Announcing General Availability for the Magic WAN Connector: the easiest way to jumpstart SASE transformation for your network

Created on November 12, 2023 at 10:35 am

6 min TIME read

Today DATE , we’re announcing the general availability of the Magic WAN Connector ORG , a key component of our SASE platform, Cloudflare One. Magic WAN Connector is the glue between your existing network hardware and Cloudflare ORG ’s network — it provides a super simplified software solution that comes pre-installed on Cloudflare ORG -certified hardware, and is entirely managed from the Cloudflare One CARDINAL dashboard.

It takes only a few minutes TIME from unboxing to seeing your network traffic automatically routed to the closest Cloudflare location, where it flows through a full stack of Zero Trust ORG security controls before taking an accelerated path to its destination, whether that’s another location on your private network, a SaaS ORG app, or any application on the open Internet.

Since we announced our beta earlier this year DATE , organizations around the world have deployed the Magic WAN Connector FAC to connect and secure their network locations. We’re excited for the general availability of the Magic WAN Connector ORG to accelerate SASE transformation at scale.

When customers tell us about their journey to embrace SASE, one CARDINAL of the most common stories we hear is:

We started with our remote workforce, deploying modern solutions to secure access to internal apps and Internet resources. But now, we’re looking at the broader landscape of our enterprise network connectivity and security, and it’s daunting. We want to shift to a cloud and Internet-centric model for all of our infrastructure, but we’re struggling to figure out how to start.

The Magic WAN Connector WORK_OF_ART was created to address this problem.

Zero CARDINAL -touch connectivity to your new corporate WAN

Cloudflare One CARDINAL enables organizations of any size to connect and secure all of their users, devices, applications, networks, and data with a unified platform delivered by our global connectivity cloud. Magic WAN is the network connectivity “glue” of Cloudflare One, allowing our customers to migrate away from legacy private circuits and use our network as an extension of their own.

Previously, customers have connected their locations to Magic WAN PRODUCT with Anycast GRE PRODUCT or IPsec ORG tunnels configured on their edge network equipment (usually existing routers or firewalls), or plugged into us directly with CNI ORG . But for the past few years DATE , we’ve heard requests from hundreds CARDINAL of customers asking for a zero CARDINAL -touch approach to connecting their branches: We just want something we can plug in and turn on, and it handles the rest.

The Magic WAN Connector WORK_OF_ART is exactly this. Customers receive Cloudflare-certified hardware with our software pre-installed on it, and everything is controlled via the Cloudflare ORG dashboard. What was once a time-consuming, complex process now takes a matter of minutes TIME , enabling robust Zero-Trust ORG protection for all of your traffic.

In addition to automatically configuring tunnels and routing policies to direct your network traffic to Cloudflare ORG , the Magic WAN Connector ORG will also handle traffic steering, shaping and failover to make sure your packets always take the best path available to the closest Cloudflare ORG network location — which is likely only milliseconds away. You’ll also get enhanced visibility into all your traffic flows in analytics and logs, providing a unified observability experience across both your branches and the traffic through Cloudflare ORG ’s network.

Zero Trust ORG security for all your traffic

Once the Magic WAN Connector FAC is deployed at your network location, you have automatic access to enforce Zero Trust ORG security policies across both public and private traffic.

A secure on-ramp to the Internet

An easy first ORDINAL step to improving your organization’s security posture after connecting network locations to Cloudflare ORG is creating Secure Web Gateway policies to defend against ransomware, phishing, and other threats for faster, safer Internet browsing. By default, all Internet traffic from locations with the Magic WAN Connector FAC will route through Cloudflare Gateway FAC , providing a unified management plane for traffic from physical locations and remote employees.

A more secure private network

The Magic WAN Connector WORK_OF_ART also enables routing private traffic between your network locations, with multiple layers of network and Zero Trust ORG security controls in place. Unlike a traditional network architecture, which requires deploying and managing a stack of security hardware and backhauling branch traffic through a central location for filtering, a SASE architecture provides private traffic filtering and control built-in: enforced across a distributed network, but managed from a single dashboard interface or API.

A simpler approach for hybrid cloud

Cloudflare One CARDINAL enables connectivity for any physical or cloud network with easy on-ramps depending on location type. The Magic WAN Connector provides easy connectivity for branches, but also provides automatic connectivity to other networks including VPCs connected using cloud-native constructs (e.g., VPN Gateways ORG ) or direct cloud connectivity (via Cloud CNI). With a unified connectivity and control plane across physical and cloud infrastructure, IT and security teams can reduce overhead and cost of managing multi- and hybrid cloud networks.

