device profile. This reduces the risk of a device matching an unintended profile due to a configuration error.
 
-	// are 2 and 3 saying the same thing //
-
-3. Ensure the device can only reach one managed network.
-
-	If a device can reach more than one managed network simultaneously, WARP cannot determine which profile to apply, leading to unpredictable results. Make sure the managed network configuration is unique to each location.
-
 ### Wrong split tunnel configuration
 
 <Render file="warp/split-tunnel-intro" />
@@ -350,7 +351,7 @@ If your dashboard split tunnel configuration does not match your `warp-settings.
 
 If your `warp-settings.txt` split tunnel configuration is not matching what is in the dashboard, you can force the WARP client to fetch the latest configuration to resolve the discrepancy. You can either instruct the end user to toggle WARP off and on, reset their encryption keys, or force the fetch as an admin. All three options will result in the WARP client fetching the latest data.
 
-##### Toggle WARP off and back on
+##### Option A: Toggle WARP off and back on
 
 On the end user device, open the WARP GUI and toggle WARP on and off.
 
@@ -358,7 +359,7 @@ If the end user's WARP switch is locked, they will need an admin override code t
 
 After you toggle WARP back on, the WARP client will fetch new settings when it reconnects.
 
-##### Reset the encryption keys
+##### Option B: Reset the encryption keys
 
 To reset the encyrption keys on an end user's desktop:
 
@@ -368,35 +369,53 @@ To reset the encyrption keys on an end user's desktop:
 
 Resetting the encryption keys forces the WARP client to reestablish its tunnel and retrieve the latest configuration.
 
-##### Revoke the user session
-
-An administrator can revoke the user's session to force a complete reenrollment.
+##### Option C: Revoke the user session
 
-1. In the Zero Trust dashboard, go to My Team > Users.
+An administrator can revoke the user's session from the Cloudflare dashboard to force a complete reenrollment.
 
+1. In the Zero Trust dashboard, go to **My Team** > **Users**.
 2. Select the checkbox next to the user's name.
-
-3. Select Action > Revoke access.
+3. Select **Action** > **Revoke access**.
 
 Revoking access will prompt the user to log back in. The WARP client will then perform a new registration and fetch the latest settings from the dashboard.
 
 To debug quickly that the Split Tunnels settings have been updated, run `warp-cli settings` on the device and review the configuration again.
 
-## File a support ticket
-
-To ensure faster resolution when contacting support, include as much relevant detail as possible in your ticket. Make sure your ticket includes:
-
-`[]` Context: Briefly describe the scenario or use case (for example, where the user was, what they were trying to do).
-`[]` Steps taken so far: Outline any troubleshooting or changes already attempted.
-`[]` Timestamps: Be specific — include the exact time and time zone when the issue occurred.
-
-For example:
+## 5. File a support ticket
+
+To ensure efficient resolution when [contacting support](/support/contacting-cloudflare-support/), include as much relevant detail as possible in your ticket:
+
+<ul>
+  <li>
+    <label>
+      <input type="checkbox" /> Context: Briefly describe the scenario or use case (for example, where the user was, what they were trying to do).
+    </label>
+  </li>
+  <li>
+    <label>
+      <input type="checkbox" /> Steps taken so far: Outline any troubleshooting or changes already attempted.
+    </label>
+  </li>
+  <li>
+    <label>
+      <input type="checkbox" /> Timestamps: Be specific and include the exact time and time zone when the issue occurred.
+    </label>
+  </li>
+	<li>
+    <label>
+      <input type="checkbox" /> WARP diagnostics logs: Include the WARP diag you downloaded from the dashboard or through the CLI.
+    </label>
+  </li>
+</ul>
+
+:::danger[Avoid vague ticket descriptions]
+Refer to the following example of a vague ticket description:
 
-❌ Avoid:
 Ken was on the train and had captive portal issues. `warp-diag` is attached.
+:::
 
-✅ More helpful:
-Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp-diag was collected immediately after and is attached.
-
-
+:::tip[Include scenario, timestamps, and steps taken to troubleshoot the issue]
+Refer to the following example of an ideal ticket description:
 
+Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp-diag was collected immediately after and is attached.
+:::
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
index edbd996b3da813..7f7c52f3c01a1d 100644
--- a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
+++ b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
@@ -1,7 +1,9 @@
 ---
-{}
+inputParameters: bestPractice
 ---
 
+import { Render } from "~/components";
+
 To capture data from a remote device:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
@@ -12,6 +14,7 @@ To capture data from a remote device:
      :::note
      **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
      :::
+		 {props.bestPractice}
 4. Select **Run diagnostics**.
 
 DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.

From 13319cfc4c24b5b9ca71e18fbda65c2a91173cbf Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Mon, 11 Aug 2025 11:31:13 +0100
Subject: [PATCH 11/21] first draft edits, links, stream

---
 .../troubleshooting/troubleshooting-guide.mdx | 93 +++++++++++++++----
 1 file changed, 74 insertions(+), 19 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 6435b81c002b0e..01f42e6b2a773e 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -5,13 +5,13 @@ sidebar:
   order: 0
 ---
 
-import { MetaInfo, Render, Steps, Tabs, TabItem, Type } from "~/components";
+import { MetaInfo, Render, Steps, Stream, Tabs, TabItem, Type } from "~/components";
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
 1. **Before you start**: [Prerequisites](#prequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
 2. **Collect logs**: Through the [dashboard]() (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
-3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration.
+3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings.
 4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings).
 5. **File a support ticket**: [How to file a ticket](#file-a-support-ticket) after you have exhausted your troubleshooting options.
 
@@ -31,17 +31,38 @@ After updating the WARP client, monitor the issue to see if it recurs. If the is
 
 :::tip[Check the device's WARP version]
 
-To a device's WARP version:
+Via the device:
 
 1. Open the WARP GUI on the desktop.
 2. Select the gear icon.
 3. Select **About WARP**.
 
+Via the Zero Trust dashboard:
+
+1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My team** > **Devices**.
+2. Select the device you want to investigate.
+3. Find the device's WARP version under **Client version** in the side menu.
+
 :::
 
 ### WARP basics
 
-Review the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy.
+Understand the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy.
+
+<Stream
+        id="31178cc41d0ec56d42ef892160589635"
+        title="Understand Cloudflare WARP basics"
+        thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/Understand-Cloudflare-WARP-Basics%20thumbnail.png"
+        showMoreVideos={false}
+        chapters={{
+          "Introduction and WARP GUI Basics": "0s",
+          "Consumer vs. Corporate WARP": "57s",
+          "Device Profiles Explained": "1m35s",
+          "WARP Operating Modes": "2m12s",
+          "Split Tunneling": "3m44s",
+          "Conclusion": "4m56s",
+        }}
+      />
 
 #### WARP architecture
 
@@ -63,7 +84,7 @@ You can collect diagnostic logs in two ways: the [Cloudflare dashboard](#option-
 
 ### Option A: Collect logs via the Cloudflare dashboard
 
-For WARP client versions higher than `2024.12.492.0`, you can collect diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring's (DEX) remote captures.
+Collect WARP diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring's (DEX) remote captures.
 
 #### Start a remote capture
 
@@ -77,7 +98,7 @@ Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices
 <Render
   file="dex/pcaps-run"
   params={{
-    bestPractice: 'You must select WARP Diagnostic Logs. You can also choose to run a PCAP and reproduce the issue in the window the PCAP is running to gain further network insight. The scope of this troubleshooting covers only WARP diagnostic logs. If not choosing PCAPs, reproduce the right issue before running diagnostics.'
+    bestPractice: 'You must select WARP Diagnostic Logs. You can also choose to run a PCAP and reproduce the issue in the window the PCAP is running to gain further network insight. The scope of this troubleshooting covers only WARP diagnostic logs. If not choosing PCAPs, reproduce the issue right before running diagnostics.'
   }}
 />
 
@@ -110,6 +131,23 @@ After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare
 
 WARP diagnostic logs capture the final WARP configuration and status on a device after all MDM policies and other software settings have been applied. Reviewing these logs can help you identify misconfigurations or unexpected behavior.
 
