Deep dive into the key architecture, functionalities, and network deployment options of Cloudflare Magic Transit.
Cloudflare Magic Transit
Secure your network and improve performance at Cloudflare scale.
Enterprise-only
Magic Transit is a network security and performance solution that offers DDoS protection, traffic acceleration, and more for on-premise, cloud-hosted, and hybrid networks.
- DDoS mitigation and protection: Instead of relying on local infrastructure that can be overwhelmed by large DDoS attacks, Magic Transit uses the global Cloudflare Network ↗ to ingest and mitigate attacks close to their source.
- Traffic acceleration: Magic Transit takes advantage of the Cloudflare global network to reduce latency and ensure that requests always have a data center nearby.
Learn more about how Magic Transit works and how to get started.
Tunnel health checks
Magic Transit sends health check probes to monitor network status and the health of specific network components.
Traffic steering
Magic Transit steers traffic along tunnel routes based on priorities you define during the onboarding process.
Cloudflare IPs
Use Cloudflare-owned IP addresses if you want to protect a smaller network and do not meet Magic Transit's /24 prefix length requirements.
BGP peering
Use BGP peering between your networks and Cloudflare to automate the process of adding or removing networks and subnets, and take advantage of failure detection and session recovery features.
Magic Firewall
Magic Firewall is a firewall-as-a-service (FWaaS) delivered from the Cloudflare global network to protect office networks and cloud infrastructure with advanced, scalable protection.
Cloudflare Network Interconnect
Cloudflare Network Interconnect (CNI) allows you to connect your network infrastructure directly with Cloudflare - rather than using the public Internet - for a more reliable and secure experience.
DDoS Protection
Cloudflare DDoS protection secures websites, applications, and entire networks while ensuring the performance of legitimate traffic is not compromised.
Bringing Your Own IP (BYOIP)
With Bringing Your Own IPs (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with Magic Transit, Spectrum, or CDN services.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark