Warp or Gateway Policy using Cloudflare Warp (Teams / Zero Trust)

Hello, I’ve been attempting to perform the following.

Protect an application (website) using a Cloudflare for Teams (Cloudflare Zero Trust) policy however when the user has the Cloudflare Warp Client connected to the organization I want it to bypass the authentication page.

Here’s what I did:

  • Create a new application and configure it to protect my application
  • Tested entering into the application and an authentication page was showed
  • Created a new bypass rule and tested specifying a country or ip address to see if the bypass rule works, and it does
  • Changed the previous rule to Bypass for Warp or Gateway and it didn’t worked

Here’s what I’ve found so far:

With Warp connected to a team/organization

With Warp connected (disconnected from a team/organization)

With Warp disconnected

Device Posture

Settings

Device Posture

Policy

TLDR: Want to bypass authentication when connected to Cloudflare Warp inside a Team/Organization.

Any tips?
Thanks!

I have found you need to enable TLS decryption in your network settings. However, i still can’t get this to work reliably. It work when I set a bypass rule to “Warp” (any warp client), but not “gateway” (warp client logged in to team). This indicates that Cloudflare somehow does not see that my Warp client is enrolled in my team and thus it won’t apply the bypass rule.

Thanks for your reply. I did check my configuration and I already have TLS Decryption enabled. I tried to toggle it off and toggle it on again to see if something changed but it didn’t.

➜  ~ curl 'https://help.teams.cloudflare.com/cdn-cgi/trace'
...
ts=1644940573.344
visit_scheme=https
uag=curl/7.64.1
colo=LIS
http=http/2
loc=PT
tls=TLSv1.2
sni=plaintext
warp=off
gateway=off

I was already seeing traffic in the Cloudflare Analytics which shows me that the inspection is already in place.

I would like to add that, when creating a new organization I have different results than the ones posted here. It seems that older organizations are not behaving properly. I’ve already reported this situation on a ticket.