Plans

If you are a Magic Transit or Magic WAN user, you are automatically provided with a standard list of Magic Firewall features. For additional features available for purchase, refer to the list of advanced features below.

​​ Standard features

• Filtering rules based on protocol, port, IP addresses, packet length, and bit field match.
• Fast propagation of rule changes in less than a minute.
• Single dashboard to manage firewall and network configuration.
• Programmable API for automated deployment and management — compatible with infrastructure-as-code platforms like Terraform.
• Traffic analytics per rule in the dashboard and using the GraphQL API.
• Integration with Magic WAN network-as-a-service.
• Included DDoS protection with Magic Transit.

​​ Advanced features

All standard features are included with the purchase of the advanced features below.

• Customizable IP lists.
• Managed threat intelligence IP lists (Anonymizer, Botnet, Malware, Open Proxies, VPNs).
• Geoblocking based on user location by country.
• Block or allow packets based on Autonomous System Number (ASN).
• Packet captures on demand for network troubleshooting.
• Protocol validation rules to inspect traffic validity and enforce a positive security model.
• Optional upgrade to full stateful Secure Web Gateway using Cloudflare Zero Trust for outbound Internet traffic. The Secure Web Gateway upgrade supports all TCP and UDP ports, traffic sourced from RFC, and BYOIP.
• Intrusion Detection System (IDS).