Sankofa/cloudflare/warp-config.json

{
  "organization": {
    "name": "Your Organization",
    "auth_domain": "yourdomain.com"
  },
  "enrollment": {
    "enabled": true,
    "mode": "automatic",
    "require_mfa": true,
    "device_posture_checks": [
      "managed_device",
      "os_version",
      "disk_encryption"
    ]
  },
  "policies": [
    {
      "name": "Default WARP Policy",
      "description": "Default policy for all WARP devices",
      "rules": [
        {
          "action": "allow",
          "match": "any",
          "identity": {
            "groups": [
              {
                "name": "employees"
              }
            ]
          }
        }
      ]
    },
    {
      "name": "Admin WARP Policy",
      "description": "Enhanced access for administrators",
      "rules": [
        {
          "action": "allow",
          "match": "any",
          "identity": {
            "groups": [
              {
                "name": "admins"
              },
              {
                "name": "platform-engineers"
              }
            ]
          },
          "require": [
            {
              "mfa": {}
            }
          ]
        }
      ]
    }
  ],
  "device_posture": {
    "checks": [
      {
        "name": "managed_device",
        "type": "os_version",
        "enabled": true,
        "rules": [
          {
            "os": "windows",
            "min_version": "10.0.19041"
          },
          {
            "os": "macos",
            "min_version": "11.0"
          },
          {
            "os": "linux",
            "min_version": "5.4"
          }
        ]
      },
      {
        "name": "disk_encryption",
        "type": "disk_encryption",
        "enabled": true,
        "require": true
      },
      {
        "name": "firewall_enabled",
        "type": "firewall",
        "enabled": true,
        "require": true
      }
    ]
  },
  "settings": {
    "gateway_proxy": {
      "enabled": true,
      "tcp_port": 4000,
      "udp_port": 4001
    },
    "split_tunnels": {
      "enabled": true,
      "exclude": [
        "*.yourdomain.com",
        "10.0.0.0/8",
        "172.16.0.0/12",
        "192.168.0.0/16"
      ]
    },
    "dns": {
      "servers": [
        "1.1.1.1",
        "1.0.0.1"
      ],
      "split_dns": [
        {
          "domains": [
            "yourdomain.com",
            "*.yourdomain.com"
          ],
          "servers": [
            "10.0.0.53"
          ]
        }
      ]
    }
  }
}