diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index c8d78282060a5e..46822e5714c2b6 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -59,8 +59,8 @@
/src/content/docs/cloudflare-one/applications/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/identity/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/policies/access/ @kennyj42 @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-devices/ @ranbel @cloudflare/pcx-technical-writing
-/src/content/docs/cloudflare-one/connections/connect-networks/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/team-and-resources/devices/ @ranbel @cloudflare/pcx-technical-writing
+/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/ @nikitacano @ranbel @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/applications/casb/ @maxvp @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/policies/gateway/ @maxvp @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/policies/browser-isolation/ @maxvp @ranbel @cloudflare/pcx-technical-writing
diff --git a/public/__redirects b/public/__redirects
index 5ed0d71be41734..872647ab533822 100644
--- a/public/__redirects
+++ b/public/__redirects
@@ -2352,6 +2352,8 @@
/logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
/logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301
/speed/optimization/other/* /speed/optimization/ 301
+/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices 301
+/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/ 301
# AI Crawl Control
/ai-audit/* /ai-crawl-control/:splat 301
@@ -2360,6 +2362,7 @@
/autorag/* /ai-search/:splat 301
# Cloudflare One / Zero Trust
+/cloudflare-one/connections/ /cloudflare-one/ 301
/cloudflare-one/applications/configure-apps/dash-sso-apps/ /fundamentals/account/account-security/dashboard-sso/ 301
/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/local/as-a-service/* /cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/:splat 301
/cloudflare-one/connections/connect-apps/install-and-setup/deployment-guides/* /cloudflare-one/connections/connect-networks/deployment-guides/:splat 301
diff --git a/src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx b/src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx
index d6f845be962924..0c668cbc1b535d 100644
--- a/src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx
+++ b/src/content/changelog/access/2024-10-01-ssh-with-access-for-infrastructure.mdx
@@ -8,7 +8,7 @@ products:
Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs.
-SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/).
+SSH with [Access for Infrastructure](/cloudflare-one/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-warp-to-tunnel/).
SSH with Access for Infrastructure enables you to:
@@ -18,4 +18,4 @@ SSH with Access for Infrastructure enables you to:
-To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
+To get started, refer to [SSH with Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/).
diff --git a/src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx b/src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx
index 3278d173d6737d..9a15f6363ef8a0 100644
--- a/src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx
+++ b/src/content/changelog/access/2025-07-01-browser-based-rdp-open-beta.mdx
@@ -6,7 +6,7 @@ products:
- access
---
-[Browser-based RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now available in open beta for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
With browser-based RDP, you can:
@@ -17,4 +17,4 @@ With browser-based RDP, you can:
-To get started, see [Connect to RDP in a browser](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To get started, see [Connect to RDP in a browser](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).
diff --git a/src/content/changelog/access/2025-08-15-sftp.mdx b/src/content/changelog/access/2025-08-15-sftp.mdx
index 035c27d1175f33..9dfcae403bca10 100644
--- a/src/content/changelog/access/2025-08-15-sftp.mdx
+++ b/src/content/changelog/access/2025-08-15-sftp.mdx
@@ -6,4 +6,4 @@ products:
- access
---
-[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.
+[SSH with Cloudflare Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) now supports SFTP. It is compatible with SFTP clients, such as Cyberduck.
diff --git a/src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx b/src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx
index 6ebfb31f9763c6..211cfde01efae5 100644
--- a/src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx
+++ b/src/content/changelog/access/2025-09-22-browser-based-rdp-ga.mdx
@@ -6,11 +6,11 @@ products:
- access
---
-[Browser-based RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
+[Browser-based RDP](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/) with [Cloudflare Access](/cloudflare-one/policies/access/) is now generally available for all Cloudflare customers. It enables secure, remote Windows server access without VPNs or RDP clients.
Since we announced our [open beta](/changelog/access/#2025-06-30), we've made a few improvements:
- Support for targets with IPv6.
-- Support for [Magic WAN](/magic-wan/) and [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) as on-ramps.
+- Support for [Magic WAN](/magic-wan/) and [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) as on-ramps.
- More robust error messaging on the login page to help you if you encounter an issue.
- Worldwide keyboard support. Whether your day-to-day is in Portuguese, Chinese, or something in between, your browser-based RDP experience will look and feel exactly like you are using a desktop RDP client.
- Cleaned up some other miscellaneous issues, including but not limited to enhanced support for Entra ID accounts and support for usernames with spaces, quotes, and special characters.
@@ -24,4 +24,4 @@ As a refresher, here are some benefits browser-based RDP provides:
-To get started, refer to [Connect to RDP in a browser](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To get started, refer to [Connect to RDP in a browser](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).
diff --git a/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx b/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx
index ec4c32f5081fe9..267fccac7ca1bb 100644
--- a/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx
+++ b/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx
@@ -12,4 +12,4 @@ A diagnostic report collects data from a single instance of `cloudflared` runnin
-For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/).
+For more information, refer to [Diagnostic logs](/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/).
diff --git a/src/content/changelog/cloudflare-tunnel/2025-07-15-udp-improvements.mdx b/src/content/changelog/cloudflare-tunnel/2025-07-15-udp-improvements.mdx
index 893c2fc21807df..2167d606318510 100644
--- a/src/content/changelog/cloudflare-tunnel/2025-07-15-udp-improvements.mdx
+++ b/src/content/changelog/cloudflare-tunnel/2025-07-15-udp-improvements.mdx
@@ -6,7 +6,7 @@ date: 2025-07-15
import { Render } from "~/components";
-Your real-time applications running over [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.
+Your real-time applications running over [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.
This is a foundational improvement to Cloudflare Tunnel, delivered automatically to all customers. There are no settings to configure — your UDP traffic is already flowing faster and more reliably.
@@ -14,4 +14,4 @@ This is a foundational improvement to Cloudflare Tunnel, delivered automatically
- **Faster UDP performance**: We've significantly reduced the latency for establishing new UDP sessions, making applications like private DNS much more responsive.
- **Greater reliability for mixed traffic**: UDP packets are no longer affected by heavy TCP traffic, preventing timeouts and connection drops for your real-time services.
-Learn more about running [TCP or UDP applications](/reference-architecture/architectures/sase/#connecting-applications) and [private networks](/cloudflare-one/connections/connect-networks/private-net/) through [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/).
\ No newline at end of file
+Learn more about running [TCP or UDP applications](/reference-architecture/architectures/sase/#connecting-applications) and [private networks](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) through [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/).
\ No newline at end of file
diff --git a/src/content/changelog/cloudflare-tunnel/2025-09-02-tunnel-networks-list-endpoints-new-default.mdx b/src/content/changelog/cloudflare-tunnel/2025-09-02-tunnel-networks-list-endpoints-new-default.mdx
index 419dcfcbfa35c6..6d0b194ceba0f5 100644
--- a/src/content/changelog/cloudflare-tunnel/2025-09-02-tunnel-networks-list-endpoints-new-default.mdx
+++ b/src/content/changelog/cloudflare-tunnel/2025-09-02-tunnel-networks-list-endpoints-new-default.mdx
@@ -13,8 +13,8 @@ No action is required if you already explicitly set `is_deleted=false` or if you
This change affects the following API endpoints:
* List all tunnels: [`GET /accounts/{account_id}/tunnels`](/api/resources/zero_trust/subresources/tunnels/methods/list/)
-* List [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/): [`GET /accounts/{account_id}/cfd_tunnel`](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/methods/list/)
-* List [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) tunnels: [`GET /accounts/{account_id}/warp_connector`](/api/resources/zero_trust/subresources/tunnels/subresources/warp_connector/methods/list/)
+* List [Cloudflare Tunnels](/cloudflare-one/networks/connectors/cloudflare-tunnel/): [`GET /accounts/{account_id}/cfd_tunnel`](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/methods/list/)
+* List [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/) tunnels: [`GET /accounts/{account_id}/warp_connector`](/api/resources/zero_trust/subresources/tunnels/subresources/warp_connector/methods/list/)
* List tunnel routes: [`GET /accounts/{account_id}/teamnet/routes`](/api/resources/zero_trust/subresources/networks/subresources/routes/methods/list/)
* List subnets: [`GET /accounts/{account_id}/zerotrust/subnets`](/api/resources/zero_trust/subresources/networks/subresources/subnets/methods/list/)
* List virtual networks: [`GET /accounts/{account_id}/teamnet/virtual_networks`](/api/resources/zero_trust/subresources/networks/subresources/virtual_networks/methods/list/)
diff --git a/src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx b/src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx
index 8256206da02530..4e34d1466bbe61 100644
--- a/src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx
+++ b/src/content/changelog/cloudflare-tunnel/2025-09-18-tunnel-hostname-routing.mdx
@@ -6,9 +6,9 @@ date: 2025-09-18
import { Render } from "~/components";
-You can now route private traffic to [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) based on a hostname or domain, moving beyond the limitations of IP-based routing. This new capability is **free for all Cloudflare One customers**.
+You can now route private traffic to [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/) based on a hostname or domain, moving beyond the limitations of IP-based routing. This new capability is **free for all Cloudflare One customers**.
-Previously, Tunnel routes could only be defined by IP address or [CIDR range](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/). This created a challenge for modern applications with dynamic or ephemeral IP addresses, often forcing administrators to maintain complex and brittle IP lists.
+Previously, Tunnel routes could only be defined by IP address or [CIDR range](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-cidr/). This created a challenge for modern applications with dynamic or ephemeral IP addresses, often forcing administrators to maintain complex and brittle IP lists.
@@ -18,6 +18,6 @@ Previously, Tunnel routes could only be defined by IP address or [CIDR range](/c
- **Precise Egress Control**: Route traffic for public hostnames (e.g., `bank.example.com`) through a specific Tunnel to enforce a dedicated source IP, solving the IP allowlist problem for third-party services.
- **No More IP Lists**: This feature makes the workaround of maintaining dynamic IP Lists for Tunnel connections obsolete.
-Get started in the Tunnels section of the Zero Trust dashboard with your first [private hostname](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname/) or [public hostname](/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared/) route.
+Get started in the Tunnels section of the Zero Trust dashboard with your first [private hostname](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname/) or [public hostname](/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared/) route.
Learn more in our [blog post](https://blog.cloudflare.com/tunnel-hostname-routing/).
\ No newline at end of file
diff --git a/src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx b/src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx
index 80e031d4c3fd07..07dcb4136ba3d0 100644
--- a/src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx
+++ b/src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx
@@ -7,14 +7,14 @@ products:
hidden: false
---
-We're excited to introduce the [**Cloudflare Zero Trust Secure DNS Locations Write role**](/cloudflare-one/connections/connect-devices/agentless/dns/locations/#secure-dns-locations), designed to provide DNS filtering customers with granular control over third-party access when configuring their Protective DNS (PDNS) solutions.
+We're excited to introduce the [**Cloudflare Zero Trust Secure DNS Locations Write role**](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations), designed to provide DNS filtering customers with granular control over third-party access when configuring their Protective DNS (PDNS) solutions.
Many DNS filtering customers rely on external service partners to manage their DNS location endpoints. This role allows you to grant access to external parties to administer DNS locations without overprovisioning their permissions.
**Secure DNS Location Requirements:**
-- Mandate usage of [Bring your own DNS resolver IP addresses](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#bring-your-own-dns-resolver-ip) if available on the account.
+- Mandate usage of [Bring your own DNS resolver IP addresses](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips/#bring-your-own-dns-resolver-ip) if available on the account.
- Require source network filtering for IPv4/IPv6/DoT endpoints; token authentication or source network filtering for the DoH endpoint.
-You can assign the new role via Cloudflare Dashboard (`Manage Accounts > Members`) or via API. For more information, refer to the [Secure DNS Locations documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/#secure-dns-locations).
+You can assign the new role via Cloudflare Dashboard (`Manage Accounts > Members`) or via API. For more information, refer to the [Secure DNS Locations documentation](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations).
diff --git a/src/content/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx b/src/content/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx
index c22f717847819e..1328b328c1b4ac 100644
--- a/src/content/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx
+++ b/src/content/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx
@@ -8,7 +8,7 @@ products:
date: "2025-09-11"
---
-[Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-internet/#configure-dns-resolver-on-devices) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.
+[Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/site-to-internet/#configure-dns-resolver-on-devices) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.
Routing DNS traffic to the Gateway resolver allows DNS resolution and filtering for traffic coming from private networks while preserving source internal IP visibility. This ensures Magic WAN users have full integration with our Cloudflare One features, including [Internal DNS](/cloudflare-one/policies/gateway/resolver-policies/#internal-dns) and [hostname-based policies](/cloudflare-one/policies/gateway/egress-policies/#selector-prerequisites).
diff --git a/src/content/changelog/load-balancing/2025-05-06-private-health-monitoring-methods.mdx b/src/content/changelog/load-balancing/2025-05-06-private-health-monitoring-methods.mdx
index ec24d39aa0c7a1..829ea5bc4d55e4 100644
--- a/src/content/changelog/load-balancing/2025-05-06-private-health-monitoring-methods.mdx
+++ b/src/content/changelog/load-balancing/2025-05-06-private-health-monitoring-methods.mdx
@@ -12,6 +12,6 @@ Cloudflare Load Balancing now supports **UDP (Layer 4)** and **ICMP (Layer 3)**
- Use **UDP monitors** for lightweight health checks on non-TCP workloads, such as DNS, VoIP, or custom UDP-based services.
- Gain better visibility and uptime guarantees for services running behind **Private Network Load Balancing**, without requiring public IP addresses.
-This enhancement is ideal for internal applications that rely on low-level protocols, especially when used in conjunction with [**Cloudflare Tunnel**](/cloudflare-one/connections/connect-networks/), [**WARP**](/cloudflare-one/connections/connect-devices/warp/), and [**Magic WAN**](/magic-wan/) to create a secure and observable private network.
+This enhancement is ideal for internal applications that rely on low-level protocols, especially when used in conjunction with [**Cloudflare Tunnel**](/cloudflare-one/networks/connectors/cloudflare-tunnel/), [**WARP**](/cloudflare-one/team-and-resources/devices/warp/), and [**Magic WAN**](/magic-wan/) to create a secure and observable private network.