+<Stream
+        id="c29964ab3dcf7c3432ebb2b4e93c3aca"
+        title="WARP diagnostic logs"
+        thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/Warp-diagnostics%20thumbnail.png"
+        showMoreVideos={false}
+        chapters={{
+          "Introduction": "0s",
+          "What are warp-diag files?": "44s",
+          "How to download and navigate warp-diag files": "1m16s",
+          "warp-status.txt": "2m06s",
+          "warp-settings.txt": "2m29s",
+          "daemon.log": "3m37s",
+          "Addition tips": "8m07s",
+          "Conclusion": "8m43s",
+        }}
+      />
+
 ### Check WARP status
 
 Open the `warp-status.txt` file to review the status of the WARP connection when the `warp-diag` was collected. A connected WARP client will appear as:
@@ -208,6 +246,12 @@ Exclude mode, with hosts/ips:
   cname.user.net
 ```
 
+:::tip[Exclude mode versus Include mode]
+	`Exclude mode` means all traffic will be sent through the WARP tunnel except for the IPs and domains you specify.
+
+	`Include mode` means only traffic destined to the IPs or domains you specify will be sent through the WARP tunnel.
+:::
+
 ##### Fallback domains
 
 Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) settings. In the example file, WARP lists `intranet` as a domain that will not be sent to Gateway for proccessing and will instead be sent directly to the configured fallback servers.
@@ -220,7 +264,7 @@ Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devic
 
 ##### Allow Mode Switch
 
-Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DoH](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
+Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DNS-over-HTTP (DoH)](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
 
 ```txt
 Allow Mode Switch: true
@@ -263,7 +307,7 @@ Profile ID: 000000x1-00x1-1xx0-1xx1-11101x1axx11
 To verify that WARP is configured and working properly, review the following:
 
 1. Is the [wrong profile ID](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) applied to the device?
-2. Is the [split tunnel configuration wrong](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration)?
+2. Is the [wrong split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#wrong-split-tunnel-configuration) active on the device?
 
 ### Wrong profile ID
 
@@ -285,11 +329,14 @@ To check that the applied device profile is the intended device profile:
 2. Find and select the device profile intended for the device.
 3. Under **Profile details** compare the displayed **Profile ID** with the `Profile ID` in the `warp-settings.txt` file.
 
-If the profile ID displayed in the `warp-settings.txt` file matches the intended device profile's ID shown in the dashboard, you may need to troubleshoot your managed network settings.
+If the profile ID displayed in the `warp-settings.txt` file does not match the intended device profile's ID shown in the dashboard:
 
-If the profile ID displayed in the `warp-settings.txt` file does not match the intended device profile's ID shown in the dashboard, [edit your device profile's match rules](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) in the intended profile to make them more specific (for example, by adding identity-based [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) like [`email`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-email), or [`group name`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-group-names).)
+1. If you are using a managed network, review your [managed network settings](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#review-your-managed-network-settings) for common errors.
+2. [Edit your device profile's match rules](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#edit-your-device-profile-match-rules) in the intended profile to make them more specific (for example, by adding identity-based [selectors](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#selectors) like [`email`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-email), or [`group name`](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#user-group-names).)
 
+:::caution
 Avoid [reordering profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/#order-of-precedence) unless you are confident it will not affect other users.
+:::
 
 :::note
 
@@ -305,15 +352,17 @@ To modify the match rules of a device profile, you will need to edit the device
 
 #### Review your managed network settings
 
-A [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) is a network location that you define with a TLS endpoint, like a physical office. The WARP client checks for this TLS endpoint to determine its location and apply the corresponding device profile. If the managed network is misconfigured or the TLS endpoint is unreachable, the device may fall back to an unintended profile.
+A [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) is a network location that you define with a TLS endpoint, like a physical office. The WARP client checks for this TLS endpoint to determine its location and apply the corresponding device profile.
+
+If the managed network is misconfigured or the TLS endpoint is unreachable, the device may fall back to an unintended profile.
 
-When troubleshooting a managed network, check these things:
+When troubleshooting WARP for managed network isses:
 
 1. Verify the endpoint is reachable.
 
 	The WARP client connects to the TLS endpoint to identify the network. If the endpoint is down or unreachable, the WARP client will fail to detect the network and apply the wrong profile.
 
-	// how would they do this //
+	// need instructions on how to do this //
 
 2. Use a single profile for a single location.
 
@@ -327,7 +376,7 @@ A misconfigured [split tunnel](/cloudflare-one/connections/connect-devices/warp/
 
 For example, if you set your mode to Exclude IPs and domains and accidentally exclude an IP address needed by an application, that application may not work correctly. Similarly, in Include IPs and domains mode, forgetting to include a necessary IP or domain will cause traffic to bypass WARP, and you will lose access to your Zero Trust security features.
 
-#### Check the applied split tunnel configuration
+#### 1. Check the applied split tunnel configuration
 
 After downloading the WARP diagnostic logs, review your configuration is working as intended:
 
@@ -347,15 +396,19 @@ After downloading the WARP diagnostic logs, review your configuration is working
 
 If your dashboard split tunnel configuration does not match your `warp-settings.txt` file configuration, you may need to force the WARP client to [update its settings](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#update-the-warp-clients-settings).
 
-#### Update the WARP client's settings
+#### 2. Update the WARP client's settings
 
-If your `warp-settings.txt` split tunnel configuration is not matching what is in the dashboard, you can force the WARP client to fetch the latest configuration to resolve the discrepancy. You can either instruct the end user to toggle WARP off and on, reset their encryption keys, or force the fetch as an admin. All three options will result in the WARP client fetching the latest data.
+If the split tunnel configuration in `warp-settings.txt` does not match the dashboard, you can force the WARP client to fetch the latest settings.
+
+This can be done by instructing the end user to [toggle WARP off and on](#option-a-toggle-warp-off-and-back-on), [reset their encryption keys](#option-b-reset-the-encryption-keys), or, if you have admin access, [revoking the user session](#option-c-revoke-the-user-session).
+
+All three methods update the client with the latest configuration.
 
 ##### Option A: Toggle WARP off and back on
 
 On the end user device, open the WARP GUI and toggle WARP on and off.
 
-If the end user's WARP switch is locked, they will need an admin override code to be able to toggle the WARP switch.
+If the end user's [WARP switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) is locked, they will need an [admin override code](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) to be able to toggle the WARP switch.
 
 After you toggle WARP back on, the WARP client will fetch new settings when it reconnects.
 
@@ -371,7 +424,7 @@ Resetting the encryption keys forces the WARP client to reestablish its tunnel a
 
 ##### Option C: Revoke the user session
 
-An administrator can revoke the user's session from the Cloudflare dashboard to force a complete reenrollment.
+An administrator can [revoke the user session](/cloudflare-one/identity/users/session-management/#per-user) from the Cloudflare dashboard to force a complete reenrollment.
 
 1. In the Zero Trust dashboard, go to **My Team** > **Users**.
 2. Select the checkbox next to the user's name.
@@ -379,10 +432,12 @@ An administrator can revoke the user's session from the Cloudflare dashboard to
 
 Revoking access will prompt the user to log back in. The WARP client will then perform a new registration and fetch the latest settings from the dashboard.
 
-To debug quickly that the Split Tunnels settings have been updated, run `warp-cli settings` on the device and review the configuration again.
+To check that the split tunnel settings have been updated, run `warp-cli settings` on the device and review the configuration.
 
