Prevent users from Disabling WARP in CF for Teams

Is there a way to prevent users from disabling WARP? The goal is to enforce all of the network policies, security, gateway inspection, etc . We don’t want users to disable the WARP and then bypass the security rules and policies when they are browsing internet.

With remote employees we need a way to ensure that all of their traffic is flowing through WARP and CF Gateway and DNS filtering, content filtering, etc is still applied.

How can this be done?

There’s a similar post that came up few days ago:

So this is the odd part - I did find “Admin override” in Settings->Device Settings. It says “Only allow users to disable the WARP client with a one-time use password.” and I’ve enabled this feature.

BUT, on my test system I can still click on the CF WARP icon in the tray and click toggle the utility to Disconnect! It seems that it does not respect the setting in the Admin panel.

Did you install the WARP client with the switch_locked parameter?

No, I was not aware of that switch. Funny enough I’ve read through almost every single page of documentation except the part with the switches.

So to confirm - if WARP is deployed with “Switch_locked”, this will require the user to have Admin override code to disable the client?

1 Like

Yes. Without the code, the user will not able to disconnect from WARP - even when the user exits the WARP client. A background service will keep the connection established.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.