Impact of Zero Trust Gateway Locations on Warp Clients

I’m trying to understand the purpose and impact of “Locations” in Zero Trust Gateway Locations. I find the documentation ambiguous and confusing. I’ve asked Support, but their response was wholly unhelpful, basically a non-answer, and we’re an Enterprise customer!

  1. If I’m using a Warp client in Zero Trust, does a location have any impact on the Warp client user’s traffic? The only documentation for “Locations” is under “Agentless options”, and we’re using the Warp agent.
  2. If we’re using the Warp client is it even possible to use Locations?
  3. If it is possible to use Locations with the Warp client, what are the best use cases?

The primary use case for locations in Gateway is to apply a policy to DNS queries coming from a physical location (e.g. an office or school) without having a warp client installed.

You can specify a location in a Warp client… this is typically done as a proxy for other data such as group information which may not be available in Warp but is available in your MDM tool of choice.

So if you were deploying a warp client to elementary school laptops vs. secondary laptops you could use location in the MDM to apply one config to elementary students and another policy with a different location to secondary students.

In general my guidance to people who care about my guidance is to have as few per group policies as possible and use global policies until someone threatens to fire you unless you make an exception. And then update your resume anyway.

2 Likes