← Act 2: Network Services & Zero Trust

Magic WAN

What is it?

Magic WAN is a WAN-as-a-Service (WANaaS) product that connects an organization's offices, data centers, and cloud environments through Cloudflare's global network. It replaces traditional MPLS circuits and SD-WAN appliances with a cloud-native alternative.

What problem does it solve?

Connecting offices and data centers together is one of the biggest (and most expensive) challenges in enterprise networking:

  • MPLS is expensive and inflexible: Traditional private WAN circuits (MPLS) from telecom providers cost thousands per month per site and take months to provision.
  • SD-WAN still requires hardware: While SD-WAN improved on MPLS, it still requires appliances at each location and doesn't inherently provide security.
  • Security is bolted on: Traditional WAN architectures require separate security appliances (firewalls, IDS/IPS) at each site.
  • Cloud connectivity is an afterthought: Legacy WAN architectures weren't designed for cloud-first organizations.

How does it work?

  1. Each office or data center connects to Cloudflare's network via IPsec tunnels, GRE tunnels, Cloudflare Network Interconnect (CNI), or the Cloudflare One Appliance (a lightweight hardware/virtual device).
  2. Once connected, Cloudflare's network acts as the private backbone between all sites. Traffic from one office to another travels across Cloudflare's optimized network — not the public internet.
  3. Magic Firewall provides packet-level security for east-west traffic (traffic between sites).
  4. Cloudflare Gateway can be layered on to inspect traffic heading to the internet.

The key insight: Magic WAN turns the same global network that handles CDN and DDoS into a private WAN for enterprises.

Why it matters strategically

Magic WAN is the product that turns Cloudflare into a full network replacement for enterprises. When combined with Access, Gateway, and Magic Transit, it means an organization can replace their VPN, MPLS circuits, branch firewalls, and DDoS scrubbing services all with Cloudflare. This is the full SASE vision — and it dramatically increases deal size and customer stickiness. Competitors include Zscaler (ZIA + ZPA), Palo Alto (Prisma SD-WAN), and Cisco (Viptela).

Learn more

← Magic Transit Magic Firewall →