 ## 5. File a support ticket
 
+Effective troubleshooting depends on clear, detailed support tickets. The more context you provide, the faster support can identify and resolve the issue.
+
 To ensure efficient resolution when [contacting support](/support/contacting-cloudflare-support/), include as much relevant detail as possible in your ticket:
 
 <ul>

From b99a130bb48d4a9c1036ced21f6c981074718463 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Tue, 12 Aug 2025 11:56:25 +0100
Subject: [PATCH 12/21] sha256 check

---
 .../warp/configure-warp/managed-networks.mdx  | 12 +---------
 .../troubleshooting/troubleshooting-guide.mdx | 22 +++++++++++++------
 .../warp/managed-networks-sha-256.mdx         | 15 +++++++++++++
 3 files changed, 31 insertions(+), 18 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/warp/managed-networks-sha-256.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
index 3a462edb1d5743..40d722c2cdbd25 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
@@ -202,17 +202,7 @@ SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8
 
 </TabItem> <TabItem label="Remote server">
 
-To obtain the SHA-256 fingerprint of a remote server:
-
-```sh
-openssl s_client -connect <private-server-IP>:443 < /dev/null 2> /dev/null | openssl x509 -noout -fingerprint -sha256 | tr -d :
-```
-
-The output will look something like:
-
-```txt
-SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8662
-```
+<Render file="warp/managed-networks-sha-256" />
 
 </TabItem> </Tabs>
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 01f42e6b2a773e..a5de44927d6bd2 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -344,12 +344,6 @@ Identity-based selectors are only available if the user [enrolled the device](/c
 
 :::
 
-#### Edit your device profile match rules
-
-To modify the match rules of a device profile, you will need to edit the device profile. To edit the device profile:
-
-<Render file="warp/edit-profile-settings" />
-
 #### Review your managed network settings
 
 A [managed network](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) is a network location that you define with a TLS endpoint, like a physical office. The WARP client checks for this TLS endpoint to determine its location and apply the corresponding device profile.
@@ -362,12 +356,26 @@ When troubleshooting WARP for managed network isses:
 
 	The WARP client connects to the TLS endpoint to identify the network. If the endpoint is down or unreachable, the WARP client will fail to detect the network and apply the wrong profile.
 
-	// need instructions on how to do this //
+	<Render file="warp/managed-networks-sha-256" />
+
+	If the endpoint is down, you will receive a `Could not find certificate from <stdin>` response.
+
+	If you received a returned SHA-256 fingerprint:
+
+	1. Log into [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.
+	2. Go to **Manage Networks** > **Edit**.
+	3. Compare the TLS Cert SHA-256 in the dashboard with the returned fingerprint in your terminal to ensure they match.
 
 2. Use a single profile for a single location.
 
 	To simplify management and prevent errors, avoid creating multiple managed network profiles for the same location. For example, if you have multiple TLS endpoints in one office, link them all to a single device profile. This reduces the risk of a device matching an unintended profile due to a configuration error.
 
+#### Edit your device profile match rules
+
+To modify the match rules of a device profile, you will need to edit the device profile. To edit the device profile:
+
+<Render file="warp/edit-profile-settings" />
+
 ### Wrong split tunnel configuration
 
 <Render file="warp/split-tunnel-intro" />
diff --git a/src/content/partials/cloudflare-one/warp/managed-networks-sha-256.mdx b/src/content/partials/cloudflare-one/warp/managed-networks-sha-256.mdx
new file mode 100644
index 00000000000000..65cc25e27b6439
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/managed-networks-sha-256.mdx
@@ -0,0 +1,15 @@
+---
+{}
+---
+
+To test connectivity and obtain the SHA-256 fingerprint of a remote server:
+
+```sh
+openssl s_client -connect <private-server-IP>:443 < /dev/null 2> /dev/null | openssl x509 -noout -fingerprint -sha256 | tr -d :
+```
+
+The output will look something like:
+
+```txt
+SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8662
+```
\ No newline at end of file

From 2764195adb945c027aabe1a5d907442cfe6a23cd Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Tue, 12 Aug 2025 15:05:12 +0100
Subject: [PATCH 13/21] extra additions

---
 .../warp/configure-warp/managed-networks.mdx  |  2 +-
 .../warp/configure-warp/warp-modes/index.mdx  |  2 +-
 .../warp/configure-warp/warp-sessions.mdx     |  4 ++
 .../troubleshooting/troubleshooting-guide.mdx | 67 +++++++++++--------
 .../device-profile-order-of-precedence.mdx    |  2 +-
 .../cloudflare-one/warp/manually-reauth.mdx   |  9 +++
 6 files changed, 56 insertions(+), 30 deletions(-)
 create mode 100644 src/content/partials/cloudflare-one/warp/manually-reauth.mdx

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
index 40d722c2cdbd25..d8ac3a2614af20 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
@@ -5,7 +5,7 @@ sidebar:
   order: 3
 ---
 
-import { Details, TabItem, Tabs } from "~/components";
+import { Details, Render, TabItem, Tabs } from "~/components";
 
 <Details header="Feature availability">
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
index 7047afc79d5dda..2bb2c80573b1f9 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
@@ -17,7 +17,7 @@ This mode is best suited for organizations that want to use advanced firewall/pr
 
 ## Gateway with DoH
 
-This mode is best suited for organizations that only want to apply DNS filtering to outbound traffic from their company devices. Network and HTTP traffic is handled by the default mechanisms on your devices.
+Gateway with DNS-over-HTTPS (DoH) is best suited for organizations that only want to apply DNS filtering to outbound traffic from their company devices. Network and HTTP traffic is handled by the default mechanisms on your devices.
 
 | DNS filtering | Network filtering | HTTP filtering | Features enabled |
 | ------------- | ----------------- | -------------- | ---------------- |
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
index 6024e3a5ef71ff..73fc52ae1a51b5 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
@@ -53,6 +53,10 @@ If the user has an active browser session with the IdP, WARP will use the existi
 
 - [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/#force-user-interaction-during-warp-reauthentication)
 
+## Manually reauthenticate
+
+<Render file="warp/manually-reauth" />
+
 ## Limitations
 
 - **Only one user per device** — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. To switch the device registration to a different user, User A must first log out from Zero Trust (if [Allow device to leave organization](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-device-to-leave-organization) is enabled), or an admin can revoke the registration from **My Team** > **Devices**. User B can then properly [enroll](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index a5de44927d6bd2..f242ad25cecfcd 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -9,17 +9,17 @@ import { MetaInfo, Render, Steps, Stream, Tabs, TabItem, Type } from "~/componen
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
-1. **Before you start**: [Prerequisites](#prequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
+1. **Before you start**: [Prerequisites](#prerequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
 2. **Collect logs**: Through the [dashboard]() (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
 3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings.
-4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings).
+4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings), [user group mismatch](#check-a-users-group-membership).
 5. **File a support ticket**: [How to file a ticket](#file-a-support-ticket) after you have exhausted your troubleshooting options.
 
 ## 1. Before you start
 
-### Prequisites
+### Prerequisites
 
-- You must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organizaton created.
+- You must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organization created.
 - You must have the WARP client installed on an end user device.
 - You must have a [role](/cloudflare-one/roles-permissions/) that gives admin permission to download logs on the Cloudflare dashboard.
 
@@ -169,14 +169,14 @@ After you have downloaded the WARP diagnostic logs, open the `warp-settings.txt`
 ```txt
 Merged configuration:
 (derived)   Always On: true
-(network policy)    Switch Locked: false # If false, does not allows the user to turn off the WARP toggle and disconnect the WARP client
+(network policy)    Switch Locked: false # If false, does not allow the user to turn off the WARP toggle and disconnect the WARP client
 (network policy)    Mode: WarpWithDnsOverHttps # The device's WARP mode, this mode is WARP with Gateway mode
 (network policy)    WARP tunnel protocol: WireGuard
 (default)   Disabled for Wifi: false
 (default)   Disabled for Ethernet: false
-(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] # The SNI Cloudflare will use and the IP address for DNS-over-HTTP (DoH) requests
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] # The SNI Cloudflare will use and the IP address for DNS-over-HTTPSs (DoH) requests
 (user set)  qlog logging: Enabled
-(default)   Onboarding: true # If true, the user sees a onboarding prompt when they first install the WARP client
+(default)   Onboarding: true # If true, the user sees an onboarding prompt when they first install the WARP client
 (network policy)    Exclude mode, with hosts/ips: # Split tunnel configuration
   1xx.1xx.1xx.1xx/25 (zoom)
 ...
@@ -254,7 +254,7 @@ Exclude mode, with hosts/ips:
 
 ##### Fallback domains
 
-Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) settings. In the example file, WARP lists `intranet` as a domain that will not be sent to Gateway for proccessing and will instead be sent directly to the configured fallback servers.
+Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) settings. In the example file, WARP lists `intranet` as a domain that will not be sent to Gateway for processing and will instead be sent directly to the configured fallback servers.
 