Learn more about [Private Network Load Balancing](/load-balancing/private-network/) or view the full list of [supported health monitor protocols](/load-balancing/monitors/#supported-protocols).
diff --git a/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-android.mdx b/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-android.mdx
index 20b3d40e08c58c..12d65128c2392d 100644
--- a/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-android.mdx
+++ b/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-android.mdx
@@ -4,10 +4,10 @@ description: Cloudflare One Agent for Android (version 2.4)
date: 2025-03-17
---
-A new GA release for the Android Cloudflare One Agent is now available in the [Google Play Store](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
+A new GA release for the Android Cloudflare One Agent is now available in the [Google Play Store](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
**Changes and improvements**
- Improved in-app error messages.
-- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url).
+- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url).
- Fixed an issue preventing admin split tunnel settings taking priority for traffic from certain applications.
diff --git a/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-ios.mdx b/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-ios.mdx
index 046b998bb37c7d..eaaddb574ba163 100644
--- a/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-ios.mdx
+++ b/src/content/changelog/zero-trust-warp/2025-03-17-warp-ga-ios.mdx
@@ -4,10 +4,10 @@ description: Cloudflare One Agent for iOS (version 1.10)
date: 2025-03-17
---
-A new GA release for the iOS Cloudflare One Agent is now available in the [iOS App Store](https://apps.apple.com/us/app/cloudflare-one-agent/id6443476492). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
+A new GA release for the iOS Cloudflare One Agent is now available in the [iOS App Store](https://apps.apple.com/us/app/cloudflare-one-agent/id6443476492). This release includes a new feature allowing [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url) during enrollment, as well as fixes and minor improvements.
**Changes and improvements**
- Improved in-app error messages.
-- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/#enroll-using-a-url).
+- Improved mobile client login with support for [team name insertion by URL](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/#enroll-using-a-url).
- Bug fixes and performance improvements.
diff --git a/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-android.mdx b/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-android.mdx
index d682d4f41a4726..aa4ac972509945 100644
--- a/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-android.mdx
+++ b/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-android.mdx
@@ -5,12 +5,12 @@ date: 2025-06-30
---
A new GA release for the Android Cloudflare One Agent is now available in the [Google Play Store](https://play.google.com/store/apps/details?id=com.cloudflare.cloudflareoneagent). This release
-contains improvements and new exciting features, including [post-quantum cryptography](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
+contains improvements and new exciting features, including [post-quantum cryptography](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
By tunneling your corporate network traffic over Cloudflare, you can now gain the immediate [protection of post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) without needing to upgrade any of your individual corporate applications or systems.
**Changes and improvements**
- QLogs are now disabled by default and can be enabled in the app by turning on **Enable qlogs** under **Settings** > **Advanced** > **Diagnostics** > **Debug Logs**. The QLog setting from previous releases will no longer be respected.
- DNS over HTTPS traffic is now included in the WARP tunnel by default.
-- The WARP client now applies [post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be enabled by [MDM](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
+- The WARP client now applies [post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be enabled by [MDM](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
- Fixed an issue that caused WARP connection failures on ChromeOS devices.
diff --git a/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-ios.mdx b/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-ios.mdx
index 915e015f6774be..e1a10a235b39b8 100644
--- a/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-ios.mdx
+++ b/src/content/changelog/zero-trust-warp/2025-06-30-warp-ga-ios.mdx
@@ -5,11 +5,11 @@ date: 2025-06-30
---
A new GA release for the iOS Cloudflare One Agent is now available in the [iOS App Store](https://apps.apple.com/us/app/cloudflare-one-agent/id6443476492). This release
-contains improvements and new exciting features, including [post-quantum cryptography](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
+contains improvements and new exciting features, including [post-quantum cryptography](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
By tunneling your corporate network traffic over Cloudflare, you can now gain the immediate [protection of post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) without needing to upgrade any of your individual corporate applications or systems.
**Changes and improvements**
- QLogs are now disabled by default and can be enabled in the app by turning on **Enable qlogs** under **Settings** > **Advanced** > **Diagnostics** > **Debug Logs**. The QLog setting from previous releases will no longer be respected.
- DNS over HTTPS traffic is now included in the WARP tunnel by default.
-- The WARP client now applies [post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be enabled by [MDM](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
+- The WARP client now applies [post-quantum cryptography](https://blog.cloudflare.com/pq-2024/) end-to-end on enabled devices accessing resources behind a Cloudflare Tunnel. This feature can be enabled by [MDM](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#enable_post_quantum).
diff --git a/src/content/changelog/zero-trust-warp/2025-08-29-warp-AI-diag-analyzer.mdx b/src/content/changelog/zero-trust-warp/2025-08-29-warp-AI-diag-analyzer.mdx
index bc4502ffaea219..216086c57bf263 100644
--- a/src/content/changelog/zero-trust-warp/2025-08-29-warp-AI-diag-analyzer.mdx
+++ b/src/content/changelog/zero-trust-warp/2025-08-29-warp-AI-diag-analyzer.mdx
@@ -4,4 +4,4 @@ description: Cloudflare One WARP Diagnostic AI Analyzer
date: 2025-08-29
---
-We're excited to share a new AI feature, the [WARP diagnostic analyzer](https://blog.cloudflare.com/AI-troubleshoot-warp-and-network-connectivity-issues/), to help you troubleshoot and resolve WARP connectivity issues faster. This beta feature is now available in the [Zero Trust dashboard](https://one.dash.cloudflare.com/) to all users. The AI analyzer makes it easier for you to identify the root cause of client connectivity issues by parsing [remote captures](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture) of [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs). The WARP diagnostic analyzer provides a summary of impact that may be experienced on the device, lists notable events that may contribute to performance issues, and recommended troubleshooting steps and articles to help you resolve these issues. Refer to [WARP diagnostics analyzer (beta)](/cloudflare-one/insights/dex/remote-captures/#warp-diagnostics-analyzer-beta) to learn more about how to maximize using the WARP diagnostic analyzer to troubleshoot the WARP client.
+We're excited to share a new AI feature, the [WARP diagnostic analyzer](https://blog.cloudflare.com/AI-troubleshoot-warp-and-network-connectivity-issues/), to help you troubleshoot and resolve WARP connectivity issues faster. This beta feature is now available in the [Zero Trust dashboard](https://one.dash.cloudflare.com/) to all users. The AI analyzer makes it easier for you to identify the root cause of client connectivity issues by parsing [remote captures](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture) of [WARP diagnostic logs](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/#warp-diag-logs). The WARP diagnostic analyzer provides a summary of impact that may be experienced on the device, lists notable events that may contribute to performance issues, and recommended troubleshooting steps and articles to help you resolve these issues. Refer to [WARP diagnostics analyzer (beta)](/cloudflare-one/insights/dex/remote-captures/#warp-diagnostics-analyzer-beta) to learn more about how to maximize using the WARP diagnostic analyzer to troubleshoot the WARP client.
diff --git a/src/content/docs/1.1.1.1/setup/google-cloud.mdx b/src/content/docs/1.1.1.1/setup/google-cloud.mdx
index 7185d08a82c70d..7ee83176e8867f 100644
--- a/src/content/docs/1.1.1.1/setup/google-cloud.mdx
+++ b/src/content/docs/1.1.1.1/setup/google-cloud.mdx
@@ -17,7 +17,7 @@ Google Cloud supports configuring [outbound server policy](https://cloud.google.
:::note
-If you are using [Cloudflare Zero Trust](/cloudflare-one/), you can choose assigned [locations](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) to apply custom [DNS policies](/cloudflare-one/policies/gateway/dns-policies/) via Gateway.
+If you are using [Cloudflare Zero Trust](/cloudflare-one/), you can choose assigned [locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) to apply custom [DNS policies](/cloudflare-one/policies/gateway/dns-policies/) via Gateway.
:::
diff --git a/src/content/docs/aegis/index.mdx b/src/content/docs/aegis/index.mdx
index 9c68eb4e43dbb4..08d6046cc04c35 100644
--- a/src/content/docs/aegis/index.mdx
+++ b/src/content/docs/aegis/index.mdx
@@ -35,7 +35,7 @@ Cloudflare Aegis is available in early access to Enterprise customers. Contact y
Cloudflare Access determines who can reach your application by applying the Access policies you configure.
-
+
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address.
diff --git a/src/content/docs/bots/get-started/super-bot-fight-mode.mdx b/src/content/docs/bots/get-started/super-bot-fight-mode.mdx
index a4f67964bbec11..93eed53b937fa2 100644
--- a/src/content/docs/bots/get-started/super-bot-fight-mode.mdx
+++ b/src/content/docs/bots/get-started/super-bot-fight-mode.mdx
@@ -73,7 +73,7 @@ To start using Super Bot Fight Mode:
:::caution[Warning]
-If your organization also uses [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), keep **Definitely Automated** set to **Allow**. Otherwise, tunnels might fail with a `websocket: bad handshake` error.
+If your organization also uses [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/), keep **Definitely Automated** set to **Allow**. Otherwise, tunnels might fail with a `websocket: bad handshake` error.
:::
diff --git a/src/content/docs/browser-rendering/rest-api/json-endpoint.mdx b/src/content/docs/browser-rendering/rest-api/json-endpoint.mdx
index eba8fd7772bccf..b7dc8778e288fb 100644
--- a/src/content/docs/browser-rendering/rest-api/json-endpoint.mdx
+++ b/src/content/docs/browser-rendering/rest-api/json-endpoint.mdx
@@ -206,7 +206,7 @@ curl --request POST 'https://api.cloudflare.com/client/v4/accounts/CF_ACCOUNT_ID
},
{
"name": "Tunnel",
- "link": "https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/"
+ "link": "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/"
},
{
"name": "Gateway",
diff --git a/src/content/docs/browser-rendering/rest-api/links-endpoint.mdx b/src/content/docs/browser-rendering/rest-api/links-endpoint.mdx
index a4ec95abdffb90..551496529a7642 100644
--- a/src/content/docs/browser-rendering/rest-api/links-endpoint.mdx
+++ b/src/content/docs/browser-rendering/rest-api/links-endpoint.mdx
@@ -56,7 +56,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts//browser-
"https://playground.ai.cloudflare.com/",
"https://developers.cloudflare.com/products/?product-group=AI",
"https://developers.cloudflare.com/cloudflare-one/policies/access/",
- "https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/",
+ "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/",
"https://developers.cloudflare.com/cloudflare-one/policies/gateway/",
"https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/",
"https://developers.cloudflare.com/learning-paths/replace-vpn/concepts/",
@@ -66,7 +66,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts//browser-
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwBWABwBGAOyjRANgDMAFgCcygFwsWbYBzhcafASInS5S1QFgAUAGF0VCAFMH2ACJQAzjHQeo0e2ok2ngExCRUcMCODABEUDSOAB4AdABWHjGkqFBgzpHRcQkp6THWdg7OENgAKnQwjoFwMDBgfARQ9sipcABucB68CLAQANTA6LjgjtbWSd5IJLiOqHDgECQA3lYkJP10VLxBjhC8ABYAFAiOAI4gjh4QAJSb2zskyABUH69vHyQASo4WnBeI4SAADK7jJzgkgAdz8pxIEFOYNOPnWdEo8M8SIg6BIHmcuBIV1u9wgHmR6B+Ow+yFpvHsD1JjmhYIYJBipwgEBgHjUyGQSUiLUcySZwEyVlpVwgIAQVF2cLgfiOJwuUPQTgANKzyQ9HkRXgBfHVWE1EayaZjaXT6Hj8IRiKQyBQqZRlexOFzuLw+PwdKiBYK6UgRKKxKKEXSZII5PKRmJkMDoMilWzeyo1OoNXbNVq8dqddL2GZWDYxYCqqgAfXGk1yMTUhSWxQyJutNrtoQdhmdJjd5mUzCAA",
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwBmACyiAnBMFSAbIICMALhYs2wDnC40+AkeKkyJ8hQFgAUAGF0VCAFNb2ACJQAzjHSuo0G0pLq8AmISKjhgOwYAIigaOwAPADoAK1dI0lQoMAcwiOjYxJTIi2tbBwhsABU6GDs-OBgYMD4CKBtkJLgANzhXXgRYCABqYHRccDsLC3iPJBJcO1Q4cAgSAG9zEhIeuipefzsIXgALAAoEOwBHEDtXCABKNY3Nkl4bW7mb6FCfKgBVACUADIkBgkSJHCAQGCuJTIZDxMKNOwJV7ANJPTavKjvW4EECuazzEEkYSKIgYkjnCAgBBUEj-G4ebHI848c68CAnea3GItGwAwEAGhIuOpBNGdju5M2AF9BeYZUQLKpmOpNNoePwhGJJNI5IpijZ7I4XO5PN5WlQ-AFNKRQuEouFCJo0v5MtkHZEyGB0GQilYjWVKtValsGk1eHyqO1XDZJuZVpFgHAYgB9EZjLKRJR5eYFVIy5UqtVBDW6bUGPXGRTMIA",
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwAOAJwBmAIyiATKMkB2AKwyAXCxZtgHOFxp8BIidLmKVAWABQAYXRUIAU3vYAIlADOMdO6jQ7qki08AmISKjhgBwYAIigaBwAPADoAK3do0lQoMCcIqNj45LToq1t7JwhsABU6GAcAuBgYMD4CKDtkFLgANzh3XgRYCABqYHRccAcrK0SvJBJcB1Q4cAgSAG9LEhI+uipeQIcIXgALAAoEBwBHEAd3CABKDa3tnfc9g9RqXj8qEgBZI4ncYAOXQEAAgmAwOgAO4OXAXa63e5PTavV6XCAgBB-KgOWEkABKdy8VHcDjOAANARBgbgSAASdaXG53CBJSJ08YAXzC4J20LhCKSVIANM8MRj7gQQO4AgAWQRKMUvKUkE4OOCLBDyyXq15QmGwgLRADiAFEqtFVQaSDzbVKeQ8iGr7W7kMgSAB5KhgOgkS1VEislEQdwkWGYADWkd8JxIdI8JBgCHQCToSTdUFQJCRbPunKB4xIAEIGAwSOardEnlicX9afSwZChfDEaH2S63fXcYdjucqScIBAYPLPYkIs0HEleOhgFTu9sHZYeUQrBpmFodHoePwhGIpLJ5MoZKU7I5nG5PN5fO0qAEgjpSOFIjEudqQhlAtlcm-omQMJkCUNgXhU1S1PUOxNC0vBtB0aR2NMljrNEwBwHEAD6YwTDk0SqAUixFOkPIbpu24hLuBgHsYx5mDIzBAA",
- "https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/",
+ "https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/",
"https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/",
"https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/",
"https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/",
@@ -172,7 +172,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts//browser-
"https://playground.ai.cloudflare.com/",
