Subscribe to receive notifications of new posts:

Subscription confirmed. Thank you for subscribing!

How to connect your offices to Cloudflare using SD-WAN


3 min read

This post is also available in 简体中文, 日本語, bahasa Indonesia, ไทย.

Many offices will soon be re-opening and, just as two years ago when the shift to remote work brought a paradigm change for IT and networking teams, the return to office will bring its own challenges. Two years ago, Chief Information Officers faced a surprise fire drill enabling a completely remote workforce nearly overnight. As companies start to experiment with hybrid working models, IT teams are facing new problems. They are not just re-opening existing branches and potentially activating new ones to enable greater distribution of a more flexible workforce, but also ensuring users have a consistent experience regardless of where they’re connecting. All of this occurs while maintaining visibility and security across an increasingly complex and hard to maintain corporate network.

Some companies have adopted SD-WAN technology to help solve these problems. SD-WAN, or software-defined wide-area networking, is a flexible way to interconnect branches and corporate headquarters together using software as an overlay to various hardware platforms. Deploying SD-WAN can make IT and network teams’ lives simpler by consolidating management tasks and abstracting away the complexity of router configuration. SD-WAN platforms often include a central “orchestrator” that holds information about connected locations.

SD-WAN as Management Overlay for your Corporate Network

Traditionally, network teams connected branches to the corporate network through a complex and interconnected architecture, which involved specific hardware and software dependencies and sometimes even dedicated or leased links between locations. This setup is expensive and complex to get off the ground and makes activating new and existing branches a slow process. Cloudflare One is built on our performant and resilient global Anycast network, enabling customers to leverage our global network in 250+ cities as your corporate backbone. This means all you need to do is connect your infrastructure to Cloudflare’s global Anycast network from any location you desire, and you’re instantly connected to all other locations. Simple.

Figure 1. The New Corporate Backbone
Figure 1. The New Corporate Backbone

But how exactly do you connect your offices to Cloudflare’s global network?

Today, a more modern approach is to use SD-WAN to configure your networks and connect them to Cloudflare’s network, leveraging that as the new corporate backbone. It's quick and easy! We use industry standard tunneling protocols in an innovative way, which you can learn more about from the Anycast IPsec blog.

For a detailed tutorial, check out developer docs to Connect to Secure Web Gateway with Magic WAN.

Keeping things Performant & Secure

In the past, organizations had to leverage leased lines and MPLS to stitch their networks together. These were dedicated paths and links to provide stable and performant connections for corporate traffic.

When using Cloudflare’s network as your backbone, you don’t sacrifice performance but instead benefit from a global optimized WAN without the exorbitant cost or management overhead of MPLS and leased lines. This means performance and reliability at least on par with, if not better than, your existing connections.

Although performant connectivity is only part of the story, the underlying network, whatever it may be, still has to be secure. Traffic over Cloudflare’s network is always secure; end to end for your traffic, branches, and users both in the office and remote. Traffic is encrypted and can be filtered across the entire network for a complete Secure Web Gateway and Zero Trust firewall.

Figure 2. Cloudflare Zero Trust Networking
Figure 2. Cloudflare Zero Trust Networking

Easier Management & Greater Flexibility

Using standard tunneling protocols means that not only can you use your SD-WAN products, but you can also use any routers or devices that support tunneling protocols (GRE & IPsec) to get connected. If you are part way through an SD-WAN transformation, or have multiple platforms as a result of mergers and acquisitions, or if you just want to spin up small offices quickly, we’ve got you covered!

And with everything connected to Cloudflare, you now have a central control plane for all of your traffic, not just intersite but also traffic to and from the Internet.

To make things even easier we're collaborating with SD-WAN partners like Aruba Networks, VMware VeloCloud, Infovista, and others to make it even easier to onramp traffic from their SD-WAN platforms with just a few clicks. Stay tuned for future updates.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

CIO Week

Follow on X

Neil Patel |@neilnpate1
Cloudflare |Cloudflare

Related Posts