 ```txt
 (network policy)    Fallback domains:
@@ -313,14 +313,20 @@ To verify that WARP is configured and working properly, review the following:
 
 A profile ID is a unique identifier assigned to each [device profile]((/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)) in the Zero Trust dashboard, used to determine which configuration settings apply to a device.
 
-If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile due to lack of precise matcing rules or how profile precedence is configured.
+If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile because:
 
-:::note[WARP evaluates profile IDs according to chronological order in the dashboard]
+1. How profile precedence is configured.
+
+:::note[WARP evaluates profile IDs in the order they appear in the dashboard]
 
 <Render file="warp/device-profile-order-of-precedence" />
 
 :::
 
+2. [Managed network](#review-your-managed-network-settings) issues.
+3. User group [mismatch](#check-a-users-group-membership).
+4. Lack of [precise match rules](#edit-your-device-profile-match-rules)
+
 #### Check the applied device profile
 
 To check that the applied device profile is the intended device profile:
@@ -350,7 +356,7 @@ A [managed network](/cloudflare-one/connections/connect-devices/warp/configure-w
 
 If the managed network is misconfigured or the TLS endpoint is unreachable, the device may fall back to an unintended profile.
 
-When troubleshooting WARP for managed network isses:
+When troubleshooting WARP for managed network issues:
 
 1. Verify the endpoint is reachable.
 
@@ -370,6 +376,21 @@ When troubleshooting WARP for managed network isses:
 
 	To simplify management and prevent errors, avoid creating multiple managed network profiles for the same location. For example, if you have multiple TLS endpoints in one office, link them all to a single device profile. This reduces the risk of a device matching an unintended profile due to a configuration error.
 
+#### Check a user's group membership
+
+If a user is having issues with a device profile, it may be because they are not part of the correct user group. This can happen when an organization is not using SCIM for automatic identity provider (IdP) updates.
+
+To check that the user belongs to the intended group:
+
+1. Log into [Zero Trust]() > go to **My Team** > **Users**.
+2. Select the user.
+3. Under **User Registry Identity**, select the user's name.
+4. The Get-identity endpoint lists all the groups the user belongs to.
+
+If the user was recently added to a group, they will need to update their group membership with Cloudflare Zero Trust. This can be accomplished by logging into the reauthenticate endpoint.
+
+<Render file="warp/manually-reauth" />
+
 #### Edit your device profile match rules
 
 To modify the match rules of a device profile, you will need to edit the device profile. To edit the device profile:
@@ -386,7 +407,7 @@ For example, if you set your mode to Exclude IPs and domains and accidentally ex
 
 #### 1. Check the applied split tunnel configuration
 
-After downloading the WARP diagnostic logs, review your configuration is working as intended:
+After downloading the WARP diagnostic logs, review that your configuration is working as intended:
 
 1. Open the `warp-settings.txt` file and find `Exclude mode, with hosts/ips:` or `Include mode, with hosts/ips:`.
 
@@ -408,21 +429,25 @@ If your dashboard split tunnel configuration does not match your `warp-settings.
 
 If the split tunnel configuration in `warp-settings.txt` does not match the dashboard, you can force the WARP client to fetch the latest settings.
 
-This can be done by instructing the end user to [toggle WARP off and on](#option-a-toggle-warp-off-and-back-on), [reset their encryption keys](#option-b-reset-the-encryption-keys), or, if you have admin access, [revoking the user session](#option-c-revoke-the-user-session).
+This can be done by instructing the end user to [toggle WARP off and on](#option-a-toggle-warp-off-and-back-on), or [reset their encryption keys](#option-b-reset-the-encryption-keys).
 
-All three methods update the client with the latest configuration.
+Both methods update the client with the latest configuration.
 
 ##### Option A: Toggle WARP off and back on
 
 On the end user device, open the WARP GUI and toggle WARP on and off.
 
+:::tip[What if the end user cannot turn off WARP?]
 If the end user's [WARP switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#lock-warp-switch) is locked, they will need an [admin override code](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) to be able to toggle the WARP switch.
 
+[Resetting the encryption keys](#option-b-reset-the-encryption-keys) may be a faster solution.
+:::
+
 After you toggle WARP back on, the WARP client will fetch new settings when it reconnects.
 
 ##### Option B: Reset the encryption keys
 
-To reset the encyrption keys on an end user's desktop:
+To reset the encryption keys on an end user's desktop:
 
 1. Open the WARP GUI.
 2. Select the gear icon.
@@ -430,18 +455,6 @@ To reset the encyrption keys on an end user's desktop:
 
 Resetting the encryption keys forces the WARP client to reestablish its tunnel and retrieve the latest configuration.
 
-##### Option C: Revoke the user session
-
-An administrator can [revoke the user session](/cloudflare-one/identity/users/session-management/#per-user) from the Cloudflare dashboard to force a complete reenrollment.
-
-1. In the Zero Trust dashboard, go to **My Team** > **Users**.
-2. Select the checkbox next to the user's name.
-3. Select **Action** > **Revoke access**.
-
-Revoking access will prompt the user to log back in. The WARP client will then perform a new registration and fetch the latest settings from the dashboard.
-
-To check that the split tunnel settings have been updated, run `warp-cli settings` on the device and review the configuration.
-
 ## 5. File a support ticket
 
 Effective troubleshooting depends on clear, detailed support tickets. The more context you provide, the faster support can identify and resolve the issue.
diff --git a/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx b/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
index 8a16ff77e3b994..d3ff142527577a 100644
--- a/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
+++ b/src/content/partials/cloudflare-one/warp/device-profile-order-of-precedence.mdx
@@ -2,7 +2,7 @@
 {}
 ---
 
-Cloudflare WARP evaluates device profiles dynamically based on a hierarchy. When a device connects, WARP checks the profiles from top to bottom as they appear in the dashboard. WARP follows the first match principle — once a device matches a profile, WARP stop evaluating and no subsequent profiles can override the decision.
+Cloudflare WARP evaluates device profiles dynamically based on a hierarchy. When a device connects, WARP checks the profiles from top to bottom as they appear in the dashboard. WARP follows the first match principle — once a device matches a profile, WARP stops evaluating and no subsequent profiles can override the decision.
 