"https://developers.cloudflare.com/products/?product-group=AI",
"https://developers.cloudflare.com/cloudflare-one/policies/access/",
- "https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/",
+ "https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/",
"https://developers.cloudflare.com/cloudflare-one/policies/gateway/",
"https://developers.cloudflare.com/cloudflare-one/policies/browser-isolation/",
"https://developers.cloudflare.com/learning-paths/replace-vpn/concepts/",
@@ -182,7 +182,7 @@ curl -X POST 'https://api.cloudflare.com/client/v4/accounts//browser-
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwBWABwBGAOyjRANgDMAFgCcygFwsWbYBzhcafASInS5S1QFgAUAGF0VCAFMH2ACJQAzjHQeo0e2ok2ngExCRUcMCODABEUDSOAB4AdABWHjGkqFBgzpHRcQkp6THWdg7OENgAKnQwjoFwMDBgfARQ9sipcABucB68CLAQANTA6LjgjtbWSd5IJLiOqHDgECQA3lYkJP10VLxBjhC8ABYAFAiOAI4gjh4QAJSb2zskyABUH69vHyQASo4WnBeI4SAADK7jJzgkgAdz8pxIEFOYNOPnWdEo8M8SIg6BIHmcuBIV1u9wgHmR6B+Ow+yFpvHsD1JjmhYIYJBipwgEBgHjUyGQSUiLUcySZwEyVlpVwgIAQVF2cLgfiOJwuUPQTgANKzyQ9HkRXgBfHVWE1EayaZjaXT6Hj8IRiKQyBQqZRlexOFzuLw+PwdKiBYK6UgRKKxKKEXSZII5PKRmJkMDoMilWzeyo1OoNXbNVq8dqddL2GZWDYxYCqqgAfXGk1yMTUhSWxQyJutNrtoQdhmdJjd5mUzCAA",
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwBmACyiAnBMFSAbIICMALhYs2wDnC40+AkeKkyJ8hQFgAUAGF0VCAFNb2ACJQAzjHSuo0G0pLq8AmISKjhgOwYAIigaOwAPADoAK1dI0lQoMAcwiOjYxJTIi2tbBwhsABU6GDs-OBgYMD4CKBtkJLgANzhXXgRYCABqYHRccDsLC3iPJBJcO1Q4cAgSAG9zEhIeuipefzsIXgALAAoEOwBHEDtXCABKNY3Nkl4bW7mb6FCfKgBVACUADIkBgkSJHCAQGCuJTIZDxMKNOwJV7ANJPTavKjvW4EECuazzEEkYSKIgYkjnCAgBBUEj-G4ebHI848c68CAnea3GItGwAwEAGhIuOpBNGdju5M2AF9BeYZUQLKpmOpNNoePwhGJJNI5IpijZ7I4XO5PN5WlQ-AFNKRQuEouFCJo0v5MtkHZEyGB0GQilYjWVKtValsGk1eHyqO1XDZJuZVpFgHAYgB9EZjLKRJR5eYFVIy5UqtVBDW6bUGPXGRTMIA",
"https://workers.cloudflare.com/playground#LYVwNgLglgDghgJwgegGYHsHALQBM4RwDcABAEbogB2+CAngLzbPYZb6HbW5QDGU2AAwAOAJwBmAIyiATKMkB2AKwyAXCxZtgHOFxp8BIidLmKVAWABQAYXRUIAU3vYAIlADOMdO6jQ7qki08AmISKjhgBwYAIigaBwAPADoAK3do0lQoMCcIqNj45LToq1t7JwhsABU6GAcAuBgYMD4CKDtkFLgANzh3XgRYCABqYHRccAcrK0SvJBJcB1Q4cAgSAG9LEhI+uipeQIcIXgALAAoEBwBHEAd3CABKDa3tnfc9g9RqXj8qEgBZI4ncYAOXQEAAgmAwOgAO4OXAXa63e5PTavV6XCAgBB-KgOWEkABKdy8VHcDjOAANARBgbgSAASdaXG53CBJSJ08YAXzC4J20LhCKSVIANM8MRj7gQQO4AgAWQRKMUvKUkE4OOCLBDyyXq15QmGwgLRADiAFEqtFVQaSDzbVKeQ8iGr7W7kMgSAB5KhgOgkS1VEislEQdwkWGYADWkd8JxIdI8JBgCHQCToSTdUFQJCRbPunKB4xIAEIGAwSOardEnlicX9afSwZChfDEaH2S63fXcYdjucqScIBAYPLPYkIs0HEleOhgFTu9sHZYeUQrBpmFodHoePwhGIpLJ5MoZKU7I5nG5PN5fO0qAEgjpSOFIjEudqQhlAtlcm-omQMJkCUNgXhU1S1PUOxNC0vBtB0aR2NMljrNEwBwHEAD6YwTDk0SqAUixFOkPIbpu24hLuBgHsYx5mDIzBAA",
- "https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/",
+ "https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/warp/",
"https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/",
"https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/",
"https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/",
diff --git a/src/content/docs/byoip/index.mdx b/src/content/docs/byoip/index.mdx
index 9dd1ec758b77dc..e55f48dbb11a96 100644
--- a/src/content/docs/byoip/index.mdx
+++ b/src/content/docs/byoip/index.mdx
@@ -19,7 +19,7 @@ Get Cloudflare's security and performance while using your own IPs.
Considering [how Cloudflare works as a reverse proxy](/fundamentals/concepts/how-cloudflare-works/), for some customers it may be important to maintain this functionality while also keeping their website or application associated with their own public IP space (instead of Cloudflare's[^1]).
-With Bring Your Own IP (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or Gateway [DNS locations](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) and [dedicated egress IPs](/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips/).
+With Bring Your Own IP (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or Gateway [DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) and [dedicated egress IPs](/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips/).
Learn how to [get started](/byoip/get-started/).
diff --git a/src/content/docs/china-network/concepts/global-acceleration.mdx b/src/content/docs/china-network/concepts/global-acceleration.mdx
index 068020f8d65050..c6c86fd9991151 100644
--- a/src/content/docs/china-network/concepts/global-acceleration.mdx
+++ b/src/content/docs/china-network/concepts/global-acceleration.mdx
@@ -42,7 +42,7 @@ CDN Global Acceleration provides stable and reliable connections for dynamic con
## WARP Global Acceleration
-WARP Global Acceleration is a verified solution for enabling [WARP client](/cloudflare-one/connections/connect-devices/warp/) access within China, allowing remote employees to maintain secure and consistent connections.
+WARP Global Acceleration is a verified solution for enabling [WARP client](/cloudflare-one/team-and-resources/devices/warp/) access within China, allowing remote employees to maintain secure and consistent connections.
## Magic WAN Global Acceleration
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
index 3915f2613e440a..11906144780757 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
@@ -18,7 +18,7 @@ You can protect the following types of web applications:
- **Self-hosted applications** consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. Setup requirements for a self-hosted application depend on whether the application is publicly accessible on the Internet or restricted to users on a private network.
- [**Public hostname applications**](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
- - [**Private network applications**](/cloudflare-one/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/magic-wan/) or use an agentless option such as [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/) or [Clientless Web Isolation](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
+ - [**Private network applications**](/cloudflare-one/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/magic-wan/) or use an agentless option such as [PAC files](/cloudflare-one/team-and-resources/devices/agentless/pac-files/) or [Clientless Web Isolation](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
- [**Model Context Protocol (MCP) servers**](/cloudflare-one/applications/configure-apps/mcp-servers/) are web applications that enable generative AI tools to read and write data within your business applications. For example, Salesforce provides an [MCP server](https://github.com/salesforcecli/mcp) for developers to interact with resources in their Salesforce tenant using GitHub Copilot or other AI code editors.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx
index b1ef5cc692fb97..d76947d267f1c7 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx
@@ -24,7 +24,7 @@ You can securely publish internal tools and applications by adding Cloudflare Ac
## 2. Connect your origin to Cloudflare
-[Set up a Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/) to publish your internal application. Only users who match your Access policies will be granted access.
+[Set up a Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/) to publish your internal application. Only users who match your Access policies will be granted access.
:::note
We recommend [creating an Access application](#1-add-your-application-to-access) before setting up the tunnel route. If you do not have an Access application in place, the published application will be available to anyone on the Internet.
diff --git a/src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx b/src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx
index 71f5674f2e7cc9..080198fed90f58 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx
@@ -23,7 +23,7 @@ Cloudflare can render SSH, VNC, and RDP applications in a browser without the ne
To turn on browser rendering for an SSH or VNC application:
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
-2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
+2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/). Select **Configure**.
3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
4. Go to **Advanced settings** > **Browser rendering settings**.
5. For **Browser rendering**, choose _SSH_ or _VNC_.
@@ -33,7 +33,7 @@ When users authenticate and visit the URL of the application, Cloudflare will re
### RDP
-To set up browser-rendering for RDP, refer to our [browser-based RDP guide](/cloudflare-one/connections/connect-networks/use-cases/rdp/rdp-browser/).
+To set up browser-rendering for RDP, refer to our [browser-based RDP guide](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/).
### SSH key exchange algorithms
diff --git a/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp.mdx b/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp.mdx
index 6a369555fa06b3..3e2cb95bebc2cc 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp.mdx
@@ -23,7 +23,7 @@ Cloudflare Access provides a mechanism for end users to authenticate with their
The Cloudflare daemon, `cloudflared`, will maintain a secure, persistent, outbound-only connection from the machine to Cloudflare. Arbitrary TCP traffic will be proxied over this connection using [Cloudflare Tunnel](https://www.cloudflare.com/products/tunnel/).
-Follow [these instructions](/cloudflare-one/connections/connect-networks/downloads/) to download and install `cloudflared` on the machine hosting the resource.
+Follow [these instructions](/cloudflare-one/networks/connectors/cloudflare-tunnel/downloads/) to download and install `cloudflared` on the machine hosting the resource.
### 2. Authenticate the Cloudflare daemon
diff --git a/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/index.mdx b/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/index.mdx
index d8ddad2ac62ca5..1040d3dbbd6538 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/cloudflared-authentication/index.mdx
@@ -19,7 +19,7 @@ For examples of how to connect to Access applications with client-side `cloudfla
* [Connect through Access using a CLI](/cloudflare-one/tutorials/cli/)
* [Connect through Access using kubectl](/cloudflare-one/tutorials/kubectl/)
-* [Connect over SSH with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication/) (legacy) -- SSH connections are now managed through [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/).
-* [Connect over RDP with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/rdp/#connect-to-rdp-server-with-cloudflared-access)
-* [Connect over SMB with cloudflared](/cloudflare-one/connections/connect-networks/use-cases/smb/)
+* [Connect over SSH with cloudflared](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-cloudflared-authentication/) (legacy) -- SSH connections are now managed through [Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/).
+* [Connect over RDP with cloudflared](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/#connect-to-rdp-server-with-cloudflared-access)
+* [Connect over SMB with cloudflared](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/smb/)
* [Connect over arbitrary TCP with cloudflared](/cloudflare-one/applications/non-http/cloudflared-authentication/arbitrary-tcp/)
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/applications/non-http/index.mdx b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
index fefb5b7eac5809..7864d4cb361610 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
@@ -10,7 +10,7 @@ import { Render, Stream } from "~/components";
Cloudflare offers both client-based and clientless ways to grant secure access to non-HTTP applications.
:::note
-Non-HTTP applications require [connecting your private network](/cloudflare-one/connections/connect-networks/private-net/) to Cloudflare. For more details, refer to our [Replace your VPN](/learning-paths/replace-vpn/connect-private-network/) implementation guide.
+Non-HTTP applications require [connecting your private network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) to Cloudflare. For more details, refer to our [Replace your VPN](/learning-paths/replace-vpn/connect-private-network/) implementation guide.
:::
-| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| - Gateway with WARP
- Secure Web Gateway without DNS filtering
| All plans |
@@ -27,13 +27,13 @@ import { Badge, Details, Tabs, TabItem, Render } from "~/components";
Access for Infrastructure allows you to have granular control over how users access individual servers, clusters, or databases. By adding an infrastructure application to Cloudflare Access, you can configure how users authenticate to the resource as well as control and authorize the ports, protocols, and usernames that they can connect with. Access and command logs ensure regulatory compliance and allow for auditing of user activity in case of a security breach.
:::note
-Access for Infrastructure currently only supports [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/). To connect using other protocols, [add a self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/). For browser-based SSH, RDP, or VNC, refer to [browser-rendered terminal](/cloudflare-one/applications/non-http/browser-rendering/).
+Access for Infrastructure currently only supports [SSH](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/). To connect using other protocols, [add a self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/). For browser-based SSH, RDP, or VNC, refer to [browser-rendered terminal](/cloudflare-one/applications/non-http/browser-rendering/).
:::
## Prerequisites
-- [Connect your infrastructure](/cloudflare-one/connections/connect-networks/private-net/) to Cloudflare using `cloudflared` or WARP Connector.
-- [Deploy the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) on user devices in Gateway with WARP mode.
+- [Connect your infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) to Cloudflare using `cloudflared` or WARP Connector.
+- [Deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) on user devices in Gateway with WARP mode.
## 1. Add a target
@@ -59,7 +59,7 @@ Access for Infrastructure currently only supports [SSH](/cloudflare-one/connecti
Certain protocols require configuring the server to trust connections through Access for Infrastructure. For more information, refer to the protocol-specific tutorial:
-- [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#6-configure-ssh-server)
+- [SSH](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/#6-configure-ssh-server)
## 5. Connect as a user
@@ -67,7 +67,7 @@ Users connect to the target's IP address using their preferred client software.
### Connect to different VNET
-To connect to targets that are in different VNETS, users will need to [switch their connected virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/#connect-to-a-virtual-network) in the WARP client.
+To connect to targets that are in different VNETS, users will need to [switch their connected virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/#connect-to-a-virtual-network) in the WARP client.
