Magic WAN replaces legacy WAN architectures with Cloudflare’s network, providing global connectivity, cloud-based security, performance, and control through one simple user interface.
Legacy WAN architectures were never designed to deliver the security, millisecond performance, and reliability required for businesses today.
To address the core limitations and vulnerabilities of traditional WAN architectures, enterprises have had to cobble together a patchwork of proprietary circuits and network appliances that are expensive to install and difficult to manage.
Magic WAN, the connectivity foundation of Cloudflare One, is a comprehensive, cloud-based network-as-a-service solution that is designed to be secure, fast, and reliable by default.
It replaces a patchwork of appliances and expensive, proprietary circuits with a single global network that provides built-in:
All delivered and managed as-a-service.
Connect your on-prem data centers, branch offices, and cloud-hosted workloads to Cloudflare over Anycast GRE tunnels, direct network connections, and Argo Tunnel.
It’s like hub-and-spoke, but the “hub” is now everywhere that the Cloudflare network is. Get the performance advantages of full-mesh, but with the simplicity and reduced management overhead of classic hub-and-spoke.
With Cloudflare One, Cloudflare Zero Trust and Magic WAN provide a secure way for your employees to access resources behind private networks, wherever they're working.
Instead of sending all remote traffic through a single choke point device (such as VPN concentrators at your corporate network “perimeter”), traffic is routed to the Cloudflare edge location closest to the source. Access policies are applied before that remote traffic is sent over optimal secure paths to its destination.
Apply comprehensive, consistent security policies wherever your users are, all managed from a single unified control plane.
Magic WAN comes with Magic Firewall, a built-in software-defined network firewall that is part of the Cloudflare suite of network security solutions. Apply packet filters for ingress and egress traffic based on parameters like source and destination IP and port, packet length, and bit field match. Rules are deployed instantly across all locations.
You may also layer additional security functionality such as DNS filtering, SWG with remote browser isolation, DDoS protection, and much more — all delivered and managed as-a-service. Learn more about secure network connectivity with Magic WAN and Magic Firewall.
Unlike legacy hardware vendors with “virtual” versions of their hardware appliances, Cloudflare is fully software-defined and cloud-native, so there is no need to add physical or virtual gateways to your environment. You can start using Magic WAN with your existing network infrastructure — no rip-and-replace required.
Simply configure connectivity from your existing edge router/gateway (physical or cloud-hosted) to Cloudflare’s network and get the connectivity and inherent security, performance, and reliability benefits over our network for all your traffic between your users and locations.
Cloudflare operates one of the world’s largest networks with data centers spanning over 285 cities in 100 countries. Our network is carrier-agnostic, exceptionally well-connected and peered, and delivers the same set of services from every global point of presence (PoP).
Customers may also choose to interconnect their networks to Cloudflare over direct, dedicated physical or virtual connections with Cloudflare Network Interconnect for enhanced performance & reliability.