New Warp Admin - Need help with architecture

I am a new Warp admin and I’ve been tasked to replace a physical VPN connection at one of our sites with Warp. The VPN we are currently using is a typical VPN, block anything that isn’t explicitly allowed. With Warp it seems like it’s the exact opposite. Allow everything unless it’s explicitly defined.

I need some guidance. I must ensure our end users can see their home networks, printers, scanners, etc. I have a ton of /24,/16,/13,/12,etc that need to be blocked based on SCIM groups I’ve already setup.


General users need to be able to get to the Domain Controllers in Azure
Developers need to be able to get to the production networks
QA needs to get to the QA environment and also be able to push to prod
DevOps needs to see everything
Sales needs nothing other than what General users have
IT needs to get to M365 Admin, Azure, Azure Blob storage etc

Is what I’m asking for crazy or is this something that can be done quickly? I have a very strict deadline of this week to make this happen.

Thanks in advance for all your wisdom and guidance.

Also, there needs to be a split tunnel so things like email, and web traffic all route normally.

Create a Deny All policy for each resource you don’t want users not in a group to access. Create an exception for each group you want to allow.

If I have 40 CIDRs to setup for this I should setup a policy in firewall or where am I setting up the policy?