What is the name of the domain?
NA
What is the issue you’re encountering
How to use Gateway > Firewall Policies > Network policies
What steps have you taken to resolve the issue?
Found this old topic Virtual Network Permissions which directed me to reviewing network policies.
Reviewed documentation, but would like additional clarification on how to configure network policies.
What are the steps to reproduce the issue?
Background:
I have several tunnels configured under Zero Trust > Networks > Tunnels. Because some of them use overlapping subnets, I’m also using Virtual Networks (Settings >Warp Client > Virtual networks) to differentiate them when connecting via the Warp client.
What I’m trying to accomplish: I want to control which Virtual Networks are accessible to specific users using the Warp client. The Warp client shows several Virtual Networks in the pop-up (ABC, XYZ, etc). Currently, any user who logs into the Warp client can freely select any of the networks, and assuming they know the IP address of a resource, can access said resource on that network.
Task: The user who is signed into the Warp client with [email protected], I only want them to be able to access ABC Virtual Network.
Based on what I’ve read so far, I created a Network policy (Gateway > Firewall Policies > Network tab).
Build an expression:
Traffic: Virtual Network is ABC
Identity: User Email is [email protected]
Select an option:
Block
My expectation is that when [email protected] logs into the Warp client and select the ABC Virtual Network, they will not be able to access any resources on that network. In reality, this isn’t the case, and they can still access resources on the ABC network. Their computer’s been restarted. They’ve logged out/in to the Warp client.
Am I using network policies correctly?