Plans
If you are a Magic Transit or Magic WAN user, you are automatically provided with a standard list of Magic Firewall features. For additional features available for purchase, refer to the list of advanced features below.
- Filtering rules based on protocol, port, IP addresses, packet length, and bit field match.
- Fast propagation of rule changes in less than a minute.
- Single dashboard to manage firewall and network configuration.
- Programmable API for automated deployment and management — compatible with infrastructure-as-code platforms like Terraform.
- Traffic analytics per rule in the dashboard and using the GraphQL API.
- Integration with Magic WAN network-as-a-service.
- Included DDoS protection with Magic Transit.
All standard features are included with the purchase of the advanced features below:
- Customizable IP lists.
- Managed threat intelligence IP lists (Anonymizer, Botnet, Malware, Open Proxies, VPNs).
- Geoblocking based on user location by country.
- Block or allow packets based on Autonomous System Number (ASN).
- Packet captures on demand for network troubleshooting.
- Protocol validation rules to inspect traffic validity and enforce a positive security model.
- Secure Web Gateway filtering for outbound Internet traffic (network and HTTP policies). The Secure Web Gateway supports all TCP and UDP ports, as well as traffic sourced from RFC. Gateway will proxy BYOIP traffic to egress via the default Cloudflare IPs or your assigned dedicated egress IPs.
- Intrusion Detection System (IDS).