WARP
Zero trust profiles for full VPN and split tunnel
In Cloudflare Zero Trust is it possible to create two profiles where the default one is to be used on a trusted network like when working from home where split tunneling is used, and another profile where all the traffic is routed to Cloudflare when working from an untrusted public WiFi like a starbucks?
Yes, but implement the other way round. Use the default profile for outside untrusted locations, then you can use network detection to select the profile for the trusted network…
Thanks, that helped me in the right direction.
But how would that be setup?
My config is to only include specific sites & IP’s on a trusted network, and I don’t see a catch all option in the split tunnel config.
Also is it possible for the user to manually select the profile used?
It’s been a while since I set mine up but it was quite simple. We have 3 profiles, 1 default and 2 for offices. Each has its own split tunnel configuration so that the office LANs are not excluded in the default profile (to give the remote access) and each office profile excludes their own LANs so those route locally.
The 2 offices are then set up as managed networks as in the blog post to automatically detect when you are on that network and to apply the correct profile.
Thanks for your guidance SJR.
But it does sound like that what I’m trying to do is not possible.
What I thought was possible was to create a setup where when the users are in the office the WARP client is disabled, when they are working from home the WARP client is enabled with a include split tunnel configured, but then when traveling and using a public hotspot I wanted the option to select a profile where all traffic is routed through WARP no exceptions.
But it doesn’t look like the last option is possible.
We treat someone working from home as an untrusted network and traffic goes via WARP. If you want a profile for a home network to be detected as a custom profile you could use their router to identify the network but that would have to be set for each location.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.