Warp-to-Warp Access Policy Explanation

Dear ISAB Members,

Thank you for being a part of our organization and for your understanding as we implement measures to secure our network. As the network administrator, it is my responsibility to ensure the safety and integrity of our internal resources. This document aims to explain the reasoning behind our current Warp-to-Warp access policy and how you can request approval for access.

Why is Warp-to-Warp Access Restricted?

Warp-to-Warp connections offer a seamless way to access internal resources, but they also introduce potential security risks if not properly managed. By restricting access, we can:

  1. Prevent Unauthorized Access: Only approved members can connect to sensitive internal resources, reducing the risk of data breaches.
  2. Monitor and Control Access: Ensuring that each connection is approved allows us to maintain a detailed log of who accessed specific resources, enhancing our auditing capabilities.
  3. Maintain Network Integrity: Limited access decreases the chances of malicious activities and ensures that our network's performance remains optimal.

How to Request Access

If you encounter an error message stating that you need manual approval to connect to internal resources, please reach out to me directly. Include your organizational role and the resources you need access to in your request. This information will help expedite the approval process.

Contact Information

Please send your access approval requests to: ISAB Network Information Centre (NIC) at [email protected]

Thank you for your cooperation and understanding as we strive to maintain a secure and efficient network environment.

Best regards,

Joe
ISAB Network Administrator

Note: For future network administrators and for documentation purposes, to allow a user to access the Warp-to-Warp functionality on our network, several rules need to be changed:

  1. Settings - WARP Client - Device settings - Profile settings: Add the user identity or device identity to the "Warp-to-Warp" profile. This ensures that the client routes the traffic destined for 100.96.0.0/12 to Cloudflare, instead of their own network.
  2. My Team - Lists - warp-to-warp-users: Add the user identity to the list. This works with a network policy named "Warp-to-Warp" to unblock the user from intranet resources.
  3. (Optional) Encourage the user to select "Warp-to-Warp" as their virtual network. Although the default network should work for them, switching to a separate virtual network will ensure the safety of other users who are not enrolled in the Warp-to-Warp functionality.