+---\npcx_content_type: concept\ntitle: Magic Transit egress\ndescription: Learn best practices for configuring Magic Transit egress traffic with Cloudflare Magic Firewall. Understand ruleset logic and traffic management.\nsidebar:\n order: 4\n\n---\n\nThe suggestions in the [Minimal ruleset](/magic-firewall/best-practices/minimal-ruleset/) and [Extended ruleset](/magic-firewall/best-practices/extended-ruleset/) are recommendations for ingress traffic.\n\nFor Magic Transit egress traffic, consider the following information:\n\n* The Magic Firewall rules will apply to both Magic Transit ingress and egress traffic passing via Cloudflare.\n* Magic Firewall is not stateful for your Magic Transit egress traffic.\n* Magic Firewall is not stateful in both directions after DDoS mitigations.\n* If you have a Magic Firewall "default drop" catchall rule for ingress traffic, you will need to add an earlier rule to permit traffic sourced from your Magic Transit prefix with the destination as **any** to allow outbound egress traffic.
![hyperlint-ai[bot]](https://avatars.githubusercontent.com/in/718456?v=4&size=40){kind=avatar}
0 commit comments