 The **Default** profile is always at the bottom of the list. It will only be applied if the device does not meet the criteria of any profile listed above it. If you make another custom profile the default, all settings will be copied over into the **Default** profile.
 
diff --git a/src/content/partials/cloudflare-one/warp/manually-reauth.mdx b/src/content/partials/cloudflare-one/warp/manually-reauth.mdx
new file mode 100644
index 00000000000000..bf2d9899799822
--- /dev/null
+++ b/src/content/partials/cloudflare-one/warp/manually-reauth.mdx
@@ -0,0 +1,9 @@
+---
+{}
+---
+
+To manually refresh your Cloudflare Access session and update your group information from your identity provider (IdP), go to the following URL in your browser and fill in your [team name](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name):
+
+`https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/refresh-identity`
+
+Reauthenticating resets your [session duration](/cloudflare-one/identity/users/session-management/) and fetches the latest group information from the organization's IdP.
\ No newline at end of file

From e3604038cc7f20b73d81e038f83f052df20d9868 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Tue, 12 Aug 2025 15:23:34 +0100
Subject: [PATCH 14/21] spelling edits

---
 .../troubleshooting/troubleshooting-guide.mdx | 20 +++++++++----------
 .../cloudflare-one/warp/warp-comprises.mdx    |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index f242ad25cecfcd..01ff3462a247ed 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -10,7 +10,7 @@ import { MetaInfo, Render, Steps, Stream, Tabs, TabItem, Type } from "~/componen
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
 1. **Before you start**: [Prerequisites](#prerequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
-2. **Collect logs**: Through the [dashboard]() (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
+2. **Collect logs**: Through the [dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
 3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings.
 4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings), [user group mismatch](#check-a-users-group-membership).
 5. **File a support ticket**: [How to file a ticket](#file-a-support-ticket) after you have exhausted your troubleshooting options.
@@ -39,7 +39,7 @@ Via the device:
 
 Via the Zero Trust dashboard:
 
-1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My team** > **Devices**.
+1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My Team** > **Devices**.
 2. Select the device you want to investigate.
 3. Find the device's WARP version under **Client version** in the side menu.
 
@@ -111,7 +111,7 @@ Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices
 
 <Render file="dex/pcaps-download" />
 
-After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+After you have your diagnostic files, go to [Review key files](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#3-review-key-files) to continue troubleshooting.
 
 ### Option B: Collect logs via the CLI
 
@@ -125,7 +125,7 @@ To troubleshoot effectively, Cloudflare recommends that you recreate the steps w
 
 :::
 
-After you have your diagnostic files, go to [Review diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#2-review-diagnostics-logs) to continue troubleshooting.
+After you have your diagnostic files, go to [Review key files](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#3-review-key-files) to continue troubleshooting.
 
 ## 3. Review key files
 
@@ -174,7 +174,7 @@ Merged configuration:
 (network policy)    WARP tunnel protocol: WireGuard
 (default)   Disabled for Wifi: false
 (default)   Disabled for Ethernet: false
-(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] # The SNI Cloudflare will use and the IP address for DNS-over-HTTPSs (DoH) requests
+(reg defaults)  Resolve via: 1xx0x1011xx000000000f0x00000x11.cloudflare-gateway.com @ [1xx.1xx.1x.1, 1x01:1x00:1x00::1xx1] # The SNI Cloudflare will use and the IP address for DNS-over-HTTPS (DoH) requests
 (user set)  qlog logging: Enabled
 (default)   Onboarding: true # If true, the user sees an onboarding prompt when they first install the WARP client
 (network policy)    Exclude mode, with hosts/ips: # Split tunnel configuration
@@ -264,7 +264,7 @@ Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devic
 
 ##### Allow Mode Switch
 
-Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DNS-over-HTTP (DoH)](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
+Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DNS-over-HTTPs (DoH)](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
 
 ```txt
 Allow Mode Switch: true
@@ -311,7 +311,7 @@ To verify that WARP is configured and working properly, review the following:
 
 ### Wrong profile ID
 
-A profile ID is a unique identifier assigned to each [device profile]((/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)) in the Zero Trust dashboard, used to determine which configuration settings apply to a device.
+A profile ID is a unique identifier assigned to each [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) in the Zero Trust dashboard, used to determine which configuration settings apply to a device.
 
 If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile because:
 
@@ -333,7 +333,7 @@ To check that the applied device profile is the intended device profile:
 
 1. Go to [Zero Trust](https://one.dash.cloudflare.com/) > **Settings** > **WARP Client**.
 2. Find and select the device profile intended for the device.
-3. Under **Profile details** compare the displayed **Profile ID** with the `Profile ID` in the `warp-settings.txt` file.
+3. Under **Profile details**, compare the displayed **Profile ID** with the `Profile ID` in the `warp-settings.txt` file.
 
 If the profile ID displayed in the `warp-settings.txt` file does not match the intended device profile's ID shown in the dashboard:
 
@@ -382,7 +382,7 @@ If a user is having issues with a device profile, it may be because they are not
 
 To check that the user belongs to the intended group:
 
-1. Log into [Zero Trust]() > go to **My Team** > **Users**.
+1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My Team** > **Users**.
 2. Select the user.
 3. Under **User Registry Identity**, select the user's name.
 4. The Get-identity endpoint lists all the groups the user belongs to.
@@ -493,5 +493,5 @@ Ken was on the train and had captive portal issues. `warp-diag` is attached.
 :::tip[Include scenario, timestamps, and steps taken to troubleshoot the issue]
 Refer to the following example of an ideal ticket description:
 
-Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp-diag was collected immediately after and is attached.
+Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp diag was collected immediately after and is attached.
 :::
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/warp/warp-comprises.mdx b/src/content/partials/cloudflare-one/warp/warp-comprises.mdx
index 925b0fe545fa17..523259ad713a1a 100644
--- a/src/content/partials/cloudflare-one/warp/warp-comprises.mdx
+++ b/src/content/partials/cloudflare-one/warp/warp-comprises.mdx
@@ -7,4 +7,4 @@ The WARP client consists of:
 - **Graphical User Interface (GUI)**: Control panel that allows end users to view WARP's [status](/cloudflare-one/connections/connect-devices/warp/troubleshooting/connectivity-status/) and perform actions such as turning WARP on or off.
 - **WARP daemon (or service)**: Core background component responsible for establishing secure tunnels (using WireGuard or MASQUE) and handling all WARP functionality on your device.
 
-Refer to [WARP architecture](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/) for more information on how WARP client interacts with a device's operating system to route traffic.
+Refer to [WARP architecture](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/) for more information on how the WARP client interacts with a device's operating system to route traffic.

From d70aac68baad79e6b08f3d395e51c2f9ae5d1d6c Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Tue, 12 Aug 2025 15:26:30 +0100
Subject: [PATCH 15/21] final edits

---
 .../warp/troubleshooting/troubleshooting-guide.mdx        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 01ff3462a247ed..c032086eabffa7 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -121,7 +121,7 @@ Collect WARP diagnostic logs by downloading them to your desktop using the `warp
 
 :::tip[Best practice]
 
-To troubleshoot effectively, Cloudflare recommends that you recreate the steps where your issue emerges before running `warp-diag` and keep timestamps of your steps for review within the logs.
+To troubleshoot effectively, Cloudflare recommends that you recreate the steps that cause the issue before running `warp-diag` and keep timestamps of your steps for review within the logs.
 
 :::
 
@@ -160,7 +160,7 @@ If the WARP client is experiencing issues, the error will display in the WARP GU
 
 ### Check WARP settings
 
-After you have checked WARP status, you will review WARP's settings on the device to check if the expected configuration has been applied. Open the `warp-settings.txt` file to review the WARP client settings. You will check the device's applied device profile and split tunnel configuration.
+After you have checked WARP status, review WARP's settings on the device to check if the expected configuration has been applied. Open the `warp-settings.txt` file to review the WARP client settings. You will check the device's applied device profile and split tunnel configuration.
 
 #### Example `warp-settings.txt` file
 
@@ -264,7 +264,7 @@ Refers to your [Local Domain Fallback](/cloudflare-one/connections/connect-devic
 
 ##### Allow Mode Switch
 
-Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DNS-over-HTTPs (DoH)](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
+Refers to the [Mode switch](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#mode-switch) setting. In the example file, the mode switch is enabled (`true`) which means the user has the option to switch between [Gateway with WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-warp-default) mode and [Gateway with DNS-over-HTTPS (DoH)](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) mode.
 
