cloudflare · ranbel · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
@@ -14,13 +14,13 @@ Cloudflare One allows you to enforce custom device posture checks on your applic
 
 ```mermaid
 sequenceDiagram
-    participant WARP
+    participant Cloudflare One Client
 		participant Cloudflare Access
     participant External API
-    WARP->>Cloudflare Access: Client ID and Secret
+    Cloudflare One Client->>Cloudflare Access: Client ID and Secret
 		Cloudflare Access->>External API: Application token
-		WARP->>External API: JSON with user and device identity
-    External API-->>WARP: JSON with 0-100 result
+		Cloudflare One Client->>External API: JSON with user and device identity
+    External API-->>Cloudflare One Client: JSON with 0-100 result
 ```
 
 ## External API requirements
@@ -35,14 +35,14 @@ The Cloudflare One Client authenticates to the external API through Cloudflare A
 
 Cloudflare will pass the following parameters to the configured API endpoint. You can use this data to identify the device and assign a posture score. For some devices, not all identifying information will apply, in which case the field will be blank. A maximum of 1,000 devices will be sent per a request.
 
-| Field           | Description                                        |
-| --------------- | -------------------------------------------------- |
+| Field           | Description                                                  |
+| --------------- | ------------------------------------------------------------ |
 | `device_id`     | Device UUID assigned by the Cloudflare One Client            |
 | `email`         | Email address used to authenticate the Cloudflare One Client |
-| `serial_number` | Device serial number                               |
-| `mac_address`   | Device MAC address                                 |
-| `virtual_ipv4`  | Device virtual IPv4 address                        |
-| `hostname`      | Device name                                        |
+| `serial_number` | Device serial number                                         |
+| `mac_address`   | Device MAC address                                           |
+| `virtual_ipv4`  | Device virtual IPv4 address                                  |
+| `hostname`      | Device name                                                  |
 
 :::note
 

@@ -15,7 +15,10 @@ Our lightweight and open-source connector, [`cloudflared`](https://github.com/cl
 
 Cloudflare Tunnel allows users to deploy additional instances of our connector, `cloudflared`, for availability and failover scenarios. We refer to these unique instances as replicas. Each replica establishes four new connections which serve as additional points of ingress to your origin, should you need them. Each of the replicas will point to the same tunnel. This ensures that your network remains up in the event a single host running `cloudflared` goes down.
 
-<Render file="tunnel/availability/cloudflared-replicas-diagram" product="cloudflare-one" />
+<Render
+	file="tunnel/availability/cloudflared-replicas-diagram"
+	product="cloudflare-one"
+/>
 
 By design, replicas do not offer any level of traffic steering (random, hash, or round-robin). Instead, when a request arrives to Cloudflare, it will be forwarded to the replica that is geographically closest. If that distance calculation is unsuccessful or the connection fails, we will retry others, but there is no guarantee about which connection is chosen.
 
@@ -36,7 +39,7 @@ graph LR
     accTitle: Load balancing traffic to applications behind Cloudflare Tunnel
 
     A[Internet] --> C{Cloudflare <br> Load Balancer}
-    B[WARP clients] --> C
+    B[Cloudflare One Client] --> C
     M[Cloudflare WAN] --> C
     C -- Tunnel 1 --> cf1
     C -- Tunnel 2 --> cf2
@@ -74,4 +77,4 @@ There are two types of load balancers that you can use with Cloudflare Tunnel en
 
