Firewall
The Firewall device posture attribute ensures that a firewall is running on a device.
Prerequisites
Section titled “Prerequisites”-
Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP Client Checks.
Enable the firewall check
Section titled “Enable the firewall check”- In Zero Trust ↗, go to Settings > WARP Client.
- Scroll down to WARP client checks and select Add new.
- Select Firewall.
- Enter a descriptive name for the check.
- Select your operating system.
- Turn on Enable firewall check.
- Select Save.
Next, go to Logs > Posture and verify that the firewall check is returning the expected results.
How WARP checks the firewall status
Section titled “How WARP checks the firewall status”Operating systems determine firewall configuration in various ways. Follow the steps below to understand how the WARP client determines if the firewall is enabled.
On macOS
Section titled “On macOS”macOS has two firewalls: an application-based firewall and a port-based firewall. The WARP client will report a firewall is enabled if either firewall is running.
Application-based firewall
Section titled “Application-based firewall”- Open System Settings and go to Network.
- Verify that Firewall is
Active.
Port-based firewall
Section titled “Port-based firewall”-
Open Terminal and run:
Terminal window sudo /sbin/pfctl -s info -
Verify that Status is
Enabled.
On Windows
Section titled “On Windows”-
Open PowerShell and run:
PowerShell Get-NetFirewallProfile -PolicyStore ActiveStore -Name Public -
Verify that Enabled is
True.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark