diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/dns-over-tls.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/dns-over-tls.mdx index ae01c53e94f1b10..ada21ced9746b84 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/dns-over-tls.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/dns-over-tls.mdx @@ -15,8 +15,8 @@ Cloudflare supports DoT on standard port `853` over TLS 1.2 and TLS 1.3 in compl Each Gateway DNS location has a unique DoT hostname. DNS locations and corresponding DoT hostnames have policies associated with them. -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **DNS locations**. -2. [Add a new location](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) or select an existing location from the list. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolvers & Proxies**. +2. Under **DNS locations**, [add a new location](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) or select an existing location from the list. 3. Under **DoT endpoint**, copy the value in **DoT addresses**. The DoT hostname contains your unique location name. For example, if the DoT hostname is `9y65g5srsm.cloudflare-gateway.com`, the location name is `9y65g5srsm`. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx index 391a497480f4f14..86015846f4011ae 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx @@ -9,8 +9,8 @@ When you create a DNS location, Gateway assigns IPv4/IPv6 addresses and DoT/DoH To view the resolver endpoint IP addresses and hostnames for a DNS location: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **DNS locations**. -2. Locate the DNS location, then select **Configure**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolvers & Proxies**. +2. Select the DNS location, then select **Edit**. 3. Go to **Setup instructions**. The addresses and hostnames will appear in **Your configuration**. ## DNS query location matching diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files.mdx index f1afdbb3916cc13..f6d65edc7c9860a 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/pac-files.mdx @@ -29,7 +29,7 @@ Install a [Cloudflare certificate](/cloudflare-one/team-and-resources/devices/us ## 1. Generate a proxy endpoint -You can generate a proxy endpoint on the Zero Trust dashboard or through the Cloudflare API. +You can generate a proxy endpoint in Cloudflare One or through the Cloudflare API. :::caution All devices you add to the proxy endpoint will be able to access your Cloudflare Tunnel applications and services. If you only want to proxy web traffic, you can build a network policy that blocks those source IPs from connecting to your internal resources. @@ -39,9 +39,9 @@ All devices you add to the proxy endpoint will be able to access your Cloudflare -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Proxy endpoints**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolves & Proxies** > **Proxy endpoints**. -2. Select **Create endpoint**. +2. Select **Create proxy endpoint**. 3. Give your endpoint any name. @@ -116,7 +116,7 @@ https://.proxy.cloudflare-gateway.com ## 2. Test your proxy server -1. In [Zero Trust](https://one.dash.cloudflare.com/), create an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) for testing purposes. For example: +1. In [Cloudflare One](https://one.dash.cloudflare.com/), create an [HTTP policy](/cloudflare-one/traffic-policies/http-policies/) for testing purposes. For example: | Selector | Operator | Value | Action | | -------- | -------- | ------------- | ------ | @@ -206,7 +206,7 @@ To get the domain of a proxy endpoint: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Proxy endpoints**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Networks** > **Resolves & Proxies** > **Proxy endpoints**. 2. Choose the proxy endpoint. Select **Edit**. 3. In **Proxy Endpoint**, copy the domain. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx index 48e863f21e39b4b..58628965dc645a6 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx @@ -40,8 +40,8 @@ WARP versions prior to 2024.12.554.0 will only install the certificate set to ** To configure WARP to install a root certificate on your organization's devices: 1. (Optional) [Upload](/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate/) a custom root certificate to Cloudflare. -2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. -3. Turn on [**Install CA to system certificate store**](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store). +2. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Management**. +3. Under **Global WARP settings**, turn on [**Install CA to system certificate store**](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#install-ca-to-system-certificate-store). 4. [Install](/cloudflare-one/team-and-resources/devices/warp/download-warp/) the WARP client on the device. 5. [Enroll the device](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/) in your Zero Trust organization. 