:::note
If a user is connected to a target in VNET-A and needs to connect to a target in VNET-B, switching their VNET will not break any existing connections to targets within VNET-A. At present, connections are maintained between VNETs.
diff --git a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
index 3deadfe87cad40..0a441fcb339c8d 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
@@ -16,9 +16,9 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
## Prerequisites
-- Private IPs and hostnames are reachable over Cloudflare WARP, Magic WAN or Browser Isolation. For more details, refer to [Connect a private network](/cloudflare-one/connections/connect-networks/private-net/).
-- Private hostnames route to your custom DNS resolver through [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) or [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/).
-- Public IPs and hostnames can be used to define a private application, however the IP or hostname must route through Cloudflare via [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/private-net/cloudflared/), [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/), or [Magic WAN](/magic-wan/configuration/manually/how-to/configure-routes/).
+- Private IPs and hostnames are reachable over Cloudflare WARP, Magic WAN or Browser Isolation. For more details, refer to [Connect a private network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/).
+- Private hostnames route to your custom DNS resolver through [Local Domain Fallback](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/local-domains/) or [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/).
+- Public IPs and hostnames can be used to define a private application, however the IP or hostname must route through Cloudflare via [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/), [WARP Connector](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/warp-connector/), or [Magic WAN](/magic-wan/configuration/manually/how-to/configure-routes/).
- (Optional) Turn on [Gateway TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) if you want to use Access JWTs to manage [HTTPS application sessions](#https-applications).
## Add your application to Access
@@ -41,7 +41,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
- 3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
+ 3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
9. Select **Next**.
diff --git a/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx b/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
index 456cb88177a1cf..64e58793d0ddab 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
@@ -9,7 +9,7 @@ sidebar:
import { Render } from "~/components";
:::note
-Not recommended for new deployments. We recommend using [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) to configure short-lived certificates for SSH.
+Not recommended for new deployments. We recommend using [Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) to configure short-lived certificates for SSH.
:::
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/index.mdx
deleted file mode 100644
index 588df6f22ddbb0..00000000000000
--- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/deployment/index.mdx
+++ /dev/null
@@ -1,16 +0,0 @@
----
-pcx_content_type: navigation
-title: Deploy WARP
-sidebar:
- order: 5
-head:
- - tag: title
- content: Deploy WARP to your organization
-
----
-
-Depending on how your organization is structured, you can deploy WARP in one of two ways:
-
-* [Manual deployment](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) — If you are a small organization, asking your users to download the client themselves and type in the required settings is the ideal way to get started with WARP.
-
-* [Managed deployment](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/) — Bigger organizations with MDM tools like Intune or JAMF can deploy WARP to their entire fleet of devices from a single operation.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/index.mdx
deleted file mode 100644
index 991bdfe977ced5..00000000000000
--- a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/index.mdx
+++ /dev/null
@@ -1,21 +0,0 @@
----
-pcx_content_type: concept
-title: Private networks
-sidebar:
- order: 7
----
-
-With Cloudflare Zero Trust, you can connect private networks and the services running in those networks to Cloudflare's global network. This involves installing a [connector](#connectors) on the private network, and then [setting up routes](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2b-connect-a-network) which define the IP addresses available in that environment. Unlike [published applications](/cloudflare-one/connections/connect-networks/routing-to-tunnel/), private network routes can expose both HTTP and non-HTTP resources.
-
-To reach private network IPs, end users must connect their device to Cloudflare and enroll in your Zero Trust organization. The most common method is to install the [WARP client](/cloudflare-one/connections/connect-devices/warp/) on their device, or you can onboard their network traffic to Cloudflare using our [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) or [Magic WAN](/magic-wan/zero-trust/cloudflare-tunnel/).
-
-Administrators can optionally set [Gateway network policies](/cloudflare-one/policies/gateway/network-policies/) to control access to services based on user identity and device posture.
-
-## Connectors
-
-Here are the different ways you can connect your private network to Cloudflare:
-
-- [**cloudflared**](/cloudflare-one/connections/connect-networks/private-net/cloudflared/) installs on a server in your private network to create a secure, outbound tunnel to Cloudflare. Cloudflare Tunnel using `cloudflared` only proxies traffic initiated from a user to a server. Any service or application running behind the tunnel will use the server's default routing table for server-initiated connectivity.
-- [**WARP-to-WARP**](/cloudflare-one/connections/connect-networks/private-net/warp-to-warp/) uses the [Cloudflare WARP client](/cloudflare-one/connections/connect-devices/warp/) to establish peer-to-peer connectivity between two or more devices. Each device running WARP can access services on any other device running WARP via an assigned virtual IP address.
-- [**WARP Connector**](/cloudflare-one/connections/connect-networks/private-net/warp-connector/) installs on a Linux server in your private network to establish site-to-site, bidirectional, and mesh networking connectivity. The WARP Connector acts as a subnet router to relay client-initiated and server-initiated traffic between all devices on a private network and Cloudflare.
-- [**Magic WAN**](/magic-wan/) relies on configuring legacy networking equipment to establish anycast GRE or IPsec tunnels between an entire network location and Cloudflare.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/routing-to-tunnel/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/routing-to-tunnel/index.mdx
deleted file mode 100644
index 397339f1e45ea0..00000000000000
--- a/src/content/docs/cloudflare-one/connections/connect-networks/routing-to-tunnel/index.mdx
+++ /dev/null
@@ -1,16 +0,0 @@
----
-pcx_content_type: concept
-title: Published applications
-sidebar:
- order: 8
----
-
-Cloudflare Tunnel allows you to publish local applications to the Internet via a public hostname. For example, you can [add a published application route](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2a-publish-an-application) that points `docs.example.com` to `https://localhost:8080`. Anyone can now view your application by going to `docs.example.com` in their web browser.
-
-Cloudflare can route traffic down your Cloudflare Tunnel using a [DNS record](/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns/) or [Cloudflare Load Balancer](/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/). You can configure either option from the Cloudflare dashboard by pointing a DNS `CNAME` record or a load balancer pool to your Cloudflare Tunnel subdomain (`.cfargotunnel.com`). You can also associate these records with your tunnel from `cloudflared` directly.
-
-:::note
-
-You do not need a paid Cloudflare Access plan to publish an application via Cloudflare Tunnel. [Access seats](/cloudflare-one/identity/users/seat-management/) are only required if you want to [secure the application using Access policies](/cloudflare-one/applications/configure-apps/self-hosted-public-app/), such as requiring users to log in via an identity provider.
-
-:::
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/index.mdx
deleted file mode 100644
index 4b700b218438b0..00000000000000
--- a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/index.mdx
+++ /dev/null
@@ -1,15 +0,0 @@
----
-pcx_content_type: navigation
-title: Use cases
-hidden: false
-sidebar:
- order: 4
-
----
-
-Cloudflare Tunnel creates a secure, outbound-only connection between your services and Cloudflare by deploying a lightweight connector in your environment. Here is how to use tunnels with some specific services:
-
-* [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/)
-* [RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/)
-* [SMB](/cloudflare-one/connections/connect-networks/use-cases/smb/)
-* [gRPC](/cloudflare-one/connections/connect-networks/use-cases/grpc/)
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/index.mdx
deleted file mode 100644
index c743f9e9e1ade5..00000000000000
--- a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/index.mdx
+++ /dev/null
@@ -1,19 +0,0 @@
----
-pcx_content_type: navigation
-title: SSH
-hidden: false
-sidebar:
- order: 1
-tableOfContents: false
----
-
-The Secure Shell Protocol (SSH) enables users to remotely access devices through the command line. With Cloudflare Zero Trust, you can make your SSH server available over the Internet without the risk of opening inbound ports on the server.
-
-Cloudflare offers four ways to secure SSH:
-
-- [SSH with Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) (recommended)
-- [Self-managed SSH keys](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-warp-to-tunnel/)
-- [Browser-rendered SSH terminal](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-browser-rendering/)
-- [SSH with client-side cloudflared](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication/) (legacy)
-
-For an overview of these connection options, refer to [non-HTTP applications](/cloudflare-one/applications/non-http/).
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx b/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx
index d8e4b95b3f9ed7..8b3479905b91c8 100644
--- a/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/cloudflare-tunnels-faq.mdx
@@ -69,7 +69,7 @@ Cloudflare Tunnel was previously named Warp during the beta phase. As Warp was a
## Is it possible to restore a deleted tunnel?
-No. You cannot undo a tunnel deletion. If the tunnel was locally-managed, its [`config.yaml` file](/cloudflare-one/connections/connect-networks/get-started/tunnel-useful-terms/#configuration-file) will still be present and you can create a new tunnel with the same configuration. If the tunnel was remotely-managed, both the tunnel and its configuration are permanently deleted.
+No. You cannot undo a tunnel deletion. If the tunnel was locally-managed, its [`config.yaml` file](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/tunnel-useful-terms/#configuration-file) will still be present and you can create a new tunnel with the same configuration. If the tunnel was remotely-managed, both the tunnel and its configuration are permanently deleted.
## How do I contact support?
@@ -81,6 +81,6 @@ Before contacting the Cloudflare support team:
3. Gather any relevant error/access logs from your server.
-4. (Locally-managed tunnels only) Set [`--loglevel`](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file.
+4. (Locally-managed tunnels only) Set [`--loglevel`](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/#loglevel) to `debug`, so the Cloudflare support team can get more info from the `cloudflared.log` file.
-5. Include your [Cloudflare Tunnel diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/) (`cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip`).
+5. Include your [Cloudflare Tunnel diagnostic logs](/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/) (`cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip`).
diff --git a/src/content/docs/cloudflare-one/faq/devices-faq.mdx b/src/content/docs/cloudflare-one/faq/devices-faq.mdx
index 95e850e9b78f20..7a911812936cf2 100644
--- a/src/content/docs/cloudflare-one/faq/devices-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/devices-faq.mdx
@@ -34,22 +34,22 @@ Cloudflare WARP is in part powered by 1.1.1.1. When visiting sites or going to a
The Wi-Fi network may have a captive portal that is blocking WARP from establishing a secure connection. In order to access the portal, and therefore the Internet, you will need to temporarily turn off WARP. After you login to the captive portal through your browser, you can turn WARP back on to access corporate resources.
-For more information, refer to [Captive portal detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/captive-portals/).
+For more information, refer to [Captive portal detection](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/captive-portals/).
## Why is my device not connecting to the Internet?
-A third-party service or ISP may be blocking WARP, or Zero Trust settings may be misconfigured. For a list of common issues and steps to resolve, refer to our [troubleshooting guide](/cloudflare-one/connections/connect-devices/warp/troubleshooting/common-issues/).
+A third-party service or ISP may be blocking WARP, or Zero Trust settings may be misconfigured. For a list of common issues and steps to resolve, refer to our [troubleshooting guide](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/common-issues/).
## Why is my device not connecting to the corporate Wi-Fi?
-An [OS firewall rule](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#system-firewall) on the device may be blocking the EAP/Radius server that allows users to join the Wi-Fi network. If your corporate Wi-Fi uses a Radius server for network authentication, add the Radius server to your [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) Exclude list.
+An [OS firewall rule](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/warp-architecture/#system-firewall) on the device may be blocking the EAP/Radius server that allows users to join the Wi-Fi network. If your corporate Wi-Fi uses a Radius server for network authentication, add the Radius server to your [Split Tunnel](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/) Exclude list.
## Why is my device not connecting to my private network?
-If your private network is [exposed via Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/private-net/cloudflared/):
+If your private network is [exposed via Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/):
-* Verify that the WARP client is [properly configured](/cloudflare-one/connections/connect-networks/private-net/cloudflared/#device-configuration) on the device.
+* Verify that the WARP client is [properly configured](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/#device-configuration) on the device.
* Verify that the user is allowed through by your Access and Gateway policies.
-* Verify that the [local LAN settings](/cloudflare-one/connections/connect-networks/private-net/cloudflared/#router-configuration) for the device do not overlap with the CIDR range of your private network.
+* Verify that the [local LAN settings](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/#router-configuration) for the device do not overlap with the CIDR range of your private network.
-When contacting Cloudflare support, ensure that you include [WARP debug logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/) for your device. These logs will help Cloudflare support understand the overall architecture of your machine and networks.
+When contacting Cloudflare support, ensure that you include [WARP debug logs](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/) for your device. These logs will help Cloudflare support understand the overall architecture of your machine and networks.
diff --git a/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx b/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx
index eb114246002fdf..467f3d96ae2d45 100644
--- a/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx
@@ -63,7 +63,7 @@ User seats can be removed for Access and Gateway at **My Team** > **Users**. Rem
- **Access**: All active sessions for that user will be invalidated. A user will be able to log back into an application unless you create an [Access policy](/cloudflare-one/policies/access/) to block future logins from that user.
-- **Gateway**: All active devices for that user will be logged out of your Zero Trust organization, which stops all filtering and routing via the WARP client. A user will be able to re-enroll their device unless you create a [device enrollment policy](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/) to block them.
+- **Gateway**: All active devices for that user will be logged out of your Zero Trust organization, which stops all filtering and routing via the WARP client. A user will be able to re-enroll their device unless you create a [device enrollment policy](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/) to block them.
:::caution
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index f92d8f52a5aff8..afb60f3dee8872 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -32,7 +32,7 @@ Cloudflare Access requires that the credentials: `same-origin parameter` be adde
## I see untrusted certificate warnings for every page and I am unable to browse the Internet.
Advanced security features including HTTPS traffic inspection require users to install and trust the Cloudflare root certificate on their machine or device. If you are installing certificates manually on all of your devices, these steps will need to be performed on each new device that is to be subject to HTTP Filtering.
-To install the Cloudflare root certificate, follow [this guide](/cloudflare-one/connections/connect-devices/user-side-certificates/).
+To install the Cloudflare root certificate, follow [this guide](/cloudflare-one/team-and-resources/devices/user-side-certificates/).
## I see error 526 when browsing to a website.
@@ -100,7 +100,7 @@ If you see this warning, you may have to disable DNS over HTTPS setting in Firef
## Chrome shows `NET::ERR_CERT_AUTHORITY_INVALID` when I use the WARP client.
-Advanced security features including HTTPS traffic inspection require you to deploy a [root certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/) on the device. If [**Install CA to system certificate store**](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/) is enabled, the WARP client will automatically install a new root certificate whenever you install or update WARP.
