Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Document NetBIOS over TCPIP support in WARP#27177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
csujedihy wants to merge2 commits intocloudflare:production
base:production
Choose a base branch
Loading
fromcsujedihy:csujedihy-patch-1

Conversation

@csujedihy
Copy link

Added details about NetBIOS over TCPIP (NetBT) support and configuration methods for WARP settings.

Summary

Screenshots (optional)

Documentation checklist

  • Is there achangelog entry (guidelines)? If you don't add one for something awesome and new (however small) — how will our customers find out? Changelogs are automatically posted toRSS feeds, theDiscord, andX.
  • The change adheres to thedocumentation style guide.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocatedredirects.

Added details about NetBIOS over TCPIP (NetBT) support and configuration methods for WARP settings.

a. Turn on**NetBIOS over TCPIP** for remote[device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/).

b. Turn off**NetBIOS over TCPIP** for[on-prem device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks/#4-configure-device-profile).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

What is the rationale for turning off NetBT for on-prem profiles?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ah, I didn't meant to suggest that it should be turned off for on-prem. I meant to describe it can be toggled with on-prem device profiles too.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Let me rephrase this a little bit.


| System| Availability| Minimum WARP version|
| --------| ------------| --------------------|
| Windows|| 2025.11.481.3|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

which WARP release is this feature scheduled for (e.g. Q1-1 Beta)?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yes, this will be in Q1-1 Beta.


####Dashboard

a. Turn on**NetBIOS over TCPIP** for remote[device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Do you mind sharing a screenshot of the new dash UI?

csujedihy reacted with thumbs up emoji
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Image

Updated instructions for controlling NetBIOS over TCPIP settings in the dashboard.

####Dashboard

- Turn on/off**NetBIOS over TCPIP** for remote[device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) and/or[on-prem device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks/#4-configure-device-profile).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Note to self:
The NetBT setting is only relevant for on-prem devices. It allows devices to be discovered on legacy Windows networks when WARP is turned on. We want to recommend turning OFF NetBT on remote device profiles because it adds security risks for no benefit (users shouldn't need it on their home/airport/coffeeshop network).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Hey@ranbel you can disregard these details as that was me commenting on host enablement of NetBT at all system-wide rather than whether we enable it on our tunnel (which is what this doc is about). Source network then is not relevant to whether it makes sense to have NetBT enabled because what matters is what the tunnel destination is and whether anything there is using NetBT.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

In other words, the recommendation is always to disable NetBT, but it can be enabled if needed for something per customer admin judgment.


</Details>

NetBIOS over TCPIP (NetBT) is a legacy feature in Windows primarily used for name resolution in some rare scenarios (e.g., SMBv1). It has been deprecated for decades, but Windows has not removed or disabled it by default. Cloudflare WARP disables NetBT on the tunnel interface by default for security reasons and to align with modern best practices, as the vast majority of customers are not using anything requiring NetBIOS over the WARP tunnel.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Suggested change
NetBIOS over TCPIP (NetBT) is a legacy feature in Windows primarily used for name resolution in some rare scenarios (e.g., SMBv1). It has been deprecated for decades, but Windows has not removedor disabled it by default. Cloudflare WARP disables NetBT on the tunnel interface by default for security reasons and to align with modern best practices, as the vast majority of customers are not using anything requiring NetBIOS over the WARP tunnel.
NetBIOS over TCPIP (NetBT) is a legacy feature in Windows primarily used for name resolution in some rare scenarios (e.g., SMBv1). It has been deprecated for decades, but Windows has not removedit. Cloudflare WARP disables NetBT on the tunnel interface by default for security reasons and to align with modern best practices, as the vast majority of customers are not using anything requiring NetBIOS over the WARP tunnel.

This gets tricky, as they did disable NetBIOS Name Resolution (NBNR) by default -ish, and will probably make progress on this before we want to go check and update this page. I think this is a safer statement that still makes the point.


####Dashboard

- Turn on/off**NetBIOS over TCPIP** for remote[device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) and/or[on-prem device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks/#4-configure-device-profile).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Hey@ranbel you can disregard these details as that was me commenting on host enablement of NetBT at all system-wide rather than whether we enable it on our tunnel (which is what this doc is about). Source network then is not relevant to whether it makes sense to have NetBT enabled because what matters is what the tunnel destination is and whether anything there is using NetBT.


####Dashboard

- Turn on/off**NetBIOS over TCPIP** for remote[device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/) and/or[on-prem device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/managed-networks/#4-configure-device-profile).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

In other words, the recommendation is always to disable NetBT, but it can be enabled if needed for something per customer admin judgment.

Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2606:4700:110:8f79:145:f180:fc4:8106(Preferred)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Note: this is a globally routable IPv6 address, maybe it should be masked or replaced with a documentation example address?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

FYI. I copied this from the SCCM knob below. If we change this, we should change that as well.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@ranbelranbelranbel left review comments

+1 more reviewer

@tojens-ietftojens-ietftojens-ietf left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@ranbelranbel

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@csujedihy@tojens-ietf@ranbel
[8]ページ先頭
©2009-2025 Movatter.jp