WARP Network Requirements

What ports does Cloudflare WARP use to connect? I’ve spent quite a long time searching for an answer to this, and I haven’t been able to come across anything, so apologizes if this has already been answered. Are there specific ports for negotiation and/or general traffic? I need to know what ports Warp uses to connect so I can make sure to whitelist them in my network. It also seems to use different ports in the case that general network access is restricted. Are those ports different? Thanks in advance!

2408, 500, 1701 and 4500 all UDP

2 Likes

As a follow-on to this question… we’re trying to deploy Teams + WARP to our AzureAD controlled environment right now and we’re having a lot of trouble.

It seems like during installation there is a firewall rule that is missing which causes the WARP connection to fail.

What Windows firewall port/service/protocol exceptions are required? I’m trying to find the right set of exceptions to stop the WARP connection from failing.

UDP 2408 is Cloudflare proprietary?
UDP 500 is IPsec IKE
UDP 1701 is LT2P
UDP 4500 is IPsec NAT-T

Thanks, I got that much. Where I’m struggling is allowing the right WARP app through the firewall at all.

I’ve tried both opening the ports in this thread and by allowing the executable “C:\Program Files\Cloudflare\Cloudflare WARP.exe” and neither worked.

1dot1 works fine, but I cannot get WARP to work. It will connect briefly and then get disconnected and fail to reconnect perpetually until I turn it off.

I’ve been scouring the internet for possible solutions but just can’t seem to find anything that works.

Just to add a bit of additional context, the Windows systems having this issue are all controlled and managed via Microsoft Intune w/Microsoft Security Baselines applied.

Even with full administrative controls, either WARP doesn’t create the correct firewall rules during installation or I’m not allowing the correct exceptions through the firewall.

You may need to explicitly allow the Warp client to connect outbound.

e.g. put in FW rules to allow %ProgramFiles%\Cloudflare\Cloudflare WARP\warp-svc.exe

You are my hero. While that specific rule didn’t fix it alone, I figured I’d add that rule and a rule for Cloudflare WARP.exe outbound. It worked!

2 Likes

So I also had this issue (similar environment to @justin32 by the sound of it) but was not able to lock down inbound ports to those listed above.

I had to allow all UDP ports to the warp-svc.exe inbound for the connection to work. Is another port required?

cheers

Chris

Hey Chris,

I allowed the services, not the ports. I will go and check but I believe I solved it by explicitly allowing warp-svc.exe BOTH inbound and outbound.

WARP with Firewall · Cloudflare for Teams documentation

1 Like

Question: is there a reason the WARP server doesn’t listen on all ports? There are some restrictive firewalls that I’d like to get through using WARP, but with the 4 ports it’s pretty limiting.