+Advanced security features including HTTPS traffic inspection require you to deploy a [root certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) on the device. If [**Install CA to system certificate store**](/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment/) is enabled, the WARP client will automatically install a new root certificate whenever you install or update WARP.
Certain web browsers (such as Chrome and Microsoft Edge) load and cache root certificates when they start. Therefore, if you install a root certificate while the browser is already running, the browser may not detect the new certificate. To resolve the error, restart the browser.
@@ -111,7 +111,7 @@ Cloudflare dashboard SSO does not currently support team domain changes. Contact
## WARP on Linux shows `DNS connectivity check failed`.
-This error means that the `systemd-resolved` service on Linux is not allowing WARP to resolve DNS requests. You can identify this issue in the [`daemon.log`](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) file of the `warp diag` logs, where the error message appears as `ERROR main_loop: warp::warp::connectivity_check: DNS connectivity check failed to resolve host="warp-svc."`.
+This error means that the `systemd-resolved` service on Linux is not allowing WARP to resolve DNS requests. You can identify this issue in the [`daemon.log`](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/#warp-diag-logs) file of the `warp diag` logs, where the error message appears as `ERROR main_loop: warp::warp::connectivity_check: DNS connectivity check failed to resolve host="warp-svc."`.
To solve the issue:
@@ -135,7 +135,7 @@ sudo systemctl restart systemd-resolved.service
To resolve the issue, you will need to edit two Windows registry keys:
-1. Configure NCSI to detect WARP's [local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic).
+1. Configure NCSI to detect WARP's [local DNS proxy](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic).
```txt
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\Windows\NetworkConnectivityStatusIndicator
@@ -153,7 +153,7 @@ To resolve the issue, you will need to edit two Windows registry keys:
Data: 1
```
-If you continue to have issues with Microsoft 365 applications, consider enabling [**Directly route Microsoft 365 traffic**](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic).
+If you continue to have issues with Microsoft 365 applications, consider enabling [**Directly route Microsoft 365 traffic**](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic).
## I see `WebGL Rendering Error`.
@@ -185,13 +185,13 @@ Gateway does not support this downgrade mechanism. When receiving the `HTTP_1_1_
If you see an error with the title `This site can't provide a secure connection` and a subtitle of ` uses an unsupported protocol`, you must [order an Advanced Certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate).
-If you added a [multi-level subdomain](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2a-connect-an-application) (more than one level of subdomain), you must [order an Advanced Certificate for the hostname](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2a-connect-an-application) as Cloudflare's Universal certificate will not cover the public hostname by default.
+If you added a [multi-level subdomain](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/#2a-connect-an-application) (more than one level of subdomain), you must [order an Advanced Certificate for the hostname](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/#2a-connect-an-application) as Cloudflare's Universal certificate will not cover the public hostname by default.
## As of February 2, 2025, my end-user device's browser is returning a `Your connection is not private` warning.
### Why am I getting this error?
-The default global Cloudflare root certificate expired on 2025-02-02 at 16:05 UTC. If you installed the default Cloudflare certificate before 2024-10-17, you must [generate a new certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/#generate-a-cloudflare-root-certificate) and activate it for your Zero Trust organization to avoid inspection errors. If you did not generate a new certificate before February 2, 2025, you will encounter browser warnings like `Your connection is not private`.
+The default global Cloudflare root certificate expired on 2025-02-02 at 16:05 UTC. If you installed the default Cloudflare certificate before 2024-10-17, you must [generate a new certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/#generate-a-cloudflare-root-certificate) and activate it for your Zero Trust organization to avoid inspection errors. If you did not generate a new certificate before February 2, 2025, you will encounter browser warnings like `Your connection is not private`.
Starting with WARP client version 2024.12.554.0 and later, the WARP client will automatically install Cloudflare certificates in an end-user device's certificate store as soon as the Cloudflare certificates appear as **Available** in the Cloudflare dashboard.
@@ -199,14 +199,14 @@ For WARP client versions prior to 2024.12.554.0, certificates had to be marked a
### What do I need to do?
-Before deploying a new certificate, [update WARP](/cloudflare-one/connections/connect-devices/warp/download-warp/update-warp/#how-to-update-warp) to version 2024.12.554.0 or newer.
+Before deploying a new certificate, [update WARP](/cloudflare-one/team-and-resources/devices/warp/download-warp/update-warp/#how-to-update-warp) to version 2024.12.554.0 or newer.
For WARP client versions before and after 2024.12.554.0, certificate propagation will only occur when the WARP client is responsible for automatically installing the certificate on the client device. To enable the WARP client to propogate certificates:
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**.
2. Turn on **Install CA to system certificate store**.
-If **Install CA to system certificate store** is turned off, you must [manually install the certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/), use an [MDM solution](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#mobile-device-management-mdm-software) to distribute the Cloudflare certificate to your fleet of devices, or not use the Cloudflare certificate because you do not want to have TLS decryption enabled. [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) must be enabled to enforce Gateway HTTP policies for HTTPS traffic.
+If **Install CA to system certificate store** is turned off, you must [manually install the certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/), use an [MDM solution](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/#mobile-device-management-mdm-software) to distribute the Cloudflare certificate to your fleet of devices, or not use the Cloudflare certificate because you do not want to have TLS decryption enabled. [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) must be enabled to enforce Gateway HTTP policies for HTTPS traffic.
After enabling certificate propagation, you must update your certificate:
@@ -225,7 +225,7 @@ To reset the encryption keys:
2. Select the gear icon on the top right > **Preferences**.
3. Select **Connection**, then select **Reset Encryption Keys**.
-macOS Big Sur and newer releases do not allow WARP to automatically trust the certificate. You must either [manually trust the certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/#macos) as the user or [use a MDM to trust the certificate](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#mobile-device-management-mdm-software).
+macOS Big Sur and newer releases do not allow WARP to automatically trust the certificate. You must either [manually trust the certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment/#macos) as the user or [use a MDM to trust the certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/#mobile-device-management-mdm-software).
After confirming that the certificate is installed and trusted on the end-user device, mark the certificate as **In-Use**. To mark the certificate as **In-Use**:
@@ -254,7 +254,7 @@ If the new certificate is not activating on the end-user device or you are getti
warp-cli tunnel rotate-keys
```
-2. [Upgrade](/cloudflare-one/connections/connect-devices/warp/download-warp/update-warp/#how-to-update-warp) to WARP version 2024.12.554.0.
+2. [Upgrade](/cloudflare-one/team-and-resources/devices/warp/download-warp/update-warp/#how-to-update-warp) to WARP version 2024.12.554.0.
Some customers who are on versions earlier than 2024.11.309.0 have experienced inconsistencies with certificate installation and may need to upgrade.
@@ -270,7 +270,7 @@ Turning off TLS decryption should be a temporary measure. TLS decryption should
## I entered an override code for WARP that was supposed to be valid for 3 hours but the override code expired faster than I expected.
-[Admin override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) codes are time-sensitive and adhere to fixed-hour time blocks. Override codes can be reused until the end of their timeout. An override code's timeout begins in the hour the override code was generated in. Refer to the following scenarios.
+[Admin override](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#admin-override) codes are time-sensitive and adhere to fixed-hour time blocks. Override codes can be reused until the end of their timeout. An override code's timeout begins in the hour the override code was generated in. Refer to the following scenarios.
### Scenario one: Admin generates an override code at 9:00 AM with a timeout of one hour.
@@ -294,7 +294,7 @@ If the user attempts to enter the override code at **11:59 AM** the next day, th
## I disabled WARP using an override code but WARP turned on by itself before my override code expired.
-If you are using an [Admin override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) code with [Auto connect](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#auto-connect) also enabled, WARP will turn on automatically according to the Timeout set for **Auto connect**. Using an override code to override the WARP lock switch will not disable Auto connect. As best practice, review your Auto connect settings before sending the override code to the user.
+If you are using an [Admin override](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#admin-override) code with [Auto connect](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#auto-connect) also enabled, WARP will turn on automatically according to the Timeout set for **Auto connect**. Using an override code to override the WARP lock switch will not disable Auto connect. As best practice, review your Auto connect settings before sending the override code to the user.
To prevent WARP from auto connecting while using an admin override code, disable Auto connect or set a longer **Timeout** for **Auto connect**. Note the changes you make to Auto connect while the end user is using the admin override code if you need to revert these changes later.
@@ -308,7 +308,7 @@ You can also examine logs in your identity provider to identify any denied reque
## WSL2 is losing connectivity when using WARP.
-If your WSL2 environment is losing connectivity while using WARP, check your [split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/).
+If your WSL2 environment is losing connectivity while using WARP, check your [split tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/).
The issue may arise because the IP range that the WSL environment uses to communicate with the host device is included in the split tunnel configuration. Excluding the WSL environment’s IP range should restore connectivity.
@@ -317,7 +317,7 @@ You must ensure the host device is included in the WARP tunnel while excluding t
To debug this issue:
1. Review the WSL2 environment's IP address and compare it with the laptop’s IP.
-2. Check if the WSL network is [included in the split tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#change-split-tunnels-mode).
+2. Check if the WSL network is [included in the split tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#change-split-tunnels-mode).
3. If the WSL network is included, exclude it from the split tunnel to prevent connectivity issues.
## Clientless Web Isolation is loading with a blank screen on a Windows device.
@@ -354,7 +354,7 @@ msiexec /i /L*V
Check the logs to verify if there are any missing DLLs (for example, `netstandard2.0`), which may point to a missing or outdated version of the .NET Framework.
-One common cause is a missing or outdated version of the [.NET Framework Runtime](/cloudflare-one/connections/connect-devices/warp/download-warp/#windows:~:text=NET%20Framework%20version-,4.7.2%20or%20later,-HD%20space). Cloudflare WARP requires a .NET Framework version of `4.7.2` or later.
+One common cause is a missing or outdated version of the [.NET Framework Runtime](/cloudflare-one/team-and-resources/devices/warp/download-warp/#windows:~:text=NET%20Framework%20version-,4.7.2%20or%20later,-HD%20space). Cloudflare WARP requires a .NET Framework version of `4.7.2` or later.
Some legacy Windows systems (such as Windows 10 Enterprise 1607 LTSB, which is bundled with .NET `4.6`) do not include this runtime by default and may fail during installation with a `Setup Wizard ended prematurely` error. More recent Windows versions include .NET `4.7.2` or later by default and do not encounter this error.
@@ -375,7 +375,7 @@ Cloudflare Access uses a [`CF_Session` cookie](/cloudflare-one/identity/authoriz
## Long-lived SSH sessions frequently disconnect.
-All connections proxied through Cloudflare Gateway, including traffic to [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) SSH targets, have a maximum guaranteed duration of 10 hours. It is possible for connections to last longer than 10 hours. However, if a connection is active at the time of a Gateway release, Gateway will terminate the connection 10 hours later. Releases are not scheduled and can occur multiple times a week.
+All connections proxied through Cloudflare Gateway, including traffic to [Access for Infrastructure](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) SSH targets, have a maximum guaranteed duration of 10 hours. It is possible for connections to last longer than 10 hours. However, if a connection is active at the time of a Gateway release, Gateway will terminate the connection 10 hours later. Releases are not scheduled and can occur multiple times a week.
To prevent long-lived SSH connections from breaking unexpectedly, we recommend terminating sessions on a predefined schedule. For example, you could set an 8-hour idle timeout so that inactive sessions automatically disconnect during off hours. To configure an idle timeout, add the `ChannelTimeout` option to either the SSH server (`/etc/ssh/sshd_config`) or client configuration file (`~/.ssh/config`):
diff --git a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
index 9420cf35a854c5..f746f2435fcfbe 100644
--- a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
@@ -134,7 +134,7 @@ Do not enable Binding Cookie if:
- You are using the Access application for non-browser based tools (such as SSH or RDP).
- You have enabled [incompatible Cloudflare products](/cloudflare-one/applications/configure-apps/self-hosted-public-app/#product-compatibility) on the application domain.
-- You have turned on [WARP authentication identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/) for the application.
+- You have turned on [WARP authentication identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/) for the application.
### Cookie Path Attribute
diff --git a/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx b/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx
index d8fa38b6ad4fe9..25c6f162634952 100644
--- a/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/access-integrations/index.mdx
@@ -7,7 +7,7 @@ sidebar:
These device posture checks can only be enforced for Cloudflare Access applications. They cannot be used in Gateway network policies.
-| Device posture check | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) |
+| Device posture check | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) |
| ----------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | ---------------------------------------------------------------------------------------- |
| [Microsoft Entra ID Conditional Access](/cloudflare-one/tutorials/entra-id-conditional-access/) | ✅ | ✅ | ❌ | ❌ | ❌ | WARP not required |
| [Mutual TLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) | ✅ | ✅ | ✅ | ✅ | ✅ | WARP not required |
diff --git a/src/content/docs/cloudflare-one/identity/devices/index.mdx b/src/content/docs/cloudflare-one/identity/devices/index.mdx
index 617d237237c76d..12825b5002497c 100644
--- a/src/content/docs/cloudflare-one/identity/devices/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/index.mdx
@@ -37,7 +37,7 @@ Gateway does not support device posture checks for the [Tanium Access integratio
## 4. Ensure traffic is going through WARP
-[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/identity/devices/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
+[WARP client](/cloudflare-one/identity/devices/warp-client-checks/) and [service-to-service](/cloudflare-one/identity/devices/service-providers/) posture checks rely on traffic going through WARP to detect posture information for a device. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that the following domains are included in WARP:
- The IdP used to authenticate to Cloudflare Zero Trust if posture check is part of an Access policy.
- `.cloudflareaccess.com` if posture check is part of an Access policy.
@@ -59,7 +59,7 @@ A --> G[Service provider] --interval--> C
:::caution
-Gateway does not terminate an [active session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-gateway) even if a subsequent posture check fails during that session. Gateway only evaluates posture checks at the beginning of a session, and ongoing sessions will remain uninterrupted.
+Gateway does not terminate an [active session](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-gateway) even if a subsequent posture check fails during that session. Gateway only evaluates posture checks at the beginning of a session, and ongoing sessions will remain uninterrupted.
