Magic WAN

Redefine your corporate network

Magic WAN replaces legacy WAN architectures with Cloudflare’s network, providing global connectivity, cloud-based security, performance, and control through one simple user interface.

Bdes 1487 magic wan hero illustration

The problem with legacy WAN architectures

Legacy WAN Architectures Diagram

Legacy WAN architectures were never designed to deliver the security, millisecond performance, and reliability required for businesses today.

To address the core limitations and vulnerabilities of traditional WAN architectures, enterprises have had to cobble together a patchwork of proprietary circuits and network appliances that are expensive to install and difficult to manage.

Legacy WAN Architectures Diagram

The new paradigm for networking

Magic wan diagram 03

Magic WAN, the connectivity foundation of Cloudflare One, is a comprehensive, cloud-based network-as-a-service solution that is designed to be secure, fast, and reliable by default.

It replaces a patchwork of appliances and expensive, proprietary circuits with a single global network that provides built-in:

All delivered and managed as-a-service.

Explore Cloudflare network services
Magic wan diagram 03

Replace MPLS between branch offices & data centers

Magic wan diagram 2

Connect your on-prem data centers, branch offices, and cloud-hosted workloads to Cloudflare over Anycast GRE tunnels, direct network connections, and Argo Tunnel.

  • Route traffic privately over Cloudflare's global network
  • Get the inherent benefits of Cloudflare — faster performance, built-in security, and increased resiliency
  • All easily managed from a single dashboard

It’s like hub-and-spoke, but the “hub” is now everywhere that the Cloudflare network is. Get the performance advantages of full-mesh, but with the simplicity and reduced management overhead of classic hub-and-spoke.

Magic wan diagram 2

Secure remote employee access to private networks — without VPNs

With Cloudfare One, Cloudflare for Teams and Magic WAN provide a secure way for your employees to access resources behind private networks, wherever they're working.

Instead of sending all remote traffic through a single choke point device (such as VPN concentrators at your corporate network “perimeter”), traffic is routed to the Cloudflare edge location closest to the source. Access policies are applied before that remote traffic is sent over optimal secure paths to its destination.

Apply comprehensive, consistent security policies wherever your users are, all managed from a single unified control plane.


Strengthen your security posture — while retiring legacy hardware

Magic Firewall Illustration

Magic WAN comes with Magic Firewall, a built-in software-defined network firewall that is part of the Cloudflare suite of network security solutions. Apply packet filters for ingress and egress traffic based on parameters like source and destination IP and port, packet length, and bit field match. Rules are deployed instantly across all locations.

You may also layer additional security functionality such as DNS filtering, SWG with remote browser isolation, DDoS protection, and much more — all delivered and managed as-a-service. Learn more about secure network connectivity with Magic WAN and Magic Firewall.

Magic Firewall Illustration

No more boxes. Simply connect to Cloudflare and leave the rest to us.

Teams gateway build for the cloud spot illustration

Unlike legacy hardware vendors with “virtual” versions of their hardware appliances, Cloudflare is fully software-defined and cloud-native, so there is no need to add physical or virtual gateways to your environment. You can start using Magic WAN with your existing network infrastructure — no rip-and-replace required.

Simply configure connectivity from your existing edge router/gateway (physical or cloud-hosted) to Cloudflare’s network and get the connectivity and inherent security, performance, and reliability benefits over our network for all your traffic between your users and locations.

Teams gateway build for the cloud spot illustration

Cloudflare’s global network is now your private WAN

Network map spot hero illustration

Cloudflare operates one of the world’s largest networks with data centers spanning over 270 cities in 100 countries. Our network is carrier-agnostic, exceptionally well-connected and peered, and delivers the same set of services from every global point of presence (PoP).

Customers may also choose to interconnect their networks to Cloudflare over direct, dedicated physical or virtual connections with Cloudflare Network Interconnect for enhanced performance & reliability.

Network map spot hero illustration

Trusted by millions of Internet properties

Logo mars trusted by gray
Logo loreal trusted by gray
Logo doordash trusted by gray
Logo garmin trusted by gray
Logo ibm trusted by gray
Logo 23andme trusted by gray
Logo shopify trusted by gray
Logo lending tree trusted by gray
Logo labcorp trusted by gray
Logo ncr trusted by gray
Logo thomson reuters trusted by gray
Logo zendesk trusted by gray

Ready to take the first step to transform your corporate network?