Cloudflare's Magic Products

Connectivity, security, and performance — all delivered as-a-service

Building and managing a patchwork of legacy enterprise connectivity architectures and networking hardware is untenable for today’s evolving traffic patterns.

Cloudflare delivers networking services to help enterprises connect, secure, and accelerate their corporate networks — without the cost and complexity of managing legacy network hardware.

Magic WAN OG

Retire the castle-and-moat architecture for the network of the future

zero trust castle spot illustration before

Corporate networking has become overly complicated. Network and IT teams that used to maintain straightforward “castle and moat” architectures are now responsible for much more: managing legacy WAN connectivity (such as MPLS), establishing secure remote access to workers, and stringing together a bunch of disparate networking hardware on-premises to satisfy basic security, performance, and reliability needs.

With Cloudflare, replace a patchwork of appliances and expensive, proprietary circuits with a single global network that provides built-in software-defined Zero-Trust functionality, DDoS mitigation, network firewalling, and traffic acceleration.

Magic WAN

Magic WAN

Build your own private Wide Area Network (WAN) over Cloudflare’s global network. Replace legacy WAN architectures, such as MPLS, with Cloudflare’s network, and get global connectivity with cloud-delivered security, performance, and control through one simple user interface — all as-a-service.

Our network team is excited by Magic WAN. Cloudflare has built a global network-as-a-service platform that will help network teams manage complex edge and multi-cloud environments much more efficiently. Operating a single global WAN with built-in security and fast routing functionality — regardless of the HQ, data center, branch office, or end user location — is a game-changer in WAN technology.
Sander Petersson
Head of Infrastructure
Magic Transit How it works

Magic Transit

BGP-based DDoS mitigation delivered from every server in every Cloudflare Point-of-Presence (PoP) ensures attacks of any size or kind are detected and mitigated automatically within seconds. Clean traffic is delivered over low-latency resilient Anycast GRE tunnels or direct connections to the customer data center.

"Cloudflare has reliable infrastructure and an extremely competent and responsive team. They are well-positioned to deflect even the largest of attacks."
Grant Ingersoll
CTO
cloudflare magic firewall

Magic Firewall

Deploy unified policies across your entire organization — HQ, branch offices, remote users, and cloud-hosted applications. Fine-grained policies controlling what traffic is allowed in and out of your corporate network are propagated and deployed under 500 ms globally — all from one programmable interface.

Network Interconnect

Network Interconnect

Cloudflare has a physical presence in 200 cities across 100 countries and interconnects with over 9,500 networks globally, including major ISPs and cloud services. With our highly-connected network, there’s a good chance we’re colocated with your organization in at least one peering facility.

Using Cloudflare Network Interconnect, establish a direct connection to Cloudflare's network — for a more reliable and secure experience than connecting over the public Internet.

Backblaze delivers simple, reliable, affordable cloud storage for rapidly scaling businesses. Cloudflare Network Interconnect’s high-performance private links enable us to effectively and efficiently serve the content delivery needs of our B2 Cloud Storage customers.
Tim Nufire
Chief Cloud Officer
Cloudflare Anycast Tunnels

Baking resilience into our network using Anycast

Cloudflare’s Magic products use Anycast IP addresses for network tunnel endpoints — so a single tunnel configured from your network to Cloudflare connects to 200 global PoPs. This doesn’t cause any additional strain on your router; from your router’s perspective, it’s a single tunnel to a single IP address.

This works because while the tunnel endpoint is technically bound to an IP address, it need not be bound to a specific device. Any device that can strip off the outer headers and then route the inner packet can handle any packet sent over the tunnel.

In the event of a network outage or other issues, tunnels fail over automatically — with no impact to your network performance.

Cloudflare Network Fractal

Networking with unparalleled scale, speed, and smarts

Cloudflare’s network is like a fractal — all security, performance, and reliability functions run on every single server on every rack in every Cloudflare Point-of-Presence (PoP) that today spans 200 cities across 100 countries.

Running the full stack of all Cloudflare services ensures all customer traffic is processed at the same Cloudflare data center that is closest to its source — whether for application layer services such as content caching or for network services such as firewalling.

Trusted by approximately 25 million Internet properties

logo mars gray 32px wrapper
logo loreal gray 32px wrapper
logo doordash gray 32px wrapper
logo garmin gray 32px wrapper
logo ibm gray 32px wrapper
logo 23andme color 32px wrapper
logo shopify color 32px wrapper
logo lending tree color 32px wrapper
logo labcorp color 32px wrapper
logo ncr gray 32px wrapper
logo thomson reuters gray 32px wrapper
logo zendesk gray 32px wrapper