6. (Optional) If the device is running macOS Big Sur or newer, [manually trust the certificate](#manually-trust-the-certificate). diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate.mdx index dfa6ff72f0ca23c..8baa0be47e604ea 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate.mdx @@ -66,11 +66,12 @@ openssl x509 -in .pem -text -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. In **Certificates**, select **Manage**. -3. Select **Upload certificate**. -4. Enter the private key and SSL certificate you generated or select **Paste certificate from file** to upload them from a file. -5. Select **Generate certificate**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Certificates and downloads**. +2. Select **View**. +3. In **Cloudflare certificates**, select **Manage**. +4. Select **Upload certificate**. +5. Enter the private key and SSL certificate you generated or select **Paste certificate from file** to upload them from a file. +6. Select **Upload custom certificate**. You can now [use the generated custom root certificate](#use-a-custom-root-certificate) for inspection. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/index.mdx index 393b08eb95a8390..1687c52fc6e453f 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/index.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/index.mdx @@ -34,11 +34,12 @@ To generate a new Cloudflare root certificate for your Zero Trust organization: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. In **Certificates**, select **Manage**. -3. Select **Generate certificate**. -4. Choose a duration of time before the certificate expires. Cloudflare recommends expiration after five years. Alternatively, choose _Custom_ and enter a custom amount in days. -5. Select **Generate certificate**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Certificates and downloads**. +2. Select **View**. +3. In Cloudflare certificates, select **Manage**. +4. Select **Generate certificate**. +5. Choose a duration of time before the certificate expires. Cloudflare recommends expiration after five years. Alternatively, choose _Custom_ and enter a custom amount in days. +6. Select **Generate certificate**. @@ -68,10 +69,11 @@ To activate your root certificate: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. In **Certificates**, select **Manage**. -3. Select the certificate you want to activate. -4. Select **Activate**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Certificates and downloads**. +2. Select **View**. +3. In Cloudflare certificates, select **Manage**. +4. Select the certificate you want to activate. +5. Select **Activate**. @@ -92,10 +94,11 @@ Once you deploy and install your certificate, you can turn it on for use in insp -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. In **Certificates**, select **Manage**. -3. Select the certificate you want to turn on. -4. In **Basic information**, select **Confirm and turn on certificate**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Certificates and downloads**. +2. Select **View**. +3. In Cloudflare certificates, select **Manage**. +4. Select the certificate you want to turn on. +5. In **Basic information**, select **Confirm and turn on certificate**. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx index d6dc9ae89a15a97..58af6bf4f721cd1 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment.mdx @@ -26,10 +26,12 @@ You can only download Cloudflare-generated certificates from the Zero Trust dash First, [generate](/cloudflare-one/team-and-resources/devices/user-side-certificates/#generate-a-cloudflare-root-certificate) and download a Cloudflare certificate. The certificate is available in both `.pem` and `.crt` file format. Certain applications require the certificate to be in a specific file type, so ensure you download the most appropriate file for your use case. -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Resources**. -2. In **Certificates**, select **Manage**. -3. Select the certificate you want to download. -4. Depending on which format you want, choose **Download .pem** and/or **Download .crt**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Certificates and downloads**. +2. Select **View**. +3. In **Cloudflare certificates**, select **Manage**. +4. Select the certificate you want to download. +5. Select **More actions**. + - Depending on which format you want, choose **Download .pem** and/or **Download .crt**. Alternatively, you can download and install a certificate [using WARP](/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment/#install-a-certificate-using-warp). WARP will add the certificates to the device's system certificate store in `installed_certs/.pem`. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx index 2386a5ddd2771f2..0e44fcba7219614 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles.mdx @@ -13,8 +13,8 @@ import { Render, TabItem, Tabs, APIRequest } from "~/components"; -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**. -2. In the **Profile settings** card, select **Create profile**. This will make a copy of the **Default** profile. +1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Team & Resources** > **Devices** > **Device profiles**. +2. In the **Profile** card, select **Create new profile**. This will make a copy of the **Default** profile. 3. Enter any name for the profile. 4. Create rules to define the devices that will use this profile. Learn more about the available [Selectors](#selectors), [Operators](/cloudflare-one/traffic-policies/network-policies/#comparison-operators), and [Values](/cloudflare-one/traffic-policies/network-policies/#value). 