Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network

By admin

6 min
TIME

read


Today
DATE

, we’re announcing the general availability of

the Magic WAN Connector
ORG

, a key component of our SASE platform, Cloudflare One. Magic WAN Connector is the glue between your existing network hardware and

Cloudflare
ORG

’s network — it provides a super simplified software solution that comes pre-installed on

Cloudflare
ORG

-certified hardware, and is entirely managed from the Cloudflare

One
CARDINAL

dashboard.

It takes

only a few minutes
TIME

from unboxing to seeing your network traffic automatically routed to the closest Cloudflare location, where it flows through a full stack of

Zero Trust
ORG

security controls before taking an accelerated path to its destination, whether that’s another location on your private network, a

SaaS
ORG

app, or any application on the open Internet.

Since we announced our beta

earlier this year
DATE

, organizations around the world have deployed

the Magic WAN Connector
FAC

to connect and secure their network locations. We’re excited for the general availability of

the Magic WAN Connector
ORG

to accelerate SASE transformation at scale.

When customers tell us about their journey to embrace SASE,

one
CARDINAL

of the most common stories we hear is:

We started with our remote workforce, deploying modern solutions to secure access to internal apps and Internet resources. But now, we’re looking at the broader landscape of our enterprise network connectivity and security, and it’s daunting. We want to shift to a cloud and Internet-centric model for all of our infrastructure, but we’re struggling to figure out how to start.


The Magic WAN Connector
WORK_OF_ART

was created to address this problem.


Zero
CARDINAL

-touch connectivity to your new corporate WAN

Cloudflare

One
CARDINAL

enables organizations of any size to connect and secure all of their users, devices, applications, networks, and data with a unified platform delivered by our global connectivity cloud. Magic WAN is the network connectivity “glue” of Cloudflare One, allowing our customers to migrate away from legacy private circuits and use our network as an extension of their own.

Previously, customers have connected their locations to

Magic WAN
PRODUCT

with

Anycast GRE
PRODUCT

or

IPsec
ORG

tunnels configured on their edge network equipment (usually existing routers or firewalls), or plugged into us directly with

CNI
ORG

. But for

the past few years
DATE

, we’ve heard requests from

hundreds
CARDINAL

of customers asking for a

zero
CARDINAL

-touch approach to connecting their branches: We just want something we can plug in and turn on, and it handles the rest.


The Magic WAN Connector
WORK_OF_ART

is exactly this. Customers receive Cloudflare-certified hardware with our software pre-installed on it, and everything is controlled via the

Cloudflare
ORG

dashboard. What was once a time-consuming, complex process now takes

a matter of minutes
TIME

, enabling robust

Zero-Trust
ORG

protection for all of your traffic.

In addition to automatically configuring tunnels and routing policies to direct your network traffic to

Cloudflare
ORG

,

the Magic WAN Connector
ORG

will also handle traffic steering, shaping and failover to make sure your packets always take the best path available to the closest

Cloudflare
ORG

network location — which is likely only milliseconds away. You’ll also get enhanced visibility into all your traffic flows in analytics and logs, providing a unified observability experience across both your branches and the traffic through

Cloudflare
ORG

’s network.


Zero Trust
ORG

security for all your traffic

Once

the Magic WAN Connector
FAC

is deployed at your network location, you have automatic access to enforce

Zero Trust
ORG

security policies across both public and private traffic.

A secure on-ramp to the Internet

An easy

first
ORDINAL

step to improving your organization’s security posture after connecting network locations to

Cloudflare
ORG

is creating Secure Web Gateway policies to defend against ransomware, phishing, and other threats for faster, safer Internet browsing. By default, all Internet traffic from locations with

the Magic WAN Connector
FAC

will route through

Cloudflare Gateway
FAC

, providing a unified management plane for traffic from physical locations and remote employees.

A more secure private network


The Magic WAN Connector
WORK_OF_ART

also enables routing private traffic between your network locations, with multiple layers of network and

Zero Trust
ORG

security controls in place. Unlike a traditional network architecture, which requires deploying and managing a stack of security hardware and backhauling branch traffic through a central location for filtering, a SASE architecture provides private traffic filtering and control built-in: enforced across a distributed network, but managed from a single dashboard interface or API.

A simpler approach for hybrid cloud

Cloudflare

One
CARDINAL

enables connectivity for any physical or cloud network with easy on-ramps depending on location type. The Magic WAN Connector provides easy connectivity for branches, but also provides automatic connectivity to other networks including VPCs connected using cloud-native constructs (e.g.,

VPN Gateways
ORG

) or direct cloud connectivity (via Cloud CNI). With a unified connectivity and control plane across physical and cloud infrastructure, IT and security teams can reduce overhead and cost of managing multi- and hybrid cloud networks.

