Magic Firewall

Cloud-native network firewall for your enterprise WAN

Enforce consistent network security policies across your entire WAN, including headquarters, branch offices, and virtual private clouds. Deploy fine-grained filtering rules globally in under 500ms — all from a common dashboard.

"By 2025, 30% of new deployments of distributed branch-office firewalls will switch to firewall as a service, up from less than 10% in 2021."
Magic Quadrant for Network Firewalls, Nov 2021
Gartner Inc.

No appliances to manage

With firewall-as-a-service (FWaaS) delivered from the Cloudflare global network, your security scales with your business needs. No more artificial choke points or downtime for appliance upgrades. A single dashboard and policy management interface simplifies firewall configuration and ensures consistent security policies from Toronto to Tokyo.

Filter unwanted traffic before it reaches you

With Magic Firewall, your filtering policies are applied on the Cloudflare global edge network. Unwanted traffic is filtered in the cloud before it reaches your network, preventing it from congesting your network links or exploiting zero day vulnerabilities in your environment. Intelligent L3 DDoS protection can be enabled for your Internet traffic using Magic Transit.

Key Features

Filtering rules based on protocol, port, IP addresses, packet length and bit field match

Filtering rules based on protocol, port, IP addresses, packet length and bit field match

Fast propagation of rule changes in under 500ms

Fast propagation of rule changes in under 500ms

Traffic analytics per rule using dashboard or GraphQL API

Traffic analytics per rule using dashboard or GraphQL API

Unlimited scale — no appliances to manage

Unlimited scale — no appliances to manage

Single dashboard to manage firewall and network configuration

Single dashboard to manage firewall and network configuration

Programmable API for automated deployment and management

Programmable API for automated deployment and management

DDoS protection with Magic Transit

DDoS protection with Magic Transit

Managed threat intelligence IP lists

Managed threat intelligence IP lists

Geo-blocking by country based on user location

Geo-blocking by country based on user location

Protocol validation rules to inspect traffic validity

Protocol validation rules to inspect traffic validity

Packet captures on demand for network troubleshooting

Packet captures on demand for network troubleshooting

Optional upgrade to secure web gateway with Cloudflare One

Optional upgrade to secure web gateway with Cloudflare One

Integrated with Cloudflare One

Magic Firewall provides the cloud firewall foundation for Cloudflare One, our comprehensive solution for SASE.

Cloudflare One replaces a patchwork of legacy appliances and proprietary circuits with Magic WAN — a comprehensive cloud-based WAN-as-a-Service solution that provides built-in:

Trusted by millions of Internet properties

logo mars gray 32px wrapper
logo loreal gray 32px wrapper
logo doordash gray 32px wrapper
logo garmin gray 32px wrapper
logo ibm gray 32px wrapper
logo 23andme color 32px wrapper
logo shopify color 32px wrapper
logo lending tree color 32px wrapper
logo labcorp color 32px wrapper
logo ncr gray 32px wrapper
logo thomson reuters gray 32px wrapper
logo zendesk gray 32px wrapper

Ready to retire your legacy firewall appliances?