Single-vendor SASE dramatically reduces cost and complexity

With the general availability of the Magic WAN Connector ORG , we’ve put the final piece in place to deliver a unified SASE platform, developed and fully integrated from the ground up. Deploying and managing all the components of SASE ORG with a single vendor, versus piecing together different solutions for networking and security, significantly simplifies deployment and management by reducing complexity and potential integration challenges. Many vendors that market a full SASE solution have actually stitched together separate products through acquisition, leading to an un ORG -integrated experience similar to what you would see deploying and managing multiple separate vendors. In contrast, Cloudflare One (now with the Magic WAN Connector for simplified branch functions) enables organizations to achieve the true promise of SASE: a simplified, efficient, and highly secure network and security infrastructure that reduces your total cost of ownership and adapts to the evolving needs of the modern digital landscape.

Evolving beyond SD-WAN

Cloudflare One CARDINAL addresses many of the challenges that were left behind as organizations deployed SD-WAN to help simplify networking operations. SD-WAN provides orchestration capabilities to help manage devices and configuration in one CARDINAL place, as well as last mile traffic management to steer and shape traffic based on more sophisticated logic than is possible in traditional routers. But SD-WAN devices generally don’t have embedded security controls, leaving teams to stitch together a patchwork of hardware, virtualized and cloud-based tools to keep their networks secure. They can make decisions about the best way to send traffic out from a customer’s branch, but they have no way to influence traffic hops between the last mile and the traffic’s destination. And while some SD-WAN providers have surfaced virtualized versions of their appliances that can be deployed in cloud environments, they don’t support native cloud connectivity and can complicate rather than ease the transition to cloud.

Cloudflare One CARDINAL represents the next evolution of enterprise networking, and has a fundamentally different architecture from either legacy networking or SD-WAN. It’s based on a "light branch, heavy cloud" principle: deploy the minimum required hardware within physical locations (or virtual hardware within virtual networks, e.g., cloud VPCs) and use low-cost Internet connectivity to reach the nearest "service edge" location. At those locations, traffic can flow through security controls and be optimized on the way to its destination, whether that’s another location within the customer’s private network or an application on the public Internet. This architecture also enables remote user access to connected networks.

This shift — moving most of the "smarts" from the branch to a distributed global network edge, and leaving only the functions at the branch that absolutely require local presence, delivered by the Magic WAN Connector ORG — solves our customers’ current problems and sets them up for easier management and a stronger security posture as the connectivity and attack landscape continues to evolve.

Aspect Example MPLS/VPN Service SD-WAN SASE with Cloudflare One Configuration New ORG site setup, configuration and management By MSP ORG through service request Simplified PERSON orchestration and

management via centralized controller Automated ORG orchestration via SaaS PRODUCT portal Single Dashboard PRODUCT

Last mile QUANTITY traffic control Traffic balancing, QoS ORG , and failover Covered by MPLS SLAs Best Path selection available

in SD-WAN appliance Minimal on-prem deployment to control local decision making Middle mile LOC traffic control Traffic ORG steering around middle mile congestion Covered by MPLS ORG SLAs “ Tunnel Spaghetti ORG ” and still no control over the middle mile Integrated traffic management & private backbone controls in a unified dashboard Cloud integration Connectivity for cloud migration Centralized breakout Decentralized breakout Native NORP connectivity with Cloud Network Interconnect Security Filter in & outbound ORG Internet traffic for malware Patchwork of hardware controls Patchwork of hardware

and/or software controls Native NORP integration with user, data, application & network ORG security tools Cost Maximize ROI for network investments High cost for hardware and connectivity Optimized connectivity costs at the expense of increased hardware and software costs Decreased hardware and connectivity costs for maximized ROI

Summary of legacy, SD-WAN based, and SASE architecture considerations

Love WORK_OF_ART and want to keep your current SD-WAN vendor? No problem – you can still use any appliance that supports IPsec ORG or GRE ORG as an on-ramp for Cloudflare One PRODUCT .

Ready to simplify your SASE journey?

You can learn more about the Magic WAN Connector FAC , including device specs, specific feature info, onboarding process details, and more at our dev docs, or contact us to get started today DATE .

Connecting to Connected... Page load complete