Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Firewall

Feature availability
Operating Systems WARP mode required Zero Trust plans
macOS, Windows WARP with Gateway All plans

The Firewall device posture attribute ensures that a firewall is running on a device.

​​ Enable the firewall check

  1. In Zero Trust, go to Settings > WARP Client.
  2. Scroll down to WARP client checks and select Add new.
  3. Select Firewall.
  4. Enter a descriptive name for the check.
  5. Select your operating system.
  6. Turn on Enable firewall check.
  7. Select Save.

Next, go to Logs > Posture and verify that the firewall check is returning the expected results.

​​ How WARP checks the firewall status

Operating systems determine Firewall configuration in various ways. Follow the steps below to understand how the WARP client determines if the firewall is enabled.

​​ On macOS

macOS has two firewalls: an application-based firewall and a port-based firewall. The WARP client will report a firewall is enabled if either firewall is running.

​​ Application-based firewall

  1. Open System Preferences and go to Security & Privacy.
  2. Verify that Firewall is set to On.

​​ Port-based firewall

  1. Run sudo /sbin/pfctl -s info.
  2. Look for the value of Status which must be Enabled.

​​ On Windows

  1. Open a PowerShell window.
  2. Run the Get-NetFirewallProfile -Name Public command to check the Firewall status of your public interface.
  3. Look for the value of Enabled which must be set to True.