Hello,
It appears that Cloudflare WARP uses UDP ports 2408, 500, 1701 and 4500, so the solution would be to reject communication on these ports.
You would need to create a firewall rule, with the following settings:
- Protocol: UDP;
- Source zone: wan;
- Destination zone: lan;
- Destination port: 2048, 500, 1701, 4500;
- Action: Reject;
However, be aware, that:
- Port 1701 is used by Layer Two Tunneling Protocol (L2TP);
- Port 500 is used by Internet Security Association and Key Management Protocol (ISAKMP) for establishing PHASE 1 of IPSEC tunnel;
- Port 4500 is used by IPSec NAT Traversal.
Due to that, you will not be able to use IPsec and L2TP VPNs.
Also, a rule to allow communication on UDP port 500 is configured by default, it is called Allow-ISAKMP, and you would need to disable it.
Best regards,