5. Configure [WARP settings](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#device-settings) for these devices. @@ -109,13 +109,13 @@ Send a `POST` request to the [Devices API](/api/resources/zero_trust/subresource To verify the last active device profile for a specific device: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My Team** > **Devices**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices**. 2. Under devices, find your device. 3. Review the device profile under **Last active device profile**. -To verify the last active device profile for a user’s devices: +To verify the last active device profile for a user's devices: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My Team** > **Users**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Users**. 2. Under **User name**, find the user you would like to investigate. 3. Select **Devices** to see all devices used by the user. 4. Find the device you want to investigate and verify the last active device profile for that device under the **Device profile** column. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks.mdx index 4b82bd4b7a88742..3b286ed94fb18d4 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks.mdx @@ -206,12 +206,12 @@ SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8 -## 3. Add managed network to Zero Trust +## 3. Add managed network to Cloudflare One -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**. -2. Scroll down to **Network locations** and select **Add new**. +1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Team & Resources** > **Devices** > **Device profiles**. +2. Select **Managed networks** and select **Add new managed network**. 3. Name your network location. 4. In **Host and Port**, enter the private IP address and port number of your [TLS endpoint](#create-a-new-tls-endpoint) (for example, `192.168.185.198:3333`). @@ -220,6 +220,7 @@ SHA256 Fingerprint=DD4F4806C57A5BBAF1AA5B080F0541DA75DB468D0A1FE731310149500CCD8 ::: 5. (Optional) In **TLS Cert SHA-256**, enter the [SHA-256 fingerprint](#2-extract-the-sha-256-fingerprint) of the TLS certificate. This field is only needed for self-signed certificates. If a TLS fingerprint is not supplied, WARP validates the certificate against the local certificate store and checks that it is signed by a public certificate authority. +6. Select **Save**. @@ -253,9 +254,9 @@ If a device profile uses [Split Tunnels](/cloudflare-one/team-and-resources/devi -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**. +1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Team & Resources** > **Devices** > **Device profiles**. -2. Under **Profile settings**, create a new [settings profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) or edit an existing profile. +2. Under **Profiles**, create a new [profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) or edit an existing profile. 3. To apply this profile whenever a device connects to your network, add the following rule: diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx index 1d50b410a56b2ed..3e6f91d9a6aafce 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx @@ -99,10 +99,10 @@ Due to platform differences, mobile clients can only apply Split Tunnels rules w Removing default Split Tunnel entries may cause users to lose Internet connectivity or block their access to local resources. ::: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. -2. Under **Device settings**, locate the [device profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) you would like to modify and select **Configure**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Device profiles**. +2. Under **Profiles**, locate the [device profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) you would like to modify and select **Edit**. 3. Under **Split Tunnels**, select **Manage**. -4. Find the IP address or hostname in the list and select **Delete**. +4. Find the IP address or hostname in the list and select the **Action** button. From the dropdown, select _Delete_. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx index 248f5f382efe4a5..3d5dfce90607c11 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/device-information-only.mdx @@ -36,13 +36,15 @@ Using the API, enable client certificate provisioning for [your zone](/fundament ## 2. Configure the WARP client -1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**. +1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Team & Resources** > **Devices** > **Device profiles**. -2. Under **Profile settings** card, choose a [device profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) and select **Configure**. +2. Under **Profiles**, choose a [device profile](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) and select **Edit**. 3. For **Service mode**, select **Device Information Only**. -4. [Enroll your device](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/) into your Zero Trust organization. +4. Select **Save profile**. + +5. [Enroll your device](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/) into your Zero Trust organization. When enrolled in Device Information Only mode, the WARP client will automatically generate a client certificate and install the certificate on the device. This certificate is necessary to confirm the source of outgoing traffic. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx index a8ddd154127fd48..74a3c6fab6b0637 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx @@ -30,7 +30,7 @@ You can allow users to log in to Access applications using their WARP session. W To configure WARP sessions for Access applications: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Management**. 