Disabling Warp for certain networks

I’m trying to configure my warp clients to disable the tunnel when on the internal network. It’s very simple to do when not using a Teams subscription as you can use the UI to add a network but when activated on a subscription, that disappears.

I’ve trying to replicate that functionality in an MDM.xml file. I can see from the service logs that it’s looking for a key named disable_for_networks but for the life of me, I can’t seem to get the syntax correct to make it work. I’ve tried multiple versions of the below, exchanging ‘string’ for ‘array’, then boolean ‘true’ and adding the string below and lots of other things:

   <string>[name of SSID]</string>

Does anyone know how to make this work?


This functionality is disabled in Zero Trust/Teams mode (or should be) which is why you are likely running in to problems. SSID isn’t really secure so deploying like this would make it very easy for users to work around Gateway policies you may be using from a security perspective. People who just care about tunnel scenarios unfortunately get caught up in this.

We have an item we are working on in Q2 to officially support this scenario. You’ll be able to build out device (WARP Zero Trust client) policy by users/groups AND for when they are in the office. The client will determine “in the office” by looking for the presence of a secure beacon that you’ll be responsible for setting up as well.


As annoying as it is, that makes a lot of sense! I know the option isn’t documented but I thought I could just sneak around that.

I’ll be eagerly awaiting that new functionality and is exactly what I was looking for before going down this rabbit hole.

Keep up the good work!

I should add that the flag to disable Warp when on Wifi networks does work when using Zero-Trust mode.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.