Single-vendor SASE dramatically reduces cost and complexity

With the general availability of

the Magic WAN Connector
ORG

, we’ve put the final piece in place to deliver a unified SASE platform, developed and fully integrated from the ground up. Deploying and managing all the components of

SASE
ORG

with a single vendor, versus piecing together different solutions for networking and security, significantly simplifies deployment and management by reducing complexity and potential integration challenges. Many vendors that market a full SASE solution have actually stitched together separate products through acquisition, leading to an

un
ORG

-integrated experience similar to what you would see deploying and managing multiple separate vendors. In contrast, Cloudflare One (now with the Magic WAN Connector for simplified branch functions) enables organizations to achieve the true promise of SASE: a simplified, efficient, and highly secure network and security infrastructure that reduces your total cost of ownership and adapts to the evolving needs of the modern digital landscape.

Evolving beyond SD-WAN

Cloudflare

One
CARDINAL

addresses many of the challenges that were left behind as organizations deployed SD-WAN to help simplify networking operations. SD-WAN provides orchestration capabilities to help manage devices and configuration in

one
CARDINAL

place, as well as last mile traffic management to steer and shape traffic based on more sophisticated logic than is possible in traditional routers. But SD-WAN devices generally don’t have embedded security controls, leaving teams to stitch together a patchwork of hardware, virtualized and cloud-based tools to keep their networks secure. They can make decisions about the best way to send traffic out from a customer’s branch, but they have no way to influence traffic hops between the last mile and the traffic’s destination. And while some SD-WAN providers have surfaced virtualized versions of their appliances that can be deployed in cloud environments, they don’t support native cloud connectivity and can complicate rather than ease the transition to cloud.

Cloudflare

One
CARDINAL

represents the next evolution of enterprise networking, and has a fundamentally different architecture from either legacy networking or SD-WAN. It’s based on a "light branch, heavy cloud" principle: deploy the minimum required hardware within physical locations (or virtual hardware within virtual networks, e.g., cloud VPCs) and use low-cost Internet connectivity to reach the nearest "service edge" location. At those locations, traffic can flow through security controls and be optimized on the way to its destination, whether that’s another location within the customer’s private network or an application on the public Internet. This architecture also enables remote user access to connected networks.

This shift — moving most of the "smarts" from the branch to a distributed global network edge, and leaving only the functions at the branch that absolutely require local presence, delivered by

the Magic WAN Connector
ORG

— solves our customers’ current problems and sets them up for easier management and a stronger security posture as the connectivity and attack landscape continues to evolve.

Aspect Example MPLS/VPN Service SD-WAN SASE with

Cloudflare One Configuration New
ORG

site setup, configuration and management By

MSP
ORG

through service request

Simplified
PERSON

orchestration and

management via centralized controller

Automated
ORG

orchestration via

SaaS
PRODUCT

portal

Single Dashboard
PRODUCT


Last mile
QUANTITY

traffic control Traffic balancing,

QoS
ORG

, and failover Covered by MPLS SLAs Best Path selection available

in SD-WAN appliance Minimal on-prem deployment to control local decision making

Middle mile
LOC

traffic control

Traffic
ORG

steering around middle mile congestion Covered by

MPLS
ORG

SLAs “

Tunnel Spaghetti
ORG

” and still no control over the middle mile Integrated traffic management & private backbone controls in a unified dashboard Cloud integration Connectivity for cloud migration Centralized breakout Decentralized breakout

Native
NORP

connectivity with

Cloud Network Interconnect Security Filter in & outbound
ORG

Internet traffic for malware Patchwork of hardware controls Patchwork of hardware

and/or software controls

Native
NORP

integration with user, data,

application & network
ORG

security tools Cost Maximize ROI for network investments High cost for hardware and connectivity Optimized connectivity costs at the expense of increased hardware and software costs Decreased hardware and connectivity costs for maximized ROI

Summary of legacy, SD-WAN based, and SASE architecture considerations


Love
WORK_OF_ART

and want to keep your current SD-WAN vendor? No problem – you can still use any appliance that supports

IPsec
ORG

or

GRE
ORG

as an on-ramp for

Cloudflare One
PRODUCT

.

Ready to simplify your SASE journey?

You can learn more about

the Magic WAN Connector
FAC

, including device specs, specific feature info, onboarding process details, and more at our dev docs, or contact us to get started

today
DATE

.