2. In **Device enrollment permissions**, select **Manage**. 3. Go to the **Login methods** tab and enable **WARP authentication identity**. 4. Under **Session duration**, choose a session timeout value. This timeout will apply to all Access applications that have WARP authentication enabled. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/index.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/index.mdx index 9ce1cbe156dc986..a8ec177a9217249 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/index.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/index.mdx @@ -56,7 +56,7 @@ If [Auto connect](#auto-connect) is enabled, WARP will automatically reconnect, To retrieve the one-time code for a user: 1. Enable **Admin override**. -2. Go to **My Team** > **Devices**. +2. Go to **Team & Resources** > **Devices**. 3. Select **View details** for a connected device. 4. Scroll down to **User details** and select the user's name. 5. Copy the 7-digit **Override code** shown in the side panel. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx index 2b80ba8951b1c4e..f9a4ca231cdb111 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx @@ -13,7 +13,7 @@ Each client supports the following set of parameters as part of their deployment :::note -Most of the parameters listed below are also configurable in Zero Trust under **Settings** > **Devices**. In the event of conflicting settings, the WARP client will always give precedence to settings on the local device (for example, in your `mdm.xml` or `com.cloudflare.warp.plist` files). +Most of the parameters listed below are also configurable in Cloudflare One under **Team & Resources** > **Devices**. In the event of conflicting settings, the WARP client will always give precedence to settings on the local device (for example, in your `mdm.xml` or `com.cloudflare.warp.plist` files). ::: diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx index d56f385614e1a35..661995efa9a7c45 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/intune.mdx @@ -132,33 +132,37 @@ Deploy configuration profiles (steps 1, 2, and 3) before the WARP application (s You must deploy a [user-side certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) so that devices managed by Intune can establish trust with Cloudflare when their traffic is inspected. -1. Log in to [Zero Trust](https://one.dash.cloudflare.com/). +1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Go to **Settings** > **Resources** > under **Certificates**, select **Manage**. +2. Go to **Settings** > **Certificates & downloads**. -3. Find your [certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) and select the three dotted icon next to it > select **Download .crt**. +3. Select **View**. -4. In the [Microsoft Intune admin center](https://intune.microsoft.com), go to **Devices** > select **macOS**. +4. Under **Certificates**, select **Manage**. + +5. Find your [certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) and select the three dotted icon next to it > select **Download .crt**. + +6. In the [Microsoft Intune admin center](https://intune.microsoft.com), go to **Devices** > select **macOS**. ![Intune admin console where you select macOS before creating a policy](~/assets/images/cloudflare-one/connections/intune/devices-macos.png) -5. Under **Manage devices**, select **Configuration**. +7. Under **Manage devices**, select **Configuration**. ![Intune admin console where you will create a new policy](~/assets/images/cloudflare-one/connections/intune/manage-devices-configuration.png) -6. Select **Create** > **New Policy**. +8. Select **Create** > **New Policy**. -7. For **Profile Type**, select _Templates_ > select **Trusted certificate** as the **Template name** > select **Create**. +9. For **Profile Type**, select _Templates_ > select **Trusted certificate** as the **Template name** > select **Create**. -8. In **Basics**, input the necessary field(s) and give your policy a name like `Cloudflare certificate` > select **Next**. +10. In **Basics**, input the necessary field(s) and give your policy a name like `Cloudflare certificate` > select **Next**. -9. For **Deployment Channel**, select **Device Channel**. +11. For **Deployment Channel**, select **Device Channel**. -10. Upload your file (Intune may request `.cer` format, though `.crt` files are also accepted) > select **Next**. +12. Upload your file (Intune may request `.cer` format, though `.crt` files are also accepted) > select **Next**. -11. In **Assignments**, select an option (for example, **Add all devices** or **Add all users**) that is valid for your scope. This will be the same scope for all steps. Select **Next**. +13. In **Assignments**, select an option (for example, **Add all devices** or **Add all users**) that is valid for your scope. This will be the same scope for all steps. Select **Next**. -12. Review your configuration in **Review + create** and select **Create**. +14. Review your configuration in **Review + create** and select **Create**. Sharing this certificate with Intune automates the installation of this certificate on your user devices, creating trust between browsers on a user's device and Cloudflare. @@ -294,30 +298,33 @@ By completing this step, you preconfigure WARP with your team settings so it con Complete Step 4 at least