WARP: phone to local app


I would like to configure a simple tunnel that connects my phone to and app inside my corporate network.

What I did:
there is installed cloudflared on a machine inside the corporate network and that tunnel is up
i’ve installed agent on my phone
the agent on my phone is successfully logged (it is provisioned)
i’ve played with include/exclude networks and probably I have to add my corporate in include list (in this way traffic is not going locally anymore but the traffic is not going on the other side as well)

I do not know what exact rules to configure on CF ZeroTrust portal to finish my task. The marketing says CF is simple but the interface is so different than a normal firewall and documentation is enormous and in the same time not deep enough :frowning:

could someone give a hint how to continue?

Many thanks

There’s a few things you need to do for private network routing.

  1. Have a Tunnel that is advertising the IP ranges
  2. Have Split Tunnels setup so it tells WARP to go to Cloudflare for those ranges which entails…
    1. Exclude Mode, make sure that range is not in Split Tunnels
    2. Include Mode, make sure that tunnel is in Split Tunnels
  3. Have a Gateway policy (Network) that allows you to access this, since Gateway defaults to a implicit Deny All
  4. In Settings and then Network within the Zero Trust dashboard, make sure Proxy is enabled for TCP & UDP
  5. Make sure the WARP app on your devices is enrolled into your Zero Trust team.

A Great thanks,

I have it working.

*where the 1 is configured in CF interface?
*if point 4 is to send the traffic to CF than what are a use cases to not doing that? DNS only traffic and everything else going out from local device?
*you did not mention App configuration - to me looks a mandatory step or?

Thanks a lot