cloudflare · ranbel · Feb 5, 2026 · Feb 4, 2026
@@ -38,10 +38,12 @@ This guide covers how to connect WARP client user devices to a private network b
 
 ## 3. Route device IPs through Cloudflare
 
-WARP clients and WARP Connectors are accessed using their [device IP](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-ips/). Therefore, traffic to your device IPs must route through Cloudflare on both the WARP Connector host and WARP client devices. For example, if your devices use the default <GlossaryTooltip term="WARP CGNAT IP">CGNAT IP range</GlossaryTooltip> (`100.96.0.0/12`)
+WARP clients and WARP Connectors are accessed using their [device IP](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-ips/). Therefore, traffic to your device IPs must route through Cloudflare on both the WARP Connector host and WARP client devices.
 
 1. In your WARP Connector device profile, go to [Split Tunnels](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/).
-2. Ensure that `100.96.0.0/12` routes through the WARP tunnel. For example, for **Exclude** split tunnel mode, delete `100.64.0.0/10` from the list and re-add `100.64.0.0/11` and `100.112.0.0/12`.
+2.
+	<Render file="tunnel/cgnat-split-tunnels" product="cloudflare-one" params={{ feature: "WARP Connector"}}  />
+
 3. Repeat the previous steps for all WARP client device profiles.
 
 ## 4. Route traffic from subnet to WARP Connector

@@ -32,28 +32,9 @@ This guide covers how to:
 1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Team & Resources** > **Devices** > **Management**.
 2. Select **Peer to peer connectivity**.
 3. Turn on [**Allow all Cloudflare One traffic to reach enrolled devices**](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-settings/#allow-all-cloudflare-one-traffic-to-reach-enrolled-devices).
-4. In your [Split Tunnel configuration](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/), ensure that traffic to your [device IPs](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-ips/) goes through WARP. For example, if your devices use the default `100.96.0.0/12` range:
-
-    <Tabs> <TabItem label="Exclude IPs and domains">
-		If using Split Tunnels in **Exclude** mode:
-			1. Delete `100.64.0.0/10` from the list.
-			2. We recommend [adding back the IPs](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-cidr/#3-route-private-network-ips-through-warp) that are not being used for Zero Trust services. For example, if you are using WARP-to-WARP alongside [Gateway host selectors](/cloudflare-one/traffic-policies/egress-policies/host-selectors/) or [private hostname routing](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-private-hostname/), add routes to exclude the following IP addresses:
-
-				- `100.64.0.0/12`
-				- `100.81.0.0/16`
-				- `100.82.0.0/15`
-				- `100.84.0.0/14`
-				- `100.88.0.0/13`
-				- `100.112.0.0/12`
-
-    </TabItem> <TabItem label="Include IPs and domains">
-		If using Split Tunnels in **Include** mode:
-
-		1. Add the required [Zero Trust domains](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains) or [IP addresses](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-ip-addresses) to your Split Tunnel include list.
-		2. [Add a route](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include `100.96.0.0/12`.
-
-    </TabItem> </Tabs>
-
+4. Go to the **Device profiles** tab and select the device group that needs WARP-to-WARP connectivity.
+5.
+	<Render file="tunnel/cgnat-split-tunnels" product="cloudflare-one" params={{ feature: "WARP-to-WARP"}} />
 
 This will instruct WARP to begin proxying any traffic destined for a `100.96.0.0/12` IP address to Cloudflare for routing and policy enforcement.
 

@@ -0,0 +1,28 @@
+---
+params:
+  - feature
+---
+
+import { TabItem, Tabs } from "~/components";
+
+Ensure that traffic to your [device IPs](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-ips/) goes through the WARP tunnel. For example, if your devices use the default `100.96.0.0/12` range:
+
+    <Tabs> <TabItem label="Exclude IPs and domains">
+		If using Split Tunnels in **Exclude** mode:
+			1. Delete `100.64.0.0/10` from the list.
+			2. We recommend [adding back the IPs](/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/cloudflared/connect-cidr/#3-route-private-network-ips-through-warp) that are not being used for Cloudflare One services. For example, if you plan to use {props.feature} alongside [Gateway host selectors](/cloudflare-one/traffic-policies/egress-policies/host-selectors/), add routes to exclude the following IP addresses:
+
+				- `100.64.0.0/12`
+				- `100.81.0.0/16`
+				- `100.82.0.0/15`
+				- `100.84.0.0/14`
+				- `100.88.0.0/13`
+				- `100.112.0.0/12`
+
+    </TabItem> <TabItem label="Include IPs and domains">
+		If using Split Tunnels in **Include** mode:
+
+		1. Add the required [Zero Trust domains](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains) or [IP addresses](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-ip-addresses) to your Split Tunnel include list.
+		2. [Add a route](/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include `100.96.0.0/12`.
+
+    </TabItem> </Tabs>