Magic Firewall

Cloud-native network firewall for your enterprise WAN

Enforce consistent network security policies across your entire WAN, including headquarters, branch offices, and virtual private clouds. Deploy fine-grained filtering rules globally in under 500ms — all from a common dashboard.

No appliances to manage

With firewall-as-a-service (FWaaS) delivered from the Cloudflare global network, your security scales with your business needs. No more artificial choke points or downtime for appliance upgrades. A single dashboard and policy management interface simplifies firewall configuration and ensures consistent security policies from Toronto to Tokyo.

Learn More

Filter unwanted traffic before it reaches you

With Magic Firewall, your filtering policies are applied on the Cloudflare global edge network. Unwanted traffic is filtered in the cloud before it reaches your network, preventing it from congesting your network links or exploiting zero day vulnerabilities in your environment. Intelligent L3 DDoS protection can be enabled for your Internet traffic using Magic Transit.

Key Features

Configure and enforce consistent security policies across your entire WAN with a single dashboard.
Filtering rules based on protocol, port, IP addresses, packet length and bit field match
Fast propagation of rule changes in under 500ms
Traffic analytics per rule
Unlimited scale — no appliances to manage
Integrated with Cloudflare One

Magic Firewall provides the cloud firewall foundation for Cloudflare One, our comprehensive solution for SASE.

Cloudflare One replaces a patchwork of legacy appliances and proprietary circuits with Magic WAN — a comprehensive cloud-based WAN-as-a-Service solution that provides built-in:

Trusted by millions of Internet properties

Ready to retire your legacy firewall appliances?