Cloudflare Docs
Visit Magic Firewall on GitHub
Set theme to dark (⇧+D)


If you are a Magic Transit or Magic WAN user, you are automatically provided with a standard list of Magic Firewall features. For additional features available for purchase, refer to the list of advanced features below.

Standard features

  • Filtering rules based on protocol, port, IP addresses, packet length, and bit field match
  • Fast propagation of rule changes in <500ms
  • Single dashboard to manage firewall and network configuration
  • Programmable API for automated deployment and management — compatible with infrastructure-as-code platforms like Terraform
  • Traffic analytics per rule in the dashboard and using the GraphQL API
  • Integration with Magic WAN network-as-a-service
  • Included DDoS protection with Magic Transit

Advanced features

All standard features are included with the purchase of the advanced features below.

  • Customizable IP lists
  • Managed threat intelligence IP lists (Malware, Botnet, Anonymizer)
  • Geoblocking based on user location by country
  • Packet captures on demand for network troubleshooting
  • Protocol validation rules to inspect traffic validity and enforce a positive security model
  • Optional upgrade to full stateful Secure Web Gateway using Cloudflare Zero Trust for outbound Internet traffic. The Secure Web Gateway upgrade supports all TCP and UDP ports.