Magic WAN replaces legacy WAN architectures with Cloudflare’s network, providing global connectivity, cloud-based security, performance, and control through one simple user interface.
"Increased cloud adoption coupled with the recent pivot to remote workers has increased the volume of Internet, SaaS, and IaaS traffic, straining traditional network architectures such as MPLS. WAN architectures that offer a global scale, integrated enterprise network security functions, and direct, secure connectivity to remote users are key to organizations looking to increase their operational agility and lower total costs of ownership."
IDC Research VP, WW Telecom, Virtualization & CDN
Legacy WAN architectures were never designed to deliver the security, millisecond performance, and reliability required for businesses today.
To address the core limitations and vulnerabilities of traditional WAN architectures, enterprises have had to cobble together a patchwork of proprietary circuits and network appliances that are expensive to install and difficult to manage.
"Our network team is excited by Magic WAN. Cloudflare has built a global network-as-a-service (NaaS) platform that will help network teams manage complex edge and multi-cloud environments much more efficiently. Operating a single global WAN with built-in security and fast routing functionality — regardless of the HQ, data center, branch office, or end user location — is a game-changer in WAN technology."
Head of Infrastructure
Magic WAN, the connectivity foundation of Cloudflare One, is a comprehensive, cloud-based network-as-a-service solution that is designed to be secure, fast, and reliable by default.
It replaces a patchwork of appliances and expensive, proprietary circuits with a single global network that provides built-in:
All delivered and managed as-a-service.
Connect your on-prem data centers, branch offices, and cloud-hosted workloads to Cloudflare over Anycast GRE tunnels, direct network connections, and Argo Tunnel.
It’s like hub-and-spoke, but the “hub” is now everywhere that the Cloudflare network is. Get the performance advantages of full-mesh, but with the simplicity and reduced management overhead of classic hub-and-spoke.
With Cloudflare One, Cloudflare Zero Trust and Magic WAN provide a secure way for your employees to access resources behind private networks, wherever they're working.
Instead of sending all remote traffic through a single choke point device (such as VPN concentrators at your corporate network “perimeter”), traffic is routed to the Cloudflare edge location closest to the source. Access policies are applied before that remote traffic is sent over optimal secure paths to its destination.
Apply comprehensive, consistent security policies wherever your users are, all managed from a single unified control plane.
Magic WAN comes with Magic Firewall, a built-in software-defined network firewall that is part of the Cloudflare suite of network security solutions. Apply packet filters for ingress and egress traffic based on parameters like source and destination IP and port, packet length, and bit field match. Rules are deployed instantly across all locations.
You may also layer additional security functionality such as DNS filtering, SWG with remote browser isolation, DDoS protection, and much more — all delivered and managed as-a-service. Learn more about secure network connectivity with Magic WAN and Magic Firewall.
"Cloudflare has built one of the world’s most interconnected networks. And to have built-in DDoS protection, traffic acceleration, network firewall, and zero trust functionality, over Cloudflare’s global IP network that can be managed using a single management plane — is arguably the biggest leap in enterprise network technology in the last couple of decades."
Head of Portals & Services
Unlike legacy hardware vendors with “virtual” versions of their hardware appliances, Cloudflare is fully software-defined and cloud-native, so there is no need to add physical or virtual gateways to your environment. You can start using Magic WAN with your existing network infrastructure — no rip-and-replace required.
Simply configure connectivity from your existing edge router/gateway (physical or cloud-hosted) to Cloudflare’s network and get the connectivity and inherent security, performance, and reliability benefits over our network for all your traffic between your users and locations.
"Digital transformation has challenged traditional network architectures, leading to clunky bolt-on security practices that simply do not work for today’s global enterprises. As more intelligence moves to the edge, enterprises must leverage modern WAN technologies that offer a broad range of built-in cloud-delivered security services. Fast edge global connectivity with robust security inherently included is what enterprises really want today."
IDC Research Manager, Cybersecurity Products
Cloudflare operates one of the world’s largest networks with data centers spanning over 285 cities in 100 countries. Our network is carrier-agnostic, exceptionally well-connected and peered, and delivers the same set of services from every global point of presence (PoP).
Customers may also choose to interconnect their networks to Cloudflare over direct, dedicated physical or virtual connections with Cloudflare Network Interconnect for enhanced performance & reliability.