Does Zero Trust have multiple outbound IPs?

I connect to Cloudflare Access and use the official Linux WARP client to connect to WARP.

First, I can see warp=plus in the response from, which means I’m connected to WARP Plus.

Then I repeat curl to get the outbound IP, but the outbound IP is rotated, there are about 3 IPs in rotation. I didn’t reconnect to WARP during getting outbound IP.

In this case, I might be accessing the same site via different outbound IPs at the same time, which means it might trigger a reCAPTCHA.

Is there any configuration to control this?

1 Like

Yes, they have a few subnets/IP ranges which are dedicated for WARP outbound traffic use, however I can’t remember exactly which subnet/IP ranges they are using, maybe someone can post it here.

On the other hand, I don’t think you can control the outbound IPs used to connect to the website AFAIK.

To clarify, I don’t want to fix outbound IP, and I know WARP has some IP ranges.

I can definitely understand that the outbound IP might change if I reconnect(establish a new WARP session)

But in my case the outbound IP was rotated during the same WARP session (meaning no reconnect was performed).

Thank you for your reply.
I posted more details above, do you have any suggestions?

Warp takes advantage of a number of Cloudflare features including Argo smart routing to use Cloudflare’s backbone for traffic routing closer to a given color for performance reasons. That will have a different IP. It also uses tens of thousands of metals in hundreds of data centers. Sessions can be shifted in data center for lots of reasons

Thank you for reply.
I can understand that WARP uses Cloudflare’s backbone to optimize traffic routing.
But if I use different IPs to access a site during a HTTP session, it might be identified as attack traffic.

To explain my case, I connect to WARP+ and repeatedly run “curl” within 10s to get the outbound IP.
The result below show that the outbound IP changed several times in this 10 seconds.

[email protected]:~# curl
[email protected]:~# curl
[email protected]:~# curl
[email protected]:~# curl
[email protected]:~# curl
[email protected]:~# curl
[email protected]:~# curl

I try to access Google and it says “Unusual traffic from your computer’s network”. This notification will disappear if I disconnect WARP+ or use WARP (w/o plus, free plan).
BTW, if I don’t reconnect, the outbound IP of WARP free plan wouldn’t changes.

Found a similar issue reported.