Zero Trust Managed Networks Working?

I noticed that Managed Networks has been enabled in beta and this was a feature I was eagerly awaiting so I decided to try it out. I set up the TLS cert endpoint (per Cloudflare instructions) and added a managed network in the portal pointing to the new endpoint and TLS fingerprint. I confirmed the endpoint is working and presenting the certificate. I added a new Device Settings profile using the new managed network as a selector and saved everything.

I opened the WARP client on my devices (all iOS devices) to ensure the policy is up to date on the device and then performed a network change (e.g. disable Wifi and then re-enable Wifi to put the device onto the new managed network) but the new device settings for the managed network are not being applied.

I tried this on several devices and made sure the clients were on the latest WARP version, but none of the WARP clients are getting the new managed settings profile when connected to the new managed network. I checked the console logs in the WARP app but nowhere in the logs does it refer to the TLS endpoint.

Should this be working already or are we waiting on a new iOS app to be released for this to function?



I tried this on W11 und iOS with the most recent WARP Clients.
Works fine in Windows, but not on iOS.

I tested on W11 with the latest WARP client and I noticed that some settings did apply (like split tunnel IPs) but others did not (the service mode did not change from Gateway with WARP to Gateway with DoH).

1 Like

I does appear a new iOS app release was the key, it released on Friday and I updated the devices in question. Similar to W11, it seems some settings apply while others do not. I also noticed that the transition between profiles does not work every time. I would connect to a managed network and the default profile would be applied until I launched WARP at which point it would update the settings for the managed network. I expect there are still some bugs to be worked out since it’s still in beta, I’ll watch closely to see when it comes out of beta.

I am having a similar experience to you Octopirate. I am testing with MacOS (latest beta from Jan 11th - Version 2022.12.578.1 [20230111.3]) and iOS (latest version from a couple of days ago which added support for this feature).

Ideally I wanted DoH mode on the local network, but quickly discovered that transitioning mode didn’t seem to work and dropped that for now. Even when manually connecting on network change, it seems that the mode got stuck permanently.

Instead I focused on WARP mode, while on the local network RFC1918 is excluded and while not on the local network those ranges aren’t excluded.

It is working if I connected WARP manually while on either network. However, the transition almost never works automatically, even if I give it 5-10 minutes it doesn’t seem to detect the change. Hopefully this last piece is resolved during the beta, this is a great feature and I have been waiting 6+ months for it :slight_smile:

1 Like

Doesn’t work for me neither. Also running MacOS with latest version.
Really hope to see this feature working soon :frowning:
The Trusted Networks option worked great until they removed it…

1 Like

Similar problem with the Android client. The Warp client gets “stuck” using the profile for the managed network and won’t switch back to the default profile when changing networks.

1 Like

I still seem to be having this problem.

My Android WARP Client seems to be stuck on one of our managed network’s WARP profile for several hours despite not being able to reach the nominated host for that managed network. I have cycled the network connection and the WARP Client manually.

Hopefully this beta feature is still in active development. I assume support is the only way to report/diagnose this type of bug but I was hoping this is a known issue.

Disabling the device profile for that managed network and re-enabling allowed it to become unstuck.

I will see if it sticks again tomorrow and if so report to support. The on device checks seem to show the correct response but profile selection seems to fail in some cases.

This is still a problem when using the Android client v 6.25

I’m trying to use it on MacOS, (work) , Android and Fedora (personal). It seems to change behaviors .

Currently MacOS sees the correct profile when disconnected, but as soon as I connect the beacon is unreachable and it falls back to default