 ```txt
 Allow Mode Switch: true
@@ -272,7 +272,7 @@ Allow Mode Switch: true
 
 ##### Allow Updates
 
-Refers to the [Allow updates](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-updates) setting. In the example file, the allow updates setting is set to `false` meaning the user will not receive update notifications when a new version of the WARP client is available and cannot update WARP without administrator approval.
+Refers to the [Allow updates](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-updates) setting. In the example file, the allow updates setting is set to `false` meaning that the user will not receive update notifications when a new version of the WARP client is available and cannot update WARP without administrator approval.
 
 ```txt
 Allow Updates: false

From 7f1b110d91fc94aeb0b70ec1c4c5562bf2c17286 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 14 Aug 2025 04:12:43 +0100
Subject: [PATCH 16/21] keehun edits

---
 .../troubleshooting/troubleshooting-guide.mdx | 21 ++++++++++++-------
 .../partials/cloudflare-one/dex/pcaps-run.mdx |  2 ++
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index c032086eabffa7..123cfeba1202fa 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -13,7 +13,7 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP
 2. **Collect logs**: Through the [dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
 3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings.
 4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings), [user group mismatch](#check-a-users-group-membership).
-5. **File a support ticket**: [How to file a ticket](#file-a-support-ticket) after you have exhausted your troubleshooting options.
+5. **File a support ticket**: [How to file a ticket](#5-file-a-support-ticket) after you have exhausted your troubleshooting options.
 
 ## 1. Before you start
 
@@ -21,11 +21,11 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP
 
 - You must have completed the [Zero Trust onboarding flow](/cloudflare-one/setup/) with a Zero Trust organization created.
 - You must have the WARP client installed on an end user device.
-- You must have a [role](/cloudflare-one/roles-permissions/) that gives admin permission to download logs on the Cloudflare dashboard.
+- You must have a [role](/cloudflare-one/roles-permissions/) that gives admin permission to access logs on the Cloudflare dashboard.
 
 ### Check your WARP version
 
-Many troubleshooting issues are caused by outdated client versions. For the best performance and compatibility, administrators should check for new releases and [upgrade the WARP client](/cloudflare-one/connections/connect-devices/warp/download-warp/) before attempting to troubleshoot other issues.
+Many troubleshooting issues are caused by outdated client versions. For the best performance and compatibility, administrators should check for new releases and [update the WARP client](/cloudflare-one/connections/connect-devices/warp/download-warp/) before attempting to troubleshoot other issues.
 
 After updating the WARP client, monitor the issue to see if it recurs. If the issue persists, continue with the troubleshooting guide.
 
@@ -115,7 +115,7 @@ After you have your diagnostic files, go to [Review key files](/cloudflare-one/c
 
 ### Option B: Collect logs via the CLI
 
-Collect WARP diagnostic logs by downloading them to your desktop using the `warp-diag` CLI.
+Collect WARP diagnostic logs on your desktop using the `warp-diag` CLI.
 
 <Render file="warp/warpdiag-run" />
 
@@ -164,7 +164,7 @@ After you have checked WARP status, review WARP's settings on the device to chec
 
 #### Example `warp-settings.txt` file
 
-After you have downloaded the WARP diagnostic logs, open the `warp-settings.txt` file. Review the following example `warp-settings.txt` file and the descriptions of its content below.
+Find the WARP diagnostic logs on your desktop, and open the `warp-settings.txt` file. Review the following example `warp-settings.txt` file and the descriptions of its content below.
 
 ```txt
 Merged configuration:
@@ -467,15 +467,20 @@ To ensure efficient resolution when [contacting support](/support/contacting-clo
       <input type="checkbox" /> Context: Briefly describe the scenario or use case (for example, where the user was, what they were trying to do).
     </label>
   </li>
-  <li>
+	  <li>
     <label>
-      <input type="checkbox" /> Steps taken so far: Outline any troubleshooting or changes already attempted.
+      <input type="checkbox" /> Reproduction steps: Describe the steps you took to reproduce the issue during troubleshhooting.
     </label>
   </li>
   <li>
     <label>
       <input type="checkbox" /> Timestamps: Be specific and include the exact time and time zone when the issue occurred.
     </label>
+  </li>
+	  <li>
+    <label>
+      <input type="checkbox" /> Troubleshooting attempts: Outline any troubleshooting steps or changes already attempted to resolve the issue.
+    </label>
   </li>
 	<li>
     <label>
@@ -493,5 +498,5 @@ Ken was on the train and had captive portal issues. `warp-diag` is attached.
 :::tip[Include scenario, timestamps, and steps taken to troubleshoot the issue]
 Refer to the following example of an ideal ticket description:
 
-Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `error_message_details`. A warp diag was collected immediately after and is attached.
+Karen was on a train on July 17, 2025, at approximately 1:00 PM Central Time. She attempted to connect to a captive portal but received the following error message in Chrome: `ERR_CONNECTION_RESET`. A warp diag was collected immediately after and is attached.
 :::
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
index 7f7c52f3c01a1d..448c5384095cf8 100644
--- a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
+++ b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
@@ -4,6 +4,8 @@ inputParameters: bestPractice
 
 import { Render } from "~/components";
 
+Devices must be actively connected to the Internet for remote captures to run.
+
 To capture data from a remote device:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.

From 32b2880ef92ec6da91aa6f13f2a8cc4af7268c1f Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 14 Aug 2025 04:16:10 +0100
Subject: [PATCH 17/21] remove details unnecessary space

---
 .../cloudflare-one/warp/warp-installation-details.mdx         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx b/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx
index 41e1045abc7139..e0db476300c225 100644
--- a/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx
+++ b/src/content/partials/cloudflare-one/warp/warp-installation-details.mdx
@@ -11,7 +11,7 @@ The GUI and daemon (or service) have different names and are stored in the follo
 | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Service / Daemon** | `C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe`                                                                                                                                                       |
 | **GUI application**  | `C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe`                                                                                                                                                |
-| **Logs Location**    | <details><summary>Daemon</summary><br/>`C:\ProgramData\Cloudflare\`</details><br/><details><summary>GUI Logs</summary><br/>`C:\Users\<USER>.WARP\AppData\Local`<br/>or<br/>`%LOCALAPPDATA%\Cloudflare`</details> |
+| **Logs Location**    | <details><summary>Daemon</summary>`C:\ProgramData\Cloudflare\`</details><br/><details><summary>GUI Logs</summary>`C:\Users\<USER>.WARP\AppData\Local`<br/>or<br/>`%LOCALAPPDATA%\Cloudflare`</details> |
 
 </details>
 
@@ -22,7 +22,7 @@ The GUI and daemon (or service) have different names and are stored in the follo
 | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | **Service / Daemon** | `/Applications/Cloudflare WARP.app/Contents/Resources/CloudflareWARP`                                                                                                           |
 | **GUI application**  | `/Applications/Cloudflare WARP.app/Contents/MacOS/Cloudflare WARP`                                                                                                              |
-| **Logs Location**    | <details><summary>Daemon</summary><br/>`/Library/Application Support/Cloudflare/`</details><br/><details><summary>GUI Logs</summary><br/>`~/Library/Logs/Cloudflare/`</details> |
+| **Logs Location**    | <details><summary>Daemon</summary>`/Library/Application Support/Cloudflare/`</details><details><summary>GUI Logs</summary>`~/Library/Logs/Cloudflare/`</details> |
 
 </details>
 

From 9d2c361adc8136a0b5e151022ba011f787a388e5 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Thu, 14 Aug 2025 04:38:31 +0100
Subject: [PATCH 18/21] links

---
 .../warp/configure-warp/managed-networks.mdx        |  1 +
 .../warp-overview-course/series/warp-basics-1.mdx   | 13 +++++++------
 .../warp-overview-course/series/warp-basics-2.mdx   |  9 +++++----
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
index d8ac3a2614af20..8738f7165fd745 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
@@ -302,3 +302,4 @@ To check if the WARP client detects the network location:
 
 - [Device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) - How to create and manage the device profiles you apply via managed networks.
 - [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) - Defines how WARP behaves and what users can do.
+- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
diff --git a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
index 97b342d6d02159..227ea33de24d2d 100644
--- a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
+++ b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
@@ -31,13 +31,14 @@ import { Render, Tabs, TabItem, Stream, Card } from "~/components";
 
       **Related content**
 
-      Explore the following resources on WARP, device profiles, operating modes, and split tunneling:       
-      
-        - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)  
-        - [Using Cloudflare WARP for Teams](/cloudflare-one/connections/connect-devices/warp/set-up-warp/)  
-        - [Configuring Device Profiles for Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)  
-        - [Cloudflare WARP Operating Modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/)  
+      Explore the following resources on WARP, device profiles, operating modes, and split tunneling:
+
+        - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)
+        - [Set up WARP](/cloudflare-one/connections/connect-devices/warp/set-up-warp/)
+        - [Configure Device Profiles for Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)
+        - [Cloudflare WARP Operating Modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/)
         - [Split Tunneling with Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/)
+				- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
 
     </Card>
   </TabItem>
diff --git a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
index ffa4de440b0041..833f6d99bc2f00 100644
--- a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
+++ b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
@@ -33,10 +33,11 @@ import { Render, Tabs, TabItem, Stream, Card } from "~/components";
 
       **Related content**
 
-      Explore the following resources on WARP, device profiles, operating modes, and split tunneling:       
-      
-        - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)  
-        - [Troubleshooting WARP](/cloudflare-one/connections/connect-devices/warp/troubleshooting/)  
+      Explore the following resources on WARP, device profiles, operating modes, and split tunneling:
+
+        - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)
+        - [Troubleshooting WARP](/cloudflare-one/connections/connect-devices/warp/troubleshooting/)
+				- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
     </Card>
   </TabItem>
 

From 0561fd77dcd4c60034279b5e73fad14127e01816 Mon Sep 17 00:00:00 2001
From: Kate Tungusova <70746074+deadlypants1973@users.noreply.github.com>
Date: Thu, 21 Aug 2025 10:20:34 +0100
Subject: [PATCH 19/21] Apply suggestions from code review

Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
---
 .../warp/troubleshooting/troubleshooting-guide.mdx     | 10 +++++-----
 .../warp-overview-course/series/warp-basics-1.mdx      |  2 +-
 .../warp-overview-course/series/warp-basics-2.mdx      |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index 123cfeba1202fa..f5fcc4aea722e4 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -9,7 +9,7 @@ import { MetaInfo, Render, Steps, Stream, Tabs, TabItem, Type } from "~/componen
 
 This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux.
 
-1. **Before you start**: [Prerequisites](#prerequisites), permissions, [version control](#check-your-warp-version) and WARP basics.
+1. **Before you start**: [Prerequisites](#prerequisites), permissions, [version control](#check-your-warp-version), and WARP basics.
 2. **Collect logs**: Through the [dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`).
 3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings.
 4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings), [user group mismatch](#check-a-users-group-membership).
@@ -90,7 +90,7 @@ Collect WARP diagnostic logs remotely from the Zero Trust dashboard by using Dig
 
 :::tip[Best practice]
 
-To troubleshoot effectively, Cloudflare recommends reproducing the issue and noting your timestamps immediately before collecting logs. Though recreating the issue may not be possible in all cases, reproducing the issue right before WARP diag collection or during the window that a PCAP is running will help you troubleshoot with greater visibility.
+To troubleshoot effectively, Cloudflare recommends reproducing the issue and noting your timestamps immediately before collecting logs. Though recreating the issue may not be possible in all cases, reproducing the issue right before WARP diag collection or during the window that a packet capture (PCAP) is running will help you troubleshoot with greater visibility.
 
 Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#log-retention-window) to learn more.
 :::
@@ -288,7 +288,7 @@ Allowed to Leave Org: true
 
