Skip to content

Commit 09e8ca3

Browse files
tojens-ietfranbel
tojens-ietf
and
ranbel
authored
Add more detail to the macOS Sequoia changes and their effect on WARP (#27021)
* Add more detail to the macOS Sequoia changes and their effect on WARP * make the phrasing more professional * Update firewall.mdx --------- Co-authored-by: ranbel <[email protected]>
1 parent a35e565 commit 09e8ca3

File tree

1 file changed

+11
-3
lines changed
  • src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment

1 file changed

+11
-3
lines changed

src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/firewall.mdx

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -179,12 +179,20 @@ If your organization does not currently allow inbound/outbound communication ove
179179

180180
`com.cloudflare.1dot1dot1dot1dot1.macos` (Bundle ID)
181181

182-
:::caution
183182

184-
Due to changes in macOS Sequoia version 15.0 and 15.0.1., you must update your macOS firewall settings to allow the WARP client to manage your device's firewall.
183+
:::caution[macOS 15.0 through 15.4]
185184

186-
To ensure proper functionality, disable the [Block all incoming connections](https://support.apple.com/guide/mac-help/change-firewall-settings-on-mac-mh11783/mac) option in your macOS firewall settings.
185+
Due to changes in macOS Sequoia versions 15.0 through 15.4, you must update your [macOS firewall settings](https://support.apple.com/guide/mac-help/change-firewall-settings-on-mac-mh11783/mac) to allow the WARP client to manage your device's firewall. Later versions of macOS are not affected because of changes Apple introduced to fix the unexpected breaking changes in their firewall.
187186

187+
To allow the WARP client to function on macOS Sequoia versions 15.0 through 15.4 while still blocking unwanted incoming traffic, follow these steps:
188+
189+
1. Turn off the following [macOS firewall settings](https://support.apple.com/guide/mac-help/change-firewall-settings-on-mac-mh11783/mac):
190+
- **Block all incoming connections**
191+
- **Automatically allow built-in software to receive incoming connections**
192+
- **Automatically allow downloaded signed software to receive incoming connections**
193+
2. Add the [WARP daemon and GUI processes](#required-scopes) to the firewall exceptions list and set them to _Allow incoming connections_.
194+
3. Restrict the other allow exceptions to only the processes you want receiving traffic.
195+
4. (Optional) Do not grant users administrative privileges, otherwise they will be able to modify firewall settings and exceptions.
188196
:::
189197

190198
### Optional scopes

0 commit comments

Comments
 (0)