 :::note
 [Private hostname routes](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname/) are not currently compatible with Load Balancing. If your service is connected via a hostname route, use `cloudflared` [replicas](#cloudflared-replicas) for high availability.
-:::
+:::
@@ -21,14 +21,14 @@ This guide covers how to connect Cloudflare One Client user devices to a private
       router1["WARP Connector
         10.0.0.1"]
       end
-      W[WARP clients]-->C((Cloudflare))-->router1
+      W[Cloudflare One Client]-->C((Cloudflare))-->router1
 ```
 
 ## Prerequisites
 
 - A Linux host [^1] on the subnet.
 - For WARP Connector to connect to Cloudflare services, your firewall should allow inbound/outbound traffic for the [WARP IP addresses, ports, and domains](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/deployment/firewall/).
-- For Cloudflare One Clients to connect to your subnet, your firewall should allow inbound traffic from  your [device IPs](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/device-ips/).
+- For Cloudflare One Clients to connect to your subnet, your firewall should allow inbound traffic from your [device IPs](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/device-ips/).
 
 ## 1. Install a WARP Connector
 
@@ -43,8 +43,7 @@ This guide covers how to connect Cloudflare One Client user devices to a private
 Cloudflare One Clients and WARP Connectors are accessed using their [device IP](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/device-ips/). Therefore, traffic to your device IPs must route through Cloudflare on both the WARP Connector host and Cloudflare One Client devices.
 
 1. In your WARP Connector device profile, go to [Split Tunnels](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/split-tunnels/).
-2.
-	<Render file="tunnel/cgnat-split-tunnels" product="cloudflare-one" />
+2. <Render file="tunnel/cgnat-split-tunnels" product="cloudflare-one" />
 
 3. Repeat the previous steps for all Cloudflare One Client device profiles.
 
@@ -120,13 +119,11 @@ You can now send a request from a Cloudflare One Client user device to your subn
       router1["WARP Connector
         10.0.0.1"]
       end
-      W[WARP client]--ping 10.0.0.2 -->C((Cloudflare))-->router1
+      W[Cloudflare One Client]--ping 10.0.0.2 -->C((Cloudflare))-->router1
 ```
 
 [^1]:
     <Render
     	file="tunnel/warp-connector-linux-packages"
     	product="cloudflare-one"
     />
-
-
@@ -52,7 +52,7 @@ Because Gateway evaluates network and HTTP policies on every request, it maintai
 ```mermaid
 flowchart LR
 accTitle: Device posture policy enforcement
-A[Device] --schedule--> B[WARP client]--> C((Cloudflare)) --> D[Access policy]
+A[Device] --schedule--> B[Cloudflare One Client]--> C((Cloudflare)) --> D[Access policy]
 C --5 min--> E[Cache] --> F[Gateway policy]
 A --> G[Service provider] --interval--> C
 ```

@@ -18,16 +18,16 @@ In [DNS only mode](/cloudflare-one/team-and-resources/devices/cloudflare-one-cli
 
 The Cloudflare One Client allows organizations to have granular control over the applications an end user device can access. The client forwards DNS and network traffic from the device to Cloudflare's global network, where Zero Trust policies are applied in the cloud. On all operating systems, the WARP daemon maintains three connections between the device and Cloudflare:
 
-| Connection                                                                                                                                    | Protocol | Purpose                                                                                                              |
-| --------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
+| Connection                                                                                                                                           | Protocol | Purpose                                                                                                              |
+| ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
 | WARP tunnel ([via WireGuard or MASQUE](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/#device-tunnel-protocol)) | UDP      | Send IP packets to Gateway for network policy enforcement, HTTP policy enforcement, and private network access.      |
-| [DoH](https://www.cloudflare.com/learning/dns/dns-over-tls/)                                                                                  | HTTPS    | Send DNS requests to Gateway for DNS policy enforcement. The DoH connection is maintained inside of the WARP tunnel. |
-| Device orchestration                                                                                                                          | HTTPS    | Perform user registration, check device posture, apply device client profile settings.                               |
+| [DoH](https://www.cloudflare.com/learning/dns/dns-over-tls/)                                                                                         | HTTPS    | Send DNS requests to Gateway for DNS policy enforcement. The DoH connection is maintained inside of the WARP tunnel. |
+| Device orchestration                                                                                                                                 | HTTPS    | Perform user registration, check device posture, apply device client profile settings.                               |
 
 ```mermaid
 flowchart LR
 subgraph Device
-W[WARP client] -.-> D
+W[Cloudflare One Client] -.-> D
 D[DNS proxy]
 W -.-> V[Virtual interface]
 end

@@ -30,11 +30,11 @@ When you use the Cloudflare One Client together with `cloudflared` Tunnels or th
 ```mermaid
 flowchart TD
     %% Accessibility
-    accTitle: How the WARP client handles DNS requests
-    accDescr: Flowchart describing how the WARP client routes DNS queries when using Local Domain Fallback, Split Tunnels, and Gateway resolver policies.
+    accTitle: How the Cloudflare One Client handles DNS requests
+    accDescr: Flowchart describing how the Cloudflare One Client routes DNS queries when using Local Domain Fallback, Split Tunnels, and Gateway resolver policies.
 