 ##### LAN Access Settings
 
-Refers to the [Allow users to enable local network exclusion](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-users-to-enable-local-network-exclusion) setting. When enabled, it allows users to temporarily access local devices (like printers) by excluding the detected local subnet from the WARP tunnel. This example indicates access is allowed until the next WARP reconnection, and only for subnets up to /24.
+Refers to the [Allow users to enable local network exclusion](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-users-to-enable-local-network-exclusion) setting. When enabled, it allows users to temporarily access local devices (like printers) by excluding the detected local subnet from the WARP tunnel. This example indicates access is allowed until the next WARP reconnection, and only for subnets up to `/24`.
 
 ```txt
 LAN Access Settings: Allowed until reconnect on a /24 subnet
@@ -325,7 +325,7 @@ If your organization has multiple device profiles defined in the Zero Trust dash
 
 2. [Managed network](#review-your-managed-network-settings) issues.
 3. User group [mismatch](#check-a-users-group-membership).
-4. Lack of [precise match rules](#edit-your-device-profile-match-rules)
+4. Lack of [precise match rules](#edit-your-device-profile-match-rules).
 
 #### Check the applied device profile
 
@@ -385,7 +385,7 @@ To check that the user belongs to the intended group:
 1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My Team** > **Users**.
 2. Select the user.
 3. Under **User Registry Identity**, select the user's name.
-4. The Get-identity endpoint lists all the groups the user belongs to.
+4. The **Get-identity endpoint** lists all the groups the user belongs to.
 
 If the user was recently added to a group, they will need to update their group membership with Cloudflare Zero Trust. This can be accomplished by logging into the reauthenticate endpoint.
 
diff --git a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
index 227ea33de24d2d..6c5b06293fdf95 100644
--- a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
+++ b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-1.mdx
@@ -38,7 +38,7 @@ import { Render, Tabs, TabItem, Stream, Card } from "~/components";
         - [Configure Device Profiles for Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/)
         - [Cloudflare WARP Operating Modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/)
         - [Split Tunneling with Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/)
-				- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
+        - [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
 
     </Card>
   </TabItem>
diff --git a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
index 833f6d99bc2f00..99508462c27e80 100644
--- a/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
+++ b/src/content/docs/learning-paths/warp-overview-course/series/warp-basics-2.mdx
@@ -37,7 +37,7 @@ import { Render, Tabs, TabItem, Stream, Card } from "~/components";
 
         - [Introduction to Cloudflare WARP](/cloudflare-one/connections/connect-devices/warp/)
         - [Troubleshooting WARP](/cloudflare-one/connections/connect-devices/warp/troubleshooting/)
-				- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
+        - [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
     </Card>
   </TabItem>
 

From 9d073c1472bc991df95e9505fb3285a229f6512f Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Mon, 25 Aug 2025 16:50:40 +0100
Subject: [PATCH 20/21] error fix

---
 src/content/docs/cloudflare-one/insights/dex/monitoring.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
index 950ef03d18b76e..ec7f2aa3cddf6b 100644
--- a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
@@ -1,5 +1,5 @@
 ---
-pcx_content_type: reference
+pcx_content_type: concept
 title: Monitoring
 sidebar:
   order: 2

From fd2590689b9e3a78b0893d501a345cf89d404d4c Mon Sep 17 00:00:00 2001
From: Kate Tungusova <ktungusova@cloudflare.com>
Date: Wed, 27 Aug 2025 17:00:38 +0100
Subject: [PATCH 21/21] error fixes

---
 .../warp/configure-warp/device-profiles.mdx   |  2 +-
 .../warp/configure-warp/managed-networks.mdx  |  4 ++--
 .../route-traffic/split-tunnels.mdx           |  2 +-
 .../warp/configure-warp/warp-modes/index.mdx  |  6 ++---
 .../warp/configure-warp/warp-sessions.mdx     |  2 +-
 .../connect-devices/warp/index.mdx            |  2 +-
 .../troubleshooting/troubleshooting-guide.mdx | 23 ++++++++++---------
 .../warp/troubleshooting/warp-logs.mdx        |  2 +-
 .../insights/dex/monitoring.mdx               |  2 +-
 .../insights/dex/remote-captures.mdx          |  4 ++--
 10 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
index 49b15e4c6122fe..def96b08dbf5e0 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
@@ -219,4 +219,4 @@ To evaluate multiple conditions in an expression, select a logical operator:
 
 ## Order of precedence
 
-<Render file="warp/device-profile-order-of-precedence" />
+<Render file="warp/device-profile-order-of-precedence" product="cloudflare-one"/>
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
index 8738f7165fd745..0eba7932ba667d 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks.mdx
@@ -202,7 +202,7 @@ SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8
 
 </TabItem> <TabItem label="Remote server">
 
-<Render file="warp/managed-networks-sha-256" />
+<Render file="warp/managed-networks-sha-256" product="cloudflare-one"/>
 
 </TabItem> </Tabs>
 
@@ -302,4 +302,4 @@ To check if the WARP client detects the network location:
 
 - [Device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) - How to create and manage the device profiles you apply via managed networks.
 - [WARP settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/) - Defines how WARP behaves and what users can do.
-- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/)
+- [WARP troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/) - Troubleshoot common WARP issues.
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
index 1fa3b9b18c6c32..c6e3e5d413a719 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels.mdx
@@ -7,7 +7,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-<Render file="warp/split-tunnel-intro" />
+<Render file="warp/split-tunnel-intro" product="cloudflare-one"/>
 
 ## Change Split Tunnels mode
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
index 2bb2c80573b1f9..92562b3094ebc8 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
@@ -25,7 +25,7 @@ Gateway with DNS-over-HTTPS (DoH) is best suited for organizations that only wan
 
 ## Secure Web Gateway without DNS filtering
 
-This mode (sometimes referred to as tunnel-only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
+Secure Web Gateway without DNS filtering mode (sometimes referred to as tunnel-only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
 
 | DNS filtering | Network filtering | HTTP filtering | Features enabled                                                                                                                          |
 | ------------- | ----------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
@@ -33,9 +33,9 @@ This mode (sometimes referred to as tunnel-only mode) is best suited for organiz
 
 :::note
 
-- This mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/).
+- Secure Web Gateway without DNS filtering mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/).
 - Only available on Windows, Linux, and macOS.
-- This mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode).
+- Secure Web Gateway without DNS filtering mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode).
 
 :::
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
index 353248855c15b1..6afad2a6a920e2 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions.mdx
@@ -55,7 +55,7 @@ If the user has an active browser session with the IdP, WARP will use the existi
 
 ## Manually reauthenticate
 
-<Render file="warp/manually-reauth" />
+<Render file="warp/manually-reauth" product="cloudflare-one" />
 
 ## Limitations
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
index bf6bf6466d2573..37499783783bef 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/index.mdx
@@ -42,7 +42,7 @@ For more information on how the WARP client routes traffic, refer to the [WARP a
 
 ## WARP installation details
 
-<Render file="warp/warp-installation-details" />
+<Render file="warp/warp-installation-details" product="cloudflare-one"/>
 
 ## Key benefits of using WARP
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
index f5fcc4aea722e4..f17fbc6f63e6de 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide.mdx
@@ -66,17 +66,17 @@ Understand the WARP client’s architecture, installation paths, and modes to he
 
 #### WARP architecture
 
-<Render file="warp/warp-comprises" />
+<Render file="warp/warp-comprises" product="cloudflare-one" />
 
 #### WARP installation details
 
-<Render file="warp/warp-installation-details" />
+<Render file="warp/warp-installation-details" product="cloudflare-one" />
 
 #### WARP modes
 
 WARP operates in several modes, each with different traffic handling capabilities:
 
-<Render file="warp/warp-modes" />
+<Render file="warp/warp-modes" product="cloudflare-one" />
 
 ## 2. Collect diagnostic logs
 
@@ -97,6 +97,7 @@ Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices
 
 <Render
   file="dex/pcaps-run"
+	product="cloudflare-one"
   params={{
     bestPractice: 'You must select WARP Diagnostic Logs. You can also choose to run a PCAP and reproduce the issue in the window the PCAP is running to gain further network insight. The scope of this troubleshooting covers only WARP diagnostic logs. If not choosing PCAPs, reproduce the issue right before running diagnostics.'
   }}
@@ -105,11 +106,11 @@ Refer to [WARP log retention window](/cloudflare-one/connections/connect-devices
 
 #### Check remote capture status
 
-<Render file="dex/pcaps-check" />
+<Render file="dex/pcaps-check" product="cloudflare-one" />
 
 #### Download remote captures
 
-<Render file="dex/pcaps-download" />
+<Render file="dex/pcaps-download" product="cloudflare-one" />
 
 After you have your diagnostic files, go to [Review key files](/cloudflare-one/connections/connect-devices/warp/troubleshooting/troubleshooting-guide/#3-review-key-files) to continue troubleshooting.
 
@@ -117,7 +118,7 @@ After you have your diagnostic files, go to [Review key files](/cloudflare-one/c
 
 Collect WARP diagnostic logs on your desktop using the `warp-diag` CLI.
 
-<Render file="warp/warpdiag-run" />
+<Render file="warp/warpdiag-run" product="cloudflare-one" />
 
 :::tip[Best practice]
 
@@ -319,7 +320,7 @@ If your organization has multiple device profiles defined in the Zero Trust dash
 
 :::note[WARP evaluates profile IDs in the order they appear in the dashboard]
 
-<Render file="warp/device-profile-order-of-precedence" />
+<Render file="warp/device-profile-order-of-precedence" product="cloudflare-one" />
 
 :::
 
@@ -362,7 +363,7 @@ When troubleshooting WARP for managed network issues:
 
 	The WARP client connects to the TLS endpoint to identify the network. If the endpoint is down or unreachable, the WARP client will fail to detect the network and apply the wrong profile.
 
-	<Render file="warp/managed-networks-sha-256" />
+	<Render file="warp/managed-networks-sha-256" product="cloudflare-one" />
 
 	If the endpoint is down, you will receive a `Could not find certificate from <stdin>` response.
 
@@ -389,17 +390,17 @@ To check that the user belongs to the intended group:
 
 If the user was recently added to a group, they will need to update their group membership with Cloudflare Zero Trust. This can be accomplished by logging into the reauthenticate endpoint.
 
-<Render file="warp/manually-reauth" />
+<Render file="warp/manually-reauth" product="cloudflare-one" />
 
 #### Edit your device profile match rules
 
 To modify the match rules of a device profile, you will need to edit the device profile. To edit the device profile:
 
-<Render file="warp/edit-profile-settings" />
+<Render file="warp/edit-profile-settings" product="cloudflare-one" />
 
 ### Wrong split tunnel configuration
 
-<Render file="warp/split-tunnel-intro" />
+<Render file="warp/split-tunnel-intro" product="cloudflare-one" />
 
 A misconfigured [split tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) can cause connectivity issues.
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
index d1849efd3fee5f..d8dc83482bcfea 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
@@ -31,7 +31,7 @@ The WARP client provides diagnostic logs that you can use to troubleshoot connec
 
 ### Retrieve logs
 
-<Render file="warp/warpdiag-run" />
+<Render file="warp/warpdiag-run" product="cloudflare-one" />
 
 :::note
 You can also use Digital Experience Monitoring to run `warp-diag` commands on remote devices. For more information, refer to [Remote captures](/cloudflare-one/insights/dex/remote-captures/).
diff --git a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
index ec7f2aa3cddf6b..e1b8f0d98a28ec 100644
--- a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
@@ -1,5 +1,5 @@
 ---
-pcx_content_type: concept
+pcx_content_type: how-to
 title: Monitoring
 sidebar:
   order: 2
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
index 8dc8c087467476..d9a05401192428 100644
--- a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -28,11 +28,11 @@ Remote captures allow administrators to collect packet captures (PCAPs) and WARP
 
 ## Start a remote capture
 
-<Render file="dex/pcaps-run" />
+<Render file="dex/pcaps-run" product="cloudflare-one" />
 
 ## Check remote capture status
 
-<Render file="dex/pcaps-check" />
+<Render file="dex/pcaps-check" product="cloudflare-one" />
 
 ## Download remote captures