Zero Trust Gateway Firewall - Use WARP Device ID

Additional information

Network policies

What is the issue you’re encountering

I am trying to restrict access to a server connected by warp, to a single other server connected by warp

What steps have you taken to resolve the issue?

Setup two servers.
Connect them both to warp so that they have their own IP’s in 100.96*.* ip range
Ideally I would like to have a firewall rule that limits the connection to 100.96.0.10 to only be from 100.96.0.9 however:

• When looking at the logs, the internal IP does not appear to be sent when hitting the 0.10 server (“Source Internal IP: None”) and it is instead just logging the Source IP
• The problem with the above is that the Source IP is on a proxmox server thus shared by many other virtual machines. This prohibits me from locking down access to 0.9 by way of source ip
• Is there a way I can create a firewall rule using the device name or device id? those seem to be the only two unique things between the two warp clients.

Hi. I’ve got the very same problem months ago. We were able to overcome it by using posture checks. We’ve added the File system posture check. Basically, we added a random private key in the client server and computed its hash and set that into the posture check, which means only that specific client can pass the posture check. After, we added a network policy restricting the access to whoever client that passed the file system posture check.