For example, if you establish an SSH session based on a successful posture check, but a posture requirement fails after the session has started, the session will remain active.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
index 76d8aa704184f5..37429fb4a363a3 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 2
---
-Service-to-service integrations allow the WARP client to get device posture data from a third-party API. To use this feature, you must [deploy the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) to your devices and enable the desired posture checks.
+Service-to-service integrations allow the WARP client to get device posture data from a third-party API. To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks.
## Supported WARP modes
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx
index 3f105c419e8df1..10ec0e1b04c9de 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/client-certificate.mdx
@@ -11,7 +11,7 @@ The Client Certificate device posture attribute checks if the device has a valid
-| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| All modes | All plans |
@@ -39,7 +39,7 @@ The Client Certificate device posture attribute checks if the device has a valid
:::
-- Cloudflare WARP client is [deployed](/cloudflare-one/connections/connect-devices/warp/deployment/) on the device.
+- Cloudflare WARP client is [deployed](/cloudflare-one/team-and-resources/devices/warp/deployment/) on the device.
- A client certificate is [installed and trusted](#configure-the-client-certificate-check) on the device.
:::note
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx
index fd6669388a313f..0d22769f2c0ca3 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/device-uuid.mdx
@@ -22,11 +22,11 @@ Cloudflare Zero Trust allows you to build Zero Trust rules based on device UUIDs
## 1. Assign UUIDs to devices
-You will need to use a [managed deployment tool](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/) to assign UUIDs. It is not possible to assign them manually.
+You will need to use a [managed deployment tool](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/) to assign UUIDs. It is not possible to assign them manually.
1. Generate a unique identifier for each corporate device. For best practices on choosing UUIDs, refer to the [Android documentation](https://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers).
-2. Enter the UUIDs into your MDM configuration file using the [`unique_client_id` key](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/#unique_client_id).
+2. Enter the UUIDs into your MDM configuration file using the [`unique_client_id` key](/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters/#unique_client_id).
## 2. Create a list of UUIDs
diff --git a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx
index 25eb2b95bb5b1d..e18c39e35c5d32 100644
--- a/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/warp-client-checks/index.mdx
@@ -6,7 +6,7 @@ sidebar:
---
-These device posture checks are performed by the [Cloudflare WARP client](/cloudflare-one/connections/connect-devices/warp/). To use this feature, you must [deploy the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/) to your devices and enable the desired posture checks.
+These device posture checks are performed by the [Cloudflare WARP client](/cloudflare-one/team-and-resources/devices/warp/). To use this feature, you must [deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) to your devices and enable the desired posture checks.
## Supported WARP modes
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
index 45958b9fc22f6a..af947b3763866c 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
@@ -281,7 +281,7 @@ Since the SCIM request from Microsoft does not include nested group information,
## Force user interaction during WARP reauthentication
-You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/). To configure this setting:
+You can require users to re-enter their credentials into Entra ID whenever they [re-authenticate their WARP session](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). To configure this setting:
1. Make a `GET` request to the [Identity Providers endpoint](/api/resources/zero_trust/subresources/identity_providers/) and copy the response for the Entra ID identity provider.
diff --git a/src/content/docs/cloudflare-one/identity/service-tokens.mdx b/src/content/docs/cloudflare-one/identity/service-tokens.mdx
index 3448bc46e60a99..fb54c0efc73bc1 100644
--- a/src/content/docs/cloudflare-one/identity/service-tokens.mdx
+++ b/src/content/docs/cloudflare-one/identity/service-tokens.mdx
@@ -15,7 +15,7 @@ This section covers how to create, renew, and revoke a service token.
-You can now configure your Access applications and [device enrollment permissions](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#check-for-service-token) to accept this service token. Make sure to set the policy action to [**Service Auth**](/cloudflare-one/policies/access/#service-auth); otherwise, Access will prompt for an identity provider login.
+You can now configure your Access applications and [device enrollment permissions](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/#check-for-service-token) to accept this service token. Make sure to set the policy action to [**Service Auth**](/cloudflare-one/policies/access/#service-auth); otherwise, Access will prompt for an identity provider login.
## Connect your service to Access
diff --git a/src/content/docs/cloudflare-one/identity/users/session-management.mdx b/src/content/docs/cloudflare-one/identity/users/session-management.mdx
index b810aaa43cdaef..94ca8d91ba9ea0 100644
--- a/src/content/docs/cloudflare-one/identity/users/session-management.mdx
+++ b/src/content/docs/cloudflare-one/identity/users/session-management.mdx
@@ -84,7 +84,7 @@ Users who match a policy configured with a _Same as application session timeout_
### WARP session duration
-When [WARP authentication identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-access) is enabled for an Access application, the WARP session duration overrides the application and policy session durations. If the global session expires but the user already has a valid WARP session, the user will not need to reauthenticate with the IdP until the WARP session expires, given the user is running WARP.
+When [WARP authentication identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/#configure-warp-sessions-in-access) is enabled for an Access application, the WARP session duration overrides the application and policy session durations. If the global session expires but the user already has a valid WARP session, the user will not need to reauthenticate with the IdP until the WARP session expires, given the user is running WARP.
### Order of enforcement
diff --git a/src/content/docs/cloudflare-one/index.mdx b/src/content/docs/cloudflare-one/index.mdx
index 0d460566dfe44e..3dae36c88f9e70 100644
--- a/src/content/docs/cloudflare-one/index.mdx
+++ b/src/content/docs/cloudflare-one/index.mdx
@@ -33,7 +33,7 @@ Secure your organization with Cloudflare Zero Trust — a cloud security model t
Cloudflare Zero Trust is part of Cloudflare One, our name for the Secure Access Service Edge (SASE) platform that protects enterprise applications, users, devices, and networks.
-By progressively adopting Cloudflare One, organizations can move away from a patchwork of hardware appliances and point solutions, and instead consolidate security and networking through a unified control plane that includes products like [Cloudflare Access](/cloudflare-one/policies/access/), [Secure Web Gateway (SWG)](/cloudflare-one/policies/gateway/), [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), [Data Loss Prevention (DLP)](/cloudflare-one/policies/data-loss-prevention/), [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/), [Cloud Access Security Broker (CASB)](/cloudflare-one/applications/casb/), and [Email Security](/cloudflare-one/email-security/).
+By progressively adopting Cloudflare One, organizations can move away from a patchwork of hardware appliances and point solutions, and instead consolidate security and networking through a unified control plane that includes products like [Cloudflare Access](/cloudflare-one/policies/access/), [Secure Web Gateway (SWG)](/cloudflare-one/policies/gateway/), [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/), [Data Loss Prevention (DLP)](/cloudflare-one/policies/data-loss-prevention/), [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/), [Cloud Access Security Broker (CASB)](/cloudflare-one/applications/casb/), and [Email Security](/cloudflare-one/email-security/).
Refer to our [SASE reference architecture](/reference-architecture/architectures/sase/) to learn how to plan, deploy, and manage SASE architecture with Cloudflare.
@@ -61,7 +61,7 @@ Authenticate users accessing your applications, seamlessly onboard third-party u
-
+
Securely connect your resources to Cloudflare without exposing a public IP by using Cloudflare Tunnel, which establishes outbound-only connections from your infrastructure to Cloudflare’s global network via the lightweight `cloudflared` daemon.
@@ -73,7 +73,7 @@ Inspect and filter DNS, network, HTTP, and egress traffic to enforce your compan
-
+
Protect corporate devices by privately sending traffic from those devices to Cloudflare's global network, build device posture rules, and enforce security policies anywhere.
diff --git a/src/content/docs/cloudflare-one/insights/dex/index.mdx b/src/content/docs/cloudflare-one/insights/dex/index.mdx
index 3c83623ddf5d41..2a5b6437935acc 100644
--- a/src/content/docs/cloudflare-one/insights/dex/index.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/index.mdx
@@ -9,20 +9,20 @@ import { DirectoryListing, Render } from "~/components";
Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Zero Trust organization.
-With DEX, you can monitor the state of your [WARP client](/cloudflare-one/connections/connect-devices/warp/) deployment and resolve issues impacting end-user productivity. DEX is designed for IT and security teams who need to proactively monitor and troubleshoot device and network health across distributed environments. DEX is available on all Cloudflare Zero Trust and SASE plans.
+With DEX, you can monitor the state of your [WARP client](/cloudflare-one/team-and-resources/devices/warp/) deployment and resolve issues impacting end-user productivity. DEX is designed for IT and security teams who need to proactively monitor and troubleshoot device and network health across distributed environments. DEX is available on all Cloudflare Zero Trust and SASE plans.
Use DEX to troubleshoot other Zero Trust features:
- Test connectivity to a [SaaS application secured with Access](/cloudflare-one/applications/configure-apps/saas-apps/).
- Verify that a website routed through [Gateway](/cloudflare-one/policies/gateway/) is reachable from user devices.
-- Confirm that users can successfully reach internal resources after configuring a [Tunnel](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
+- Confirm that users can successfully reach internal resources after configuring a [Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/).
### Get started
To start using DEX for device, network, and application monitoring:
1. [Create a Zero Trust organization](/cloudflare-one/setup/#create-a-zero-trust-organization).
-2. [Install the WARP client](/cloudflare-one/connections/connect-devices/warp/) and sign in to register your device to the organization.
+2. [Install the WARP client](/cloudflare-one/team-and-resources/devices/warp/) and sign in to register your device to the organization.
3. Create [tests](/cloudflare-one/insights/dex/tests/) to verify device connectivity to applications and networks.
4. [Monitor](/cloudflare-one/insights/dex/monitoring/) device and network health across your fleet using real-time and historical metrics.
5. Run [remote captures](/cloudflare-one/insights/dex/remote-captures/) to collect diagnostic logs and packet captures from user devices.
diff --git a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
index e1b8f0d98a28ec..0fb541bc64b100 100644
--- a/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/monitoring.mdx
@@ -34,10 +34,10 @@ To view analytics on a per-device level, go to [Device monitoring](/cloudflare-o
| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Connected | WARP has successfully established a connection to the Cloudflare global network. |
| Disconnected | WARP has been intentionally or unintentionally disconnected from the Cloudflare global network. |
- | Paused | A user or administrator has taken an explicit action to temporarily turn off WARP, for example by entering an [Admin Override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#admin-override) code. Paused clients will [auto-connect](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#auto-connect) after a timeout period. |
+ | Paused | A user or administrator has taken an explicit action to temporarily turn off WARP, for example by entering an [Admin Override](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#admin-override) code. Paused clients will [auto-connect](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#auto-connect) after a timeout period. |
| Connecting | WARP is pending connection, but is actively trying to establish a connection to the Cloudflare global network. |
-- **Mode**: [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) deployed on the device.
+- **Mode**: [WARP mode](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) deployed on the device.
- **Colo**: Percentage of devices connected to a given Cloudflare data center.
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
index 8ec4702fccd39d..2a443270311c61 100644
--- a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -35,7 +35,7 @@ You can analyze `.pcap` files using Wireshark or another third-party packet capt
### WARP Diag contents
-Refer to [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) for a description of each file.
+Refer to [WARP diagnostic logs](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/#warp-diag-logs) for a description of each file.
## WARP diagnostics analyzer (beta)
diff --git a/src/content/docs/cloudflare-one/insights/dex/tests/http.mdx b/src/content/docs/cloudflare-one/insights/dex/tests/http.mdx
index 77bc1c346264ff..7ea377d6c7d907 100644
--- a/src/content/docs/cloudflare-one/insights/dex/tests/http.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/tests/http.mdx
@@ -9,7 +9,7 @@ import { Details } from "~/components";
-| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ------------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| - Gateway with WARP
- Secure Web Gateway without DNS Filtering
| All plans |
@@ -34,8 +34,8 @@ To set up an HTTP test for an application:
2. Select **Add a Test**.
3. Fill in the following fields:
- **Name**: Enter any name for the test.
- - **Target**: Enter the URL of the website or application that you want to test (for example, `https://jira.site.com`). Both public and private hostnames are supported. If testing a private hostname, ensure that the domain is on your [local domain fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/) list.
- - **Source device profiles**: (Optional) Select the [WARP device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) that you want to run the test on. If no profiles are selected, the test will run on all supported devices connected to your Zero Trust organization.
+ - **Target**: Enter the URL of the website or application that you want to test (for example, `https://jira.site.com`). Both public and private hostnames are supported. If testing a private hostname, ensure that the domain is on your [local domain fallback](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/local-domains/) list.
+ - **Source device profiles**: (Optional) Select the [WARP device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) that you want to run the test on. If no profiles are selected, the test will run on all supported devices connected to your Zero Trust organization.
- **Test type**: Select _HTTP Get_.
- **Test frequency**: Specify how often the test will run. Input a minute value between 5 and 60.
4. Select **Add test**.
diff --git a/src/content/docs/cloudflare-one/insights/dex/tests/traceroute.mdx b/src/content/docs/cloudflare-one/insights/dex/tests/traceroute.mdx
index 73d9a92f71b9e4..15cc294c016b21 100644
--- a/src/content/docs/cloudflare-one/insights/dex/tests/traceroute.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/tests/traceroute.mdx
@@ -9,7 +9,7 @@ import { Details } from "~/components";
-| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| [WARP modes](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
| ------------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
| - Gateway with WARP
- Secure Web Gateway without DNS Filtering
| All plans |
@@ -35,7 +35,7 @@ To set up a traceroute test for an application:
3. Fill in the following fields:
- **Name**: Enter any name for the test.
- **Target**: Enter the IP address of the server you want to test (for example, `192.0.2.0`). You can test either a public-facing endpoint or a private endpoint you have connected to Cloudflare.
- - **Source device profiles**: (Optional) Select the [WARP device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) that you want to run the test on. If no profiles are selected, the test will run on all supported devices connected to your Zero Trust organization.
+ - **Source device profiles**: (Optional) Select the [WARP device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) that you want to run the test on. If no profiles are selected, the test will run on all supported devices connected to your Zero Trust organization.
- **Test type**: Select _Traceroute_.
- **Test frequency**: Specify how often the test will run. Input a minute value between 5 and 60.
4. Select **Add test**.
diff --git a/src/content/docs/cloudflare-one/insights/logs/audit-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/audit-logs.mdx
index 913ab013eefe6a..32da9d1c097d74 100644
--- a/src/content/docs/cloudflare-one/insights/logs/audit-logs.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/audit-logs.mdx
@@ -108,7 +108,7 @@ Cloudflare Access logs the following information when the user authenticates to
| **Hostname** | Hostname of the infrastructure target. |
| **Target ID** | UUID of the infrastructure target. |
| **SSH user** | The UNIX user, such as `root`, that the authenticating user specified when connecting to the infrastructure target. |
-| **SSH logs** | SSH commands that the user ran on the target. Requires configuring an [SSH encryption key](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/#ssh-command-logs) before the session begins. |
+| **SSH logs** | SSH commands that the user ran on the target. Requires configuring an [SSH encryption key](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/#ssh-command-logs) before the session begins. |
### Non-identity authentication
diff --git a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx
index 63b07c17952d16..330aa9b5f37ea7 100644
--- a/src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/gateway-logs/index.mdx
@@ -35,7 +35,7 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Query name** | Name of the domain that was queried. |
| **Query ID** | UUID of the query assigned by Cloudflare. |
-| **Email** | Email address of the user who registered the WARP client where traffic originated from. If a non-identity on-ramp (such as a [proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/)) or machine-level authentication (such as a [service token](/cloudflare-one/identity/service-tokens/)) was used, this value will be `non_identity@.cloudflareaccess.com`. |
+| **Email** | Email address of the user who registered the WARP client where traffic originated from. If a non-identity on-ramp (such as a [proxy endpoint](/cloudflare-one/team-and-resources/devices/agentless/pac-files/)) or machine-level authentication (such as a [service token](/cloudflare-one/identity/service-tokens/)) was used, this value will be `non_identity@.cloudflareaccess.com`. |
| **Action** | The [Action](/cloudflare-one/policies/gateway/dns-policies/#actions) Gateway applied to the query (such as Allow or Block). |
| **Time** | Date and time of the DNS query. |
| **Resolver decision** | The reason why Gateway applied a particular **Action** to the request. Refer to the [list of resolver decisions](#resolver-decisions). |
@@ -46,7 +46,7 @@ These settings will only apply to logs displayed in Zero Trust. Logpush data is
| Field | Description |
| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
-| **DNS location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
+| **DNS location** | [User-configured location](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) from where the DNS query was made. |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the matched policy. |
| **Policy description** | Description of the matched policy. |
@@ -145,7 +145,7 @@ Gateway can log failed connections in [network session logs](/logs/logpush/logpu
| Field | Description |
| ---------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
-| **DNS location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
+| **DNS location** | [User-configured location](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) from where the DNS query was made. |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the policy enforcing the decision Gateway made. |
| **Policy description** | Description of the matched policy. |
@@ -177,9 +177,9 @@ Gateway can log failed connections in [network session logs](/logs/logpush/logpu
| **Transport protocol** | Protocol over which the packet was sent. |
| **Detected Protocol** | The detected [network protocol](/cloudflare-one/policies/gateway/network-policies/protocol-detection/). |
| **SNI** | Host whose Server Name Indication (SNI) header Gateway will filter traffic against. |
-| **Virtual Network** | [Virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
+| **Virtual Network** | [Virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
| **Category details** | Category or categories associated with the packet. |
-| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
+| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/team-and-resources/devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
| **Application ID** | ID of the application that matched the domain. |
| **Application name** | Name of the application that matched the domain. |
@@ -213,7 +213,7 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
| Field | Description |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
-| **DNS location** | [User-configured location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) from where the DNS query was made. |
+| **DNS location** | [User-configured location](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) from where the DNS query was made. |
| **Policy name** | Name of the matched policy. |
| **Policy ID** | ID of the matched policy. |
| **Policy description** | Description of the matched policy. |
@@ -253,8 +253,8 @@ When an HTTP request results in an error, Gateway logs the first 512 bytes of th
| **Application ID** | ID of the application that matched the domain. |
| **Application name** | Name of the application that matched the domain. |
| **Categories** | [Content categories](/cloudflare-one/policies/gateway/domain-categories/) that the domain belongs to. |
-| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/connections/connect-devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
-| **Virtual Network** | [Virtual network](/cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
+| **Proxy endpoint** | [PAC file proxy endpoint](/cloudflare-one/team-and-resources/devices/agentless/pac-files/) Gateway forwarded traffic to, if applicable. |
+| **Virtual Network** | [Virtual network](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/tunnel-virtual-networks/) that the client is connected to. |
| **Sandbox scanned** | Status of the [file quarantine](/cloudflare-one/policies/gateway/http-policies/file-sandboxing/). |
#### File detection details
diff --git a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
index c1cfe8ab0b7135..753255327b480e 100644
--- a/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/logpush.mdx
@@ -50,7 +50,7 @@ Refer to [Logpush datasets](/logs/logpush/logpush-job/datasets/) for a list of a
| [Gateway DNS](/logs/logpush/logpush-job/datasets/account/gateway_dns/) | DNS queries inspected by Cloudflare Gateway |
| [Gateway HTTP](/logs/logpush/logpush-job/datasets/account/gateway_http/) | HTTP requests inspected by Cloudflare Gateway |
| [Gateway Network](/logs/logpush/logpush-job/datasets/account/gateway_network/) | Network packets inspected by Cloudflare Gateway |
-| [SSH Logs](/logs/logpush/logpush-job/datasets/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) |
+| [SSH Logs](/logs/logpush/logpush-job/datasets/account/ssh_logs/) | SSH command logs for [Access for Infrastructure targets](/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/) |
| [Zero Trust Network Session Logs](/logs/logpush/logpush-job/datasets/account/zero_trust_network_sessions/) | Network session logs for traffic proxied by Cloudflare Gateway |
## Parse DNS logs
diff --git a/src/content/docs/cloudflare-one/insights/logs/users.mdx b/src/content/docs/cloudflare-one/insights/logs/users.mdx
index 529d4b118acc71..d9bd9986d732a2 100644
--- a/src/content/docs/cloudflare-one/insights/logs/users.mdx
+++ b/src/content/docs/cloudflare-one/insights/logs/users.mdx
@@ -16,7 +16,7 @@ In [Zero Trust](https://one.dash.cloudflare.com/), go to **My Team** > **Users**
### Available logs
-* **User Registry identity**: Select the user's name to view their last seen identity. This identity is used to evaluate Gateway policies and WARP [device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/). A refresh occurs when the user re-authenticates WARP, logs into an Access application, or has their IdP group membership updated via SCIM provisioning. To track how the user's identity has changed over time, go to the **Audit logs** tab.
+* **User Registry identity**: Select the user's name to view their last seen identity. This identity is used to evaluate Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/). A refresh occurs when the user re-authenticates WARP, logs into an Access application, or has their IdP group membership updated via SCIM provisioning. To track how the user's identity has changed over time, go to the **Audit logs** tab.
* **Session identities**: The user's active sessions, the identity used to authenticate each session, and when each session will [expire](/cloudflare-one/identity/users/session-management/).
* **Devices**: Devices registered to the user via WARP.
* **Recent activities**: The user's five most recent Access login attempts. For more details, refer to your [authentication audit logs](/cloudflare-one/insights/logs/audit-logs/#authentication-audit-logs).
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/index.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/index.mdx
similarity index 89%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/index.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/index.mdx
index 1af13d5fd49f91..592a5b97a6dec1 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/index.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/index.mdx
@@ -7,10 +7,10 @@ sidebar:
import { TabItem, Tabs, Render } from "~/components";
-Remotely-managed tunnels run as a service on your OS. You can modify the Cloudflare Tunnel service with one or more [general-purpose tunnel parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/).
+Remotely-managed tunnels run as a service on your OS. You can modify the Cloudflare Tunnel service with one or more [general-purpose tunnel parameters](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/).
:::note
-For instructions on configuring a locally-managed tunnel, refer to the [configuration file documentation](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/configuration-file/).
+For instructions on configuring a locally-managed tunnel, refer to the [configuration file documentation](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/).
:::
## Update tunnel run parameters
@@ -140,11 +140,11 @@ On Windows, Cloudflare Tunnel installs itself as a system service using the Regi
## Update origin configuration
-To configure how `cloudflared` sends requests to your [published applications](/cloudflare-one/connections/connect-networks/routing-to-tunnel/):
+To configure how `cloudflared` sends requests to your [published applications](/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/):
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels**.
2. Choose a tunnel and select **Configure**.
3. Select the **Published application routes** tab.
4. Choose an application and select **Edit**.
-5. Under **Additional application settings**, modify one or more [origin configuration parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/origin-parameters/).
+5. Under **Additional application settings**, modify one or more [origin configuration parameters](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/).
6. Select **Save**.
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/origin-parameters.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters.mdx
similarity index 88%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/origin-parameters.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters.mdx
index f8f6b6071dd4b9..67ca295adee84d 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/origin-parameters.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters.mdx
@@ -6,7 +6,7 @@ sidebar:
---
-Origin configuration parameters determine how `cloudflared` proxies traffic to your origin server. If you are using remotely-managed tunnels (default), configure these settings [using the dashboard or API](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/#update-origin-configuration). If you are using [locally-managed tunnels](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/), add these parameters to your [configuration file](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/configuration-file/).
+Origin configuration parameters determine how `cloudflared` proxies traffic to your origin server. If you are using remotely-managed tunnels (default), configure these settings [using the dashboard or API](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/#update-origin-configuration). If you are using [locally-managed tunnels](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/), add these parameters to your [configuration file](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/).
## TLS settings
@@ -173,7 +173,7 @@ The timeout after which a TCP keepalive packet is sent on a connection between C
Requires `cloudflared` to validate the [Cloudflare Access JWT](/cloudflare-one/identity/authorization-cookie/validating-json/) prior to proxying traffic to your origin. You can enforce this check on public hostname services that are protected by an Access application. For all L7 requests to these hostnames, Access will send the JWT to `cloudflared` as a `Cf-Access-Jwt-Assertion` request header.
-To enable this security control in a [configuration file](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/configuration-file/#origin-configuration), [get the AUD tag](/cloudflare-one/identity/authorization-cookie/validating-json/#get-your-aud-tag) for your Access application and add the following rule to `originRequest`:
+To enable this security control in a [configuration file](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/#origin-configuration), [get the AUD tag](/cloudflare-one/identity/authorization-cookie/validating-json/#get-your-aud-tag) for your Access application and add the following rule to `originRequest`:
```yml
access:
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters.mdx
similarity index 87%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters.mdx
index f78522d83cc068..2f7a652eaf10ad 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters.mdx
@@ -7,9 +7,9 @@ sidebar:
import { Render } from "~/components";
-This page lists general-purpose configuration options that you can [add](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/#update-tunnel-run-parameters) to the `cloudflared tunnel run` command.
+This page lists general-purpose configuration options that you can [add](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/#update-tunnel-run-parameters) to the `cloudflared tunnel run` command.
-Alternatively, if you are running a [locally-managed tunnel](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/) you can add these flags to your [configuration file](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/configuration-file/) as key/value pairs.
+Alternatively, if you are running a [locally-managed tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/) you can add these flags to your [configuration file](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/) as key/value pairs.
## `autoupdate-freq`
@@ -32,7 +32,7 @@ For locally-managed tunnels only.
| ------------------------------------------------------- | --------------------------- |
| `cloudflared tunnel --config run ` | `~/.cloudflared/config.yml` |
-Specifies the path to a [configuration file](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/configuration-file/) in YAML format.
+Specifies the path to a [configuration file](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/) in YAML format.
## `edge-bind-address`
@@ -84,9 +84,9 @@ Specifies the verbosity of logging for the local `cloudflared` instance. Availab
| Syntax | Default | Environment Variable |
| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -------------------- |
-| `cloudflared tunnel --metrics run ` | Refer to [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/) | `TUNNEL_METRICS` |
+| `cloudflared tunnel --metrics run ` | Refer to [Tunnel metrics](/cloudflare-one/networks/connectors/cloudflare-tunnel/monitor-tunnels/metrics/) | `TUNNEL_METRICS` |
-Exposes a Prometheus endpoint on the specified IP address and port, which you can then query for [usage metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/).
+Exposes a Prometheus endpoint on the specified IP address and port, which you can then query for [usage metrics](/cloudflare-one/networks/connectors/cloudflare-tunnel/monitor-tunnels/metrics/).
## `no-autoupdate`
@@ -113,7 +113,7 @@ For locally-managed tunnels only.
| ----------------------------------------------------------- | ------------------------- | -------------------- |
| `cloudflared tunnel --origincert run ` | `~/.cloudflared/cert.pem` | `TUNNEL_ORIGIN_CERT` |
-Specifies the [account certificate](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/tunnel-permissions/) for one of your zones, authorizing the client to serve as an origin for that zone. You can obtain a certificate by using the `cloudflared tunnel login` command or by visiting `https://dash.cloudflare.com/argotunnel`.
+Specifies the [account certificate](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/tunnel-permissions/) for one of your zones, authorizing the client to serve as an origin for that zone. You can obtain a certificate by using the `cloudflared tunnel login` command or by visiting `https://dash.cloudflare.com/argotunnel`.
## `pidfile`
@@ -151,7 +151,7 @@ The `auto` value will automatically configure the `quic` protocol. If `cloudflar
Allows you to choose the regions to which connections are established. Currently the only available value is `us`, which routes all connections through data centers in the United States. Omit or leave empty to connect to the global region.
-When the region is set to `us`, `cloudflared` uses different US-specific hostnames and IPs. Refer to [Tunnel with firewall](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall/#region-us) for details.
+When the region is set to `us`, `cloudflared` uses different US-specific hostnames and IPs. Refer to [Tunnel with firewall](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall/#region-us) for details.
## `retries`
@@ -180,7 +180,7 @@ For remotely-managed tunnels only.
| ----------------------------------------------- | -------------------- |
| `cloudflared tunnel run --token ` | `TUNNEL_TOKEN` |
-Associates the `cloudflared` instance with a specific tunnel. The tunnel's token is shown in the dashboard when you first [create the tunnel](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/). You can also retrieve the token using the [API](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/token/methods/get/).
+Associates the `cloudflared` instance with a specific tunnel. The tunnel's token is shown in the dashboard when you first [create the tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/). You can also retrieve the token using the [API](/api/resources/zero_trust/subresources/tunnels/subresources/cloudflared/subresources/token/methods/get/).
