Allow access from within LAN or WARP when external


I am trying out Zero Trust before deploying it over the wider network.

I am struggling to set a simple policy to allow users within the LAN, and users with Warp when offsite, to access any application.

I’ve attached a screenshot of my rule.

When I access the URL whilst connected externally with Warp running, I am asked to enter my email - which does send me a code, which gives me access. Any email I enter (have tried 3 - 2 of which are not associated with my account) - works, sends me the code and gives me access.

Not having Warp running blocks me.

What have I done wrong??!! Have tried all sorts to get it working - but guess I have missed a configuration somewhere?