one hour after steps 1, 2, and 3 so clients have enough time to check in and update their device configurations. ::: -1. Log in to [Zero Trust](https://one.dash.cloudflare.com/). +1. Log in to [Cloudflare One](https://one.dash.cloudflare.com/). -2. Go to **Settings** > **Resources** > find macOS under **Download the WARP client** > select **Download release**. +2. Go to **Settings** > **Certificates and downloads**, and select **View**. + +3. Under **Download the WARP client**, find macOS, and select **Download release**. You will be taken to the WARP documentation on [stable releases for macOS](/cloudflare-one/team-and-resources/devices/warp/download-warp/#macos) and download a `.pkg` file. :::note[Repeat this step to update WARP when a new release is available] Every time WARP releases a new version, you must repeat this process and get a new `.pkg` file for the new WARP version. ::: -3. Log in to the [Microsoft Intune admin center](https://intune.microsoft.com), and go to **Apps** > **macOS**. -4. Select **Create**. +4. Log in to the [Microsoft Intune admin center](https://intune.microsoft.com), and go to **Apps** > **macOS**. + +5. Select **Create**. -5. For **App type**, select _macOS app (PKG)_. +6. For **App type**, select _macOS app (PKG)_. -6. In **App information**, select the `.pkg` file you downloaded and input required details. Enter `Cloudflare` as the Publisher. +7. In **App information**, select the `.pkg` file you downloaded and input required details. Enter `Cloudflare` as the Publisher. -7. In **Requirements**, refer to the OS versions listed in [stable releases for macOS](/cloudflare-one/team-and-resources/devices/warp/download-warp/#macos) and find what matches for you. +8. In **Requirements**, refer to the OS versions listed in [stable releases for macOS](/cloudflare-one/team-and-resources/devices/warp/download-warp/#macos) and find what matches for you. -8. In **Detection rules**, note that the WARP package will have filled in the App bundle ID and App version. +9. In **Detection rules**, note that the WARP package will have filled in the App bundle ID and App version. -9. In **Assignments**, select an option (for example, **Add all devices** or **Add all users**) that is valid for your scope. Select **Next**. +10. In **Assignments**, select an option (for example, **Add all devices** or **Add all users**) that is valid for your scope. Select **Next**. -10. Review your configuration in **Review + create** and select **Create**. +11. Review your configuration in **Review + create** and select **Create**. By completing this step, you deliver the WARP client to targeted macOS devices, either automatically (assignment scope set as **Required**) or on-demand (assignment scope as **Available**) through your company portal. @@ -335,8 +342,8 @@ Per-app VPN is supported on Cloudflare One Agent version `1.8` or greater for iO Before proceeding with per-app VPN configuration, you must make sure [Auto connect](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#auto-connect) is disabled in Zero Trust. To disable Auto connect: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. -2. Under **Device Settings**, select your device profile and select **Edit**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Device profiles**. +2. Under **Profiles**, select your device profile and select **Edit**. 3. Turn off **Auto Connect**. To configure per-app VPN: diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/jamf.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/jamf.mdx index 38f03169b746eac..ee6ab2ed8a4e5c0 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/jamf.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/partners/jamf.mdx @@ -80,8 +80,8 @@ Per-app VPN is supported on Cloudflare One Agent version `1.8` or greater for iO Before proceeding with per-app VPN configuration, you must make sure [Auto connect](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#auto-connect) is disabled in Zero Trust. To disable Auto connect: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. -2. Under **Device Settings**, select your device profile and select **Edit**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Device profiles**. +2. Under **Profiles**, select your device profile and select **Edit**. 3. Turn off **Auto Connect**. To configure per-app VPN: diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/common-issues.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/common-issues.mdx index da3fc4db484fc0f..70742c3130fd458 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/common-issues.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/common-issues.mdx @@ -81,7 +81,7 @@ To confirm that the VPN is the source of the issue, temporarily uninstall (not d #### Solution 1. Disable all DNS enforcement on the VPN. WARP must be the last client to touch the primary and secondary DNS server on the default interface. -2. In [Zero Trust](https://one.dash.cloudflare.com/), create a [Split Tunnel rule](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/) to exclude the VPN server you are connecting to (for example, `vpnserver.3rdpartyvpn.example.com`). +2. In [Cloudflare One](https://one.dash.cloudflare.com/), create a [Split Tunnel rule](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/) to exclude the VPN server you are connecting to (for example, `vpnserver.3rdpartyvpn.example.com`). 3. Configure your VPN to only include routes to your internal resources. Make sure that the VPN routes do not overlap with the routes [included in the WARP tunnel](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/). For more information, refer to our [guide](/cloudflare-one/team-and-resources/devices/warp/deployment/vpn/) for running VPNs alongside the WARP client. @@ -186,7 +186,7 @@ Some applications require traffic to flow either all inside or all outside of th #### Solution 1. Determine the IP addresses and/or domains required for your application to function. Common Internet search terms include ` split tunnel list`, ` allow list`, or ` firewall ips`. -2. In [Zero Trust](https://one.dash.cloudflare.com/), go to your [Split Tunnel settings](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/). +2. In [Cloudflare One](https://one.dash.cloudflare.com/), go to your [Split Tunnel settings](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/). 3. Depending on the application, either include or exclude all of the necessary IPs and/or domains. For Microsoft applications, we provide a [one-click action](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) to exclude all Microsoft 365 IPs. ## Troubleshooting diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx index fd3b884b008f412..35640fbd621ef99 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide.mdx @@ -10,7 +10,7 @@ import { MetaInfo, Render, Steps, Stream, Tabs, TabItem, Type } from "~/componen This guide helps you diagnose and resolve common issues with the Cloudflare WARP client. It covers how to troubleshoot the WARP client on desktop operating systems, including Windows, macOS, and Linux. 1. **Before you start**: [Prerequisites](#prerequisites), permissions, [version control](#check-your-warp-version), and WARP basics. -2. **Collect logs**: Through the [dashboard](#option-a-collect-logs-via-the-cloudflare-dashboard) (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`). +2. **Collect logs**: Through [Cloudflare One](#option-a-collect-logs-via-the-cloudflare-dashboard) (with DEX remote capture) or the [command-line interface](#option-b-collect-logs-via-the-cli) (CLI) (`warp-diag`). 3. **Review logs**: [Status](#check-warp-status), [settings](#check-warp-settings), [profile ID](#profile-id), [split tunnel](#exclude-mode-with-hostsips) configuration, and other settings. 4. **Fix common misconfigurations**: [Profile mismatch](#wrong-profile-id), [split tunnel issues](#wrong-split-tunnel-configuration), [managed network issues](#review-your-managed-network-settings), [user group mismatch](#check-a-users-group-membership). 5. **File a support ticket**: [How to file a ticket](#5-file-a-support-ticket) after you have exhausted your troubleshooting options. @@ -19,10 +19,10 @@ This guide helps you diagnose and resolve common issues with the Cloudflare WARP Cloudflare One includes two free AI helpers to speed up WARP investigations: -[**WARP Diagnostics Analyzer**](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/#warp-diagnostics-analyzer-beta) - Uses AI to parse a device’s WARP diagnostic log and summarizes key events, likely causes, and recommended next steps in a concise summary. This analyzer is available for logs collected via the dashboard. +[**WARP Diagnostics Analyzer**](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/warp-logs/#warp-diagnostics-analyzer-beta) - Uses AI to parse a device's WARP diagnostic log and summarizes key events, likely causes, and recommended next steps in a concise summary. This analyzer is available for logs collected via the dashboard. -[**DEX MCP server**](/cloudflare-one/insights/dex/dex-mcp-server/) — An AI tool that allows customers to ask a question like, "Show me the connectivity and performance metrics for the device used by carly‌@acme.com", and receive an answer that contains data from the DEX API. +[**DEX MCP server**](/cloudflare-one/insights/dex/dex-mcp-server/) — An AI tool that allows customers to ask a question like, "Show me the connectivity and performance metrics for the device used by carly@acme.com", and receive an answer that contains data from the DEX API. ::: @@ -47,16 +47,16 @@ After updating the WARP client, monitor the issue to see if it recurs. If the is 3. Select **About WARP**. 4. Compare your device's version with the [latest version of WARP](/cloudflare-one/team-and-resources/devices/warp/download-warp/). -#### Via the Zero Trust dashboard +#### Via the Cloudflare One dashboard -1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My Team** > **Devices**. +1. Log into [Cloudflare One](https://one.dash.cloudflare.com/) > go to **Team & Resources** > **Devices** > **Your devices**. 2. Select the device you want to investigate. 3. Find the device's WARP version under **Client version** in the side menu. 4. Compare your device's version with the [latest version of WARP](/cloudflare-one/team-and-resources/devices/warp/download-warp/). ### WARP basics -Understand the WARP client’s architecture, installation paths, and modes to help you diagnose issues with greater accuracy. +Understand the WARP client's architecture, installation paths, and modes to help you diagnose issues with greater accuracy. **Settings** > **WARP Client**. +1. Go to [Cloudflare One](https://one.dash.cloudflare.com/) > **Team & Resources** > **Devices** > **Device profiles**. 2. Find and select the device profile intended for the device. 3. Under **Profile details**, compare the displayed **Profile ID** with the `Profile ID` in the `warp-settings.txt` file. -If your organization has multiple device profiles defined in the Zero Trust dashboard, a device may be matched to an unexpected profile because: +If your organization has multiple device profiles defined in the Cloudflare One dashboard, a device may be matched to an unexpected profile because: - How [profile precedence](#review-profile-precedence) is configured. - [Managed network](#review-your-managed-network-settings) issues (if you are using a managed network.) @@ -378,8 +378,8 @@ When troubleshooting WARP for managed network issues: If you received a returned SHA-256 fingerprint: - 1. Log into [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP Client**. - 2. Go to **Manage Networks** > **Edit**. + 1. Log into [Cloudflare One](https://one.dash.cloudflare.com/), and go to **Team & Resources** > **Devices** > **Device profiles**. + 2. Go to **Managed networks** > **Edit**. 3. Compare the TLS Cert SHA-256 in the dashboard with the returned fingerprint in your terminal to ensure they match. 2. Use a single profile for a single location. @@ -392,7 +392,7 @@ If a user is having issues with a device profile, it may be because they are not To check that the user belongs to the intended group: -1. Log into [Zero Trust](https://one.dash.cloudflare.com/) > go to **My Team** > **Users**. +1. Log into [Cloudflare One](https://one.dash.cloudflare.com/) > go to **Team & Resources** > **Users**. 2. Select the user. 3. Under **User Registry Identity**, select the user's name. 4. The **Get-identity endpoint** lists all the groups the user belongs to. @@ -433,11 +433,11 @@ After downloading the WARP diagnostic logs, review that your configuration is wo `Include mode` means only traffic destined to the IPs or domains you specify will be sent through the WARP tunnel. ::: -2. Log into [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **WARP client**. +2. Log into [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Devices** > **Device profiles**. 3. Find and select the device profile intended for the device. 4. Select **Edit**. 5. Find **Split Tunnels** and note the mode you have selected > select **Manage**. -6. Cross-reference the IPs/hosts you have configured in the Zero Trust dashboard with the IPs/hosts listed in `warp-settings.txt`. +6. Cross-reference the IPs/hosts you have configured in the Cloudflare One dashboard with the IPs/hosts listed in `warp-settings.txt`. If your dashboard split tunnel configuration does not match your `warp-settings.txt` file configuration, you may need to force the WARP client to [update its settings](/cloudflare-one/team-and-resources/devices/warp/troubleshooting/troubleshooting-guide/#update-the-warp-clients-settings). diff --git a/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx b/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx index 8700a788e0aa4fc..9e90ac797fddb50 100644 --- a/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx +++ b/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx @@ -47,7 +47,7 @@ Cloudflare recommends creating an [Account API token](/fundamentals/api/get-star -1. Once you have configured an IdP in Zero Trust, go to the **Members** page to manage SSO connectors. +1. Once you have configured an IdP in Cloudflare One, go to the **Members** page to manage SSO connectors. @@ -190,7 +190,7 @@ Configure an identity provider (IdP)-initiated single sign-on (SSO) session usin #### Prerequisites -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications** > select your **SSO App**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications** > select your **SSO App**. 2. Select **Configure** to access the application settings. 3. In the **Basic Information** section, copy the **SSO Endpoint URL** and **Access Entity ID or Issuer**. You will need these values for your IdP setup. @@ -211,7 +211,7 @@ Configure an identity provider (IdP)-initiated single sign-on (SSO) session usin If you use only one IdP (for example, Okta) for Cloudflare SSO and want users to skip the identity provider selection prompt: -1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications** > select your **SSO App**. +1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications** > select your **SSO App**. 2. Go to **Login methods**. 3. Disable **Accept all available identity providers** and ensure only Okta is selected as the login method. 4. Enable **Instant Auth** to allow users to skip identity provider selection. @@ -399,7 +399,7 @@ Cloudflare does not allow you to change your t -4. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom Pages**. +4. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Reusable components** > **Custom pages**. 5. Under **Team domain**, select **Edit** to enter the new team name. Select **Save**. 6. In your identity provider, update your Cloudflare integration with the new team name. For example, if you are using a SAML IdP, you will need to update the Single Sign-on URL and Entity ID to `https://.cloudflareaccess.com/cdn-cgi/access/callback`. 7. Recreate any deleted SSO connectors using the steps in [Register your domain with Cloudflare for SSO](/fundamentals/manage-members/dashboard-sso/#2-register-your-domain-with-cloudflare-for-sso).