## `token-file`
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/index.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/index.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/index.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/index.mdx
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/remote-tunnel-permissions.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/remote-tunnel-permissions.mdx
index 0b7446a3eb91ba..227975464be10f 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/remote-tunnel-permissions.mdx
@@ -53,7 +53,7 @@ The token value can be found in the `result`.
## Rotate a token without service disruption
-Cloudflare recommends rotating the tunnel token at a regular cadence to reduce the risk of token compromise. You can rotate a token with minimal disruption to users as long as the tunnel is served by at least two [`cloudflared` replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/). To ensure service availability, we recommend performing token rotations outside of working hours or in a maintenance window.
+Cloudflare recommends rotating the tunnel token at a regular cadence to reduce the risk of token compromise. You can rotate a token with minimal disruption to users as long as the tunnel is served by at least two [`cloudflared` replicas](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/). To ensure service availability, we recommend performing token rotations outside of working hours or in a maintenance window.
To rotate a tunnel token:
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/deploy-replicas.mdx
similarity index 85%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/deploy-replicas.mdx
index 2a5fb27db74dab..1975491d863fb2 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/deploy-replicas.mdx
@@ -12,12 +12,12 @@ To deploy multiple instances of `cloudflared`, you can create and configure one
You can run the same tunnel across various `cloudflared` processes for up to 100 connections (25 replicas) per tunnel. Cloudflare Load Balancers and DNS records can still point to the tunnel and its UUID. Traffic will be sent to all `cloudflared` processes associated with the tunnel.
:::tip[Deploy replicas in Kubernetes]
-For information about running `cloudflared` in a Kubernetes deployment, refer to the [Kubernetes guide](/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes/).
+For information about running `cloudflared` in a Kubernetes deployment, refer to the [Kubernetes guide](/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/kubernetes/).
:::
## Remotely-managed tunnels
-1. To create a remotely-managed tunnel, follow the [dashboard setup guide](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
+1. To create a remotely-managed tunnel, follow the [dashboard setup guide](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/).
2. On the **Tunnels** page, select your newly created tunnel.
3. In the side panel, scroll down to **Connectors** to view the `cloudflared` instances for that tunnel.
3. Select **Edit**.
@@ -28,7 +28,7 @@ The new replica will appear on the **Connectors** list for the tunnel. All repli
## Locally-managed tunnels
-1. To create a locally-managed tunnel, complete Steps 1 through 5 in the [CLI setup guide](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/).
+1. To create a locally-managed tunnel, complete Steps 1 through 5 in the [CLI setup guide](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/create-local-tunnel/).
2. Run your newly created tunnel.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/index.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/index.mdx
similarity index 81%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/index.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/index.mdx
index 5f22d11ba75dd4..617ab8032c6ead 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/index.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/index.mdx
@@ -39,9 +39,9 @@ By design, replicas do not offer any level of traffic steering (random, hash, or
- To provide additional points of availability for a single tunnel.
- To allocate failover nodes within your network.
-- To update the configuration of a tunnel [without downtime](/cloudflare-one/connections/connect-networks/downloads/update-cloudflared/#update-with-multiple-cloudflared-instances).
+- To update the configuration of a tunnel [without downtime](/cloudflare-one/networks/connectors/cloudflare-tunnel/downloads/update-cloudflared/#update-with-multiple-cloudflared-instances).
-For setup instructions, refer to [Deploy cloudflared replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas/).
+For setup instructions, refer to [Deploy cloudflared replicas](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/deploy-replicas/).
## Cloudflare Load Balancers
@@ -79,11 +79,11 @@ graph LR
- To get a [health alert](/notifications/notification-available/#load-balancing) when a tunnel reaches an inactive state.
- To distribute traffic more evenly across your Cloudflare Tunnel-accessible origins or endpoints.
-For setup instructions, refer to [Public load balancers](/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/) or [Private Network Load Balancing](/load-balancing/private-network/) depending on your [use case](#types-of-load-balancers).
+For setup instructions, refer to [Public load balancers](/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/public-load-balancers/) or [Private Network Load Balancing](/load-balancing/private-network/) depending on your [use case](#types-of-load-balancers).
### Types of load balancers
There are two types of load balancers that you can use with Cloudflare Tunnel endpoints:
-- [Public load balancers](/cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/) steer traffic from the Internet to applications published on a Cloudflare domain. Use this method if your service is served by Cloudflare Tunnel via a [published application route](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/#2a-publish-an-application).
-- [Private load balancers](/load-balancing/private-network/) steer traffic from WARP clients, Magic WAN, and other on-ramps to an internal IP on your private network. Use this method if your service is connected to Cloudflare Tunnel via a [CIDR route](/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-cidr/).
+- [Public load balancers](/cloudflare-one/networks/connectors/cloudflare-tunnel/routing-to-tunnel/public-load-balancers/) steer traffic from the Internet to applications published on a Cloudflare domain. Use this method if your service is served by Cloudflare Tunnel via a [published application route](/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/create-remote-tunnel/#2a-publish-an-application).
+- [Private load balancers](/load-balancing/private-network/) steer traffic from WARP clients, Magic WAN, and other on-ramps to an internal IP on your private network. Use this method if your service is connected to Cloudflare Tunnel via a [CIDR route](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-cidr/).
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/system-requirements.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/system-requirements.mdx
similarity index 88%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/system-requirements.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/system-requirements.mdx
index e7cb89c5c7c2c3..dc5d5a91016a2b 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/system-requirements.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/system-requirements.mdx
@@ -13,7 +13,7 @@ Our connector, `cloudflared`, was designed to be lightweight and flexible enough
For most use cases, we recommend the following baseline configuration:
-- Run a [`cloudflared` replica](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/#cloudflared-replicas) on two dedicated host machines per network location. Using two hosts enables server-side redundancy.
+- Run a [`cloudflared` replica](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/#cloudflared-replicas) on two dedicated host machines per network location. Using two hosts enables server-side redundancy.
- Size each host with minimum 4GB of RAM and 4 CPU cores.
- Allocate 50,000 [ports](#number-of-ports) to the `cloudflared` process on each host.
@@ -59,7 +59,7 @@ netsh int ipv6 set dynamicport udp start=11000 num=50000
### Private DNS
-DNS queries utilize [more system resources](#estimated-throughput) compared to TCP and non-DNS UDP requests. To optimize service availability, Cloudflare recommends splitting [private DNS traffic](/cloudflare-one/connections/connect-networks/private-net/cloudflared/private-dns/) into its own Cloudflare Tunnel. The tunnel should run on a dedicated host and only include routes for your internal DNS resolver IPs.
+DNS queries utilize [more system resources](#estimated-throughput) compared to TCP and non-DNS UDP requests. To optimize service availability, Cloudflare recommends splitting [private DNS traffic](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/private-dns/) into its own Cloudflare Tunnel. The tunnel should run on a dedicated host and only include routes for your internal DNS resolver IPs.
### ulimits
@@ -101,7 +101,7 @@ Our [baseline recommendations](#recommendations) serve as a starting point for a
To calculate your tunnel capacity:
1. Set up a [metrics service](/cloudflare-one/tutorials/grafana/) when you run the tunnel.
-2. After a week or so, query the following [tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#cloudflared-metrics):
+2. After a week or so, query the following [tunnel metrics](/cloudflare-one/networks/connectors/cloudflare-tunnel/monitor-tunnels/metrics/#cloudflared-metrics):
- `cloudflared_tcp_total_sessions`
- `cloudflared_udp_total_sessions`
3. Compute the average **TCP requests per second** and **Non-DNS UDP requests per second** by dividing total sessions by total time.
@@ -110,4 +110,4 @@ To calculate your tunnel capacity:
-You can use these results to determine if your tunnel is appropriately sized. To increase your tunnel capacity, add identical host machines running [`cloudflared` replicas](/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/#cloudflared-replicas).
+You can use these results to determine if your tunnel is appropriately sized. To increase your tunnel capacity, add identical host machines running [`cloudflared` replicas](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-availability/#cloudflared-replicas).
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall.mdx
similarity index 97%
rename from src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall.mdx
index afeedd7b61f707..c557ffb3f855bf 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/tunnel-with-firewall.mdx
@@ -68,7 +68,7 @@ This rule is only required for firewalls that enforce SNI.
### Region US
-When using the [US region](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/#region), ensure your firewall allows outbound connections to these US-region destinations on port `7844` (TCP/UDP) for tunnel operation.
+When using the [US region](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/run-parameters/#region), ensure your firewall allows outbound connections to these US-region destinations on port `7844` (TCP/UDP) for tunnel operation.
#### `us-region1.v2.argotunnel.com`
@@ -112,7 +112,7 @@ Allows `cloudflared` to download the latest release and perform a software updat
#### `.cloudflareaccess.com`
-Allows `cloudflared` to validate the Access JWT. Only required if the [`access`](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/origin-parameters/#access) setting is enabled.
+Allows `cloudflared` to validate the Access JWT. Only required if the [`access`](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cloudflared-parameters/origin-parameters/#access) setting is enabled.
| IPv4 | IPv6 | Port | Protocols |
| ------------------------------- | ------------------------------------------------------- | ---- | ----------- |
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/ansible.mdx
similarity index 91%
rename from src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/ansible.mdx
index 231f1939f6bd7a..cb917728c9eb51 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/ansible.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/ansible.mdx
@@ -9,14 +9,14 @@ import { Render } from "~/components";
Ansible is a software tool that enables at scale management of infrastructure. Ansible is agentless — all it needs to function is the ability to SSH to the target and Python installed on the target.
-Ansible works alongside Terraform to streamline the Cloudflare Tunnel setup process. In this guide, you will use Terraform to deploy an SSH server on Google Cloud and create a [locally-managed tunnel](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/) that makes the server available over the Internet. Terraform will automatically run an Ansible playbook that installs and configures `cloudflared` on the server.
+Ansible works alongside Terraform to streamline the Cloudflare Tunnel setup process. In this guide, you will use Terraform to deploy an SSH server on Google Cloud and create a [locally-managed tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/create-local-tunnel/) that makes the server available over the Internet. Terraform will automatically run an Ansible playbook that installs and configures `cloudflared` on the server.
## Prerequisites
To complete the steps in this guide, you will need:
- [A Google Cloud Project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project) and [GCP CLI installed and authenticated](https://cloud.google.com/sdk/docs/install).
-- [Basic knowledge of Terraform](/cloudflare-one/connections/connect-networks/deployment-guides/terraform/) and [Terraform installed](https://developer.hashicorp.com/terraform/tutorials/certification-associate-tutorials/install-cli).
+- [Basic knowledge of Terraform](/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform/) and [Terraform installed](https://developer.hashicorp.com/terraform/tutorials/certification-associate-tutorials/install-cli).
- [A zone on Cloudflare](/fundamentals/manage-domains/add-site/).
- [A Cloudflare API token](/fundamentals/api/get-started/create-token/) with `Cloudflare Tunnel` and `DNS` permissions.
@@ -133,7 +133,7 @@ The following configuration will modify settings in your Cloudflare account.
### Configure GCP resources
-The following configuration defines the specifications for the GCP virtual machine and installs Python3 on the machine. Python3 allows Ansible to configure the GCP instance instead of having to run a [startup script](/cloudflare-one/connections/connect-networks/deployment-guides/terraform/#create-a-startup-script) on boot.
+The following configuration defines the specifications for the GCP virtual machine and installs Python3 on the machine. Python3 allows Ansible to configure the GCP instance instead of having to run a [startup script](/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform/#create-a-startup-script) on boot.
1. In your configuration directory, create a `.tf` file:
@@ -202,7 +202,7 @@ The following configuration defines the specifications for the GCP virtual machi
### Export variables to Ansible
-The following Terraform resource exports the [tunnel token](/cloudflare-one/connections/connect-networks/configure-tunnels/remote-tunnel-permissions/) and other variables to `tf_ansible_vars_file.yml`. Ansible will use the tunnel token to configure and run `cloudflared` on the server.
+The following Terraform resource exports the [tunnel token](/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/remote-tunnel-permissions/) and other variables to `tf_ansible_vars_file.yml`. Ansible will use the tunnel token to configure and run `cloudflared` on the server.
1. In your configuration directory, create a new `tf` file:
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/aws.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/aws.mdx
similarity index 77%
rename from src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/aws.mdx
rename to src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/aws.mdx
index 9bff936eb84c9f..997b09ed5b4378 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/deployment-guides/aws.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/aws.mdx
@@ -23,7 +23,7 @@ We will deploy:
To complete the following procedure, you will need to:
- [Add a website to Cloudflare](/fundamentals/manage-domains/add-site/)
-- [Deploy the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/) on an end-user device
+- [Deploy the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/) on an end-user device
## 1. Create a VM instance in AWS
@@ -96,10 +96,10 @@ EOF
## 4. Connect using a private IP
-[Private network routes](/cloudflare-one/connections/connect-networks/private-net/cloudflared/) allow users to connect to your virtual private cloud (VPC) using the WARP client. To add a private network route for your Cloudflare Tunnel:
+[Private network routes](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/) allow users to connect to your virtual private cloud (VPC) using the WARP client. To add a private network route for your Cloudflare Tunnel:
1. In the **CIDR** tab, enter the **Private IPv4 address** of your AWS instance (for example, `172.31.19.0`). You can expand the IP range later if necessary.
-2. In your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route), make sure the private IP is routing through WARP. For example, if you are using Split Tunnels in **Exclude** mode, delete `172.16.0.0/12`. We recommend re-adding the IPs that are not explicitly used by your AWS instance.
+2. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route), make sure the private IP is routing through WARP. For example, if you are using Split Tunnels in **Exclude** mode, delete `172.16.0.0/12`. We recommend re-adding the IPs that are not explicitly used by your AWS instance.
To determine which IP addresses to re-add, subtract your AWS instance IPs from `172.16.0.0/12`:
@@ -114,7 +114,7 @@ EOF
Add the results back to your Split Tunnel Exclude mode list.
3. To test on a user device:
- 1. [Log in to the WARP client](/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/).
+ 1. [Log in to the WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/).
2. Open a terminal window and connect to the service using its private IP:
```sh
@@ -124,7 +124,7 @@ EOF