-    A(["WARP user requests resource"]) --> B["WARP client proxies all DNS traffic"]
-    B --> LDFCHK{"WARP checks if domain is listed in Local Domain Fallback policies"}
+    A(["User requests resource"]) --> B["Cloudflare One Client proxies all DNS traffic"]
+    B --> LDFCHK{"Cloudflare One Client checks if domain is listed in Local Domain Fallback policies"}
 
     %% Left branch (LDF exists)
     LDFCHK -- Domain exists in Local Domain Fallback policies --> C["Local Domain Fallback"]
@@ -50,9 +50,9 @@ flowchart TD
     GWALLOW -- Blocked by Gateway Network or HTTP Policy --> BLK(["Traffic blocked by Cloudflare"])
 
     OR --> ORCHK{"Onramp routes include resolver IP"}
-    ORCHK -- Onramp routes do not include resolver IP --> GP(["Gateway proxies query to resolver IP via normal WARP egress route"])
+    ORCHK -- Onramp routes do not include resolver IP --> GP(["Gateway proxies query to resolver IP via normal Cloudflare One Client egress route"])
     ORCHK -- Onramp routes include resolver IP --> ADV["Cloudflare onramps advertise route that includes Resolver IP"]
-    ADV --> PR(["Private resolver returns IP address to WARP client"])
+    ADV --> PR(["Private resolver returns IP address to Cloudflare One Client"])
 
     %% Right branch (no LDF match)
     LDFCHK -- Domain does not exist in Local Domain Fallback policies --> GWR{"Gateway checks Resolver Policies (Enterprise only)"}

@@ -19,6 +19,8 @@ import { Render } from "~/components";
 
    ![Configuring the Cloudflare One Client in the JumpCloud Windows tab](~/assets/images/cloudflare-one/connections/jumpcloud.png)
 
+   _Note: Labels in this image may reflect a previous product name._
+
 4. In the **Software Name** field, enter a unique display name.
 
 5. In the **Package ID** field, enter `warp`.
@@ -53,6 +55,8 @@ Verify that the Cloudflare One Client was installed by selecting the app and vie
 
    ![Configuring the Cloudflare One Client in the JumpCloud Apple tab](~/assets/images/cloudflare-one/connections/jumpcloud-mac.png)
 
+   _Note: Labels in this image may reflect a previous product name._
+
 4. In the **Software Description** field, enter a unique display name.
 
 5. In the **Software Package URL**, enter the URL location of the `Cloudflare_WARP_<VERSION>.pkg` file. If you do not already have the installer package, [download it here](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/#macos).

@@ -29,6 +29,8 @@
 
    ![Configuring custom profile for the Cloudflare One Client in Kandji](~/assets/images/cloudflare-one/connections/custom-profile.png)
 
+   _Note: Labels in this image may reflect a previous product name._
+
 4. Add a custom app:
    1. Go to **Library** > **Add New** > **Add Library Item** > **Custom App**.
    2. Select **Add & Configure**.
@@ -66,7 +68,7 @@
 ###################################################################################################
 # Created by Matt Wilson | se@kandji.io | Kandji, Inc. | Solutions Engineering
 ###################################################################################################
 # Created on 07/30/2021
 ###################################################################################################
 # Software Information
 ###################################################################################################
@@ -76,7 +78,7 @@
 ###################################################################################################
 # License Information
 ###################################################################################################
 # Copyright 2021 Kandji, Inc.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy of this
 # software and associated documentation files (the "Software"), to deal in the Software

