Zero Trust and WARP "Enforce Session Duration"

Hi Everyone.

We are using Zero Trust with the WARP client, and have an “Enforce Client Session Duration” network policy enabled. In general, it works great; when the session duration is up the user gets prompted to reauthenticate.

On occasion, a user’s WARP client will get into a state where the session duration enforcement still works, but when the time period is up, they no longer get prompted by the WARP client to reauthenticate. When this happens they can manually go into preferences and re-authenticate, and then it works again until the session duration is up (at which point again, they don’t get a prompt.) The only way we’ve found to make the prompt come back is to uninstall and reinstall the client.

Has anyone else seen this?

I should add, the client machines are all Macs.

It’s like the client just doesn’t realize the session is expired…

Hey there sorry I don’t have any guidance on the client reauth prompt. But very interested where you are enforcing this session duration? I would like to do this as well, any guidance would be appreciated.
Thank you!

Ill answer my own queston:
1.) Make sure Warp Client is set with “Gateway” posture check.
2.) Make sure Warp profile is set for “Gateway with Warp” mode
3.) Create Gateway → Firewall Policy → Network Policy is set with a policy to monitor for traffic you would like to trigger re-auth on, and set “Enforce Warp Client Session Duration” to be how often you want the client to force re-auth when this specific type of traffic is triggered.

In windows you get this Notification Center popup: