So I’ve been playing with the WARP client to implement Gateway with a view to deploying this globally in my org. Tried various deployment scenarios but the user (even a non-admin user) can just exit the app from the menu meaning policy is no longer enforced. This is obviously a fail in a compliance scenario so what gives? Am I missing something obvious? I could possibly live with manual enrolment (though seriously asking users to click a thing in their system tray to enrol is frankly a bit embarrassing) but giving me the option of locking the switch but no way to disable the “exit” options seems suboptimal. I got responsibilities Would appreciate any assistance as I love the product but the deployment/enforcement issues are going to force me to go elsewhere for this functionality atm
Control of a user’s settings is done via configuration file, which can be managed via MDM or a deployment package/ script. Deployment · Cloudflare for Teams documentation
Enrollment (mapping identity to a user/device) allows for identification of which machine might be trying 2000 times in an hour to connect to a C&C site (for example) as well as granular policy application using groups / email addresses for DNS and HTTPs policy enforcement.
In the future we plan to support device enrollment based on deviceID list or other non-identity based policies alone, but this will (obviously I suppose) come at the cost of those more granular identity controls.
Exiting the GUI shouldn’t impact the underlying service when deployed via MDM. You can confirm if this is the case by visiting by visiting 126.96.36.199/help
Hey @cscharff thanks so much for the considered reply to my unnecessarily grumpy post
“Exiting the GUI shouldn’t impact the underlying service when deployed via MDM. You can confirm if this is the case by visiting by visiting 188.8.131.52/help” thanks for this - wasn’t clear from the docs but have confirmed and all good - apologies
With regard to enrollment, absolutely get the need to map users to devices but I feel like it should be possible for an admin to populate users/machines in the console to prevent users from having to enroll themselves (which will generate tickets). Anyway I retract my accusation and will continue to find a way to deploy this to my satisfaction as the functionality itself is great.
many thanks again,
heh… unnecessarily grumpy is my default mode.
That is very valid feedback. I will put in a note to update the docs or add a support article.
Agreed. It’s something we’ve given some thought to, but haven’t spent too much time on yet (on the list of things to fix/improve it’s there… but not in the top 10 at the moment (at least that’s my perception)). When we implement it I want us to be smart about it and not just ‘check a box’ to say it’s supported but it doesn’t provide the value it should.
Thanks for the feedback. There are definitely still some rough edges and I have a list of pet peeves that i’m working on trying to solve/improve with the teams. Keep the grumpy feedback coming.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.