@@ -48,6 +48,8 @@
 
 ![Browser popup requesting permission to open the Cloudflare One Client](~/assets/images/cloudflare-one/connections/warp-protocol-handler.png)
 
+_Note: Labels in this image may reflect a previous product name._
+
 ### Chromium-based browsers
 
 Chromium-based browsers such as Google Chrome and Microsoft Edge have a policy setting called [AutoLaunchProtocolsFromOrigins](https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#autolaunchprotocolsfromorigins). This setting takes in two parameters: a protocol for the browser to launch and the origins that are allowed to launch it. For the browser to launch the Cloudflare One Client, you need to set the protocol to `com.cloudflare.warp` and the origin to your <GlossaryTooltip term="team domain">Cloudflare Zero Trust team domain</GlossaryTooltip> (`https://<your-team-name>.cloudflareaccess.com`).
@@ -172,7 +174,7 @@
 4.  Upload the `.plist` or `.mobileconfig` file to your preferred MDM.
 5.  Deploy the configuration profile to your devices.

 For more information on configuring browser policies on macOS, refer to the [Google Chrome](https://support.google.com/chrome/a/answer/9020077?hl=en&ref_topic=7650028&sjid=15337530832025656704-NA) or [Microsoft Edge](https://learn.microsoft.com/en-us/deployedge/configure-microsoft-edge-on-mac) documentation.

 </TabItem>
 </Tabs>
@@ -10,12 +10,12 @@
 <Details header="Feature availability">
 
 | [WARP modes](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
-| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
-| All modes                                                                                | All plans                                                     |
+| ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| All modes                                                                                       | All plans                                                     |
 
 | System   | Availability | Minimum WARP version |
 | -------- | ------------ | -------------------- |
 | Windows  | ✅           | 2025.6.1400.0        |
 | macOS    | ❌           |                      |
 | Linux    | ❌           |                      |
 | iOS      | ❌           |                      |
@@ -63,7 +63,7 @@
    <key>auth_client_id</key>
    <string>88bf3b6d86161464f6509f7219099e57.access</string>
    <key>auth_client_secret</key>
    <string>bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5</string>
  </dict>
  <key>configs</key>
  <array>
@@ -91,7 +91,7 @@
 
 ```mermaid
 flowchart TB
-    start(["Enable multi-user mode"])-->reg["Active Windows user is prompted to register WARP"]
+    start(["Enable multi-user mode"])-->reg["Active Windows user is prompted to register Cloudflare One Client"]
 		reg--"Log out of Windows"-->prelogin
 		reg--"Switch user"-->regexists
 
@@ -103,7 +103,7 @@
 		preloginno["Stay registered as <br />previous Windows user"]
 		end
 
-		preloginbehavior--"Log in to Windows"---->regexists{{"Has the user already registered with WARP?"}}
+		preloginbehavior--"Log in to Windows"---->regexists{{"Has the user already registered with Cloudflare One Client?"}}
 		regexists--"Yes"-->user["Switch to that user's registration"]
 		regexists-. "No" .->reg
 ```

@@ -21,6 +21,8 @@ If the Cloudflare One Client is stuck in the `Disconnected` state or frequently
 
 </div>
 
+_Note: Labels in this image may reflect a previous product name._
+
 In your [client diagnostic logs](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/diagnostic-logs/), `daemon.log` will typically show one or more of the following errors:
 
 - Happy Eyeball checks failing:
-Original file line number
+Diff line change
@@ Expand Up @@
     </div>
+    _Note: Labels in this image may reflect a previous product name._
     In your [client diagnostic logs](/cloudflare-one/team-and-resources/devices/cloudflare-one-client/troubleshooting/diagnostic-logs/), `daemon.log` will typically show one or more of the following errors:
     - Happy Eyeball checks failing:
@@ Expand Down @@