diff --git a/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx b/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx new file mode 100644 index 000000000000000..0e20042841c5147 --- /dev/null +++ b/src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx @@ -0,0 +1,13 @@ +--- +title: Bidirectional tunnel health checks are compatible with all Magic on-ramps +description: Bidirectional tunnel health check return packets are accepted by any Magic on-ramp +date: 2025-09-05 +--- + +All bidirectional tunnel health check return packets are accepted by any Magic on-ramp. + +Previously, when a Magic tunnel had a bidirectional health check configured, the bidirectional health check would pass when the return packets came back to Cloudflare over the same tunnel that was traversed by the forward packets. + +There are SD-WAN devices, like VeloCloud, that do not offer controls to steer traffic over one tunnel versus another in a high availability tunnel configuration. + +Now, when a Magic tunnel has a bidirectional health check configured, the bidirectional health check will pass when the return packet traverses over any tunnel in a high availability configuration. diff --git a/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx b/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx new file mode 100644 index 000000000000000..1478f469cd0fc79 --- /dev/null +++ b/src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx @@ -0,0 +1,9 @@ +--- +title: Custom IKE ID for IPsec Tunnels +description: Customers can now set a custom IKE ID for their IPsec Tunnels +date: 2025-09-08 +--- + +Now, Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together can utilize this new feature to create a high availability configuration. + +This feature is available via API only. Customers can read the Magic WAN documentation to learn more about the [Custom IKE ID feature and the API call to configure it](/magic-wan/configuration/common-settings/custom-ike-id-ipsec/). diff --git a/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx b/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx index cb1a347c946c4d5..edbbdfbb77430cc 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Check tunnel health in the dashboard sidebar: - order: 3 + order: 2 --- import { Render } from "~/components"; @@ -11,10 +11,12 @@ import { Render } from "~/components"; file="tunnel-health/check-tunnel-healthchecks-dash" product="networking-services" params={{ - dashInfo: "The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.", + dashInfo: + "The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.", productPath: "**Magic WAN** > **Network health**", graphQL: "/magic-wan/analytics/query-tunnel-health/", - notificationsPath: "[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)" + notificationsPath: + "[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)", }} /> @@ -22,7 +24,7 @@ import { Render } from "~/components"; file="tunnel-health/health-checks-compatible-cmb-eu" product="networking-services" params={{ - productName: "Magic WAN" + productName: "Magic WAN", }} /> diff --git a/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx b/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx index 210ebf0394e7bfd..d85b11f5f9b0565 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx @@ -3,6 +3,8 @@ pcx_content_type: how-to title: Configure Magic Tunnel health alerts head: [] description: Use the API to set up and configure Magic Tunnel health alerts +sidebar: + order: 4 --- import { Render } from "~/components"; @@ -13,8 +15,9 @@ import { Render } from "~/components"; params={{ magicWord: "Magic WAN", productName: "Magic WAN", - magicTunnelHealthCheckCalculation: "/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/", + magicTunnelHealthCheckCalculation: + "/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/", networkAnalyticsPath: "/magic-wan/analytics/network-analytics/", healthChecks: "/magic-wan/reference/tunnel-health-checks/", }} -/> \ No newline at end of file +/> diff --git a/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx new file mode 100644 index 000000000000000..d5327cba7d6188b --- /dev/null +++ b/src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx @@ -0,0 +1,22 @@ +--- +pcx_content_type: how-to +title: Custom IKE ID for IPsec +sidebar: + order: 6 +--- + +Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together should utilize this option to create a high availability configuration. + +:::note +This feature is only available via API. There are no configuration options for a custom IKE ID for an IPsec tunnel in the Cloudflare dashboard. +::: + +VeloCloud has a high availability mechanism that allows customers to specify one set of IKE parameters (like IKE ID) and multiple remote IPs. Customers create an IKE ID, and then assign the same custom IKE ID to their primary IPsec tunnel and their backup IPsec tunnel. FQDN is the only supported type for custom IKE IDs. + +Magic WAN customers can set a custom IKE ID for an IPsec tunnel using the following API call. Customers will need to fill in the appropriate values for <account_id>, <tunnel_id>, and the FQDN wildcard before running the API call. + +```txt +% cloudflared access curl +https://conduit-api.cfdata.org/accounts//ipsec_tunnels/ +-XPUT -d '{"custom_remote_identities": {"fqdn_id": "*..custom.ipsec.cloudflare.com"}}' +``` diff --git a/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx b/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx index 012e87864e7c9d6..9f31f8cd7b784ad 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx @@ -4,9 +4,10 @@ title: Enable Magic user roles head: [] description: You can determine which users have, or do not have, configuration edit access for Magic products. - +sidebar: + order: 5 --- -import { Render } from "~/components" +import { Render } from "~/components"; diff --git a/src/content/docs/magic-wan/configuration/common-settings/index.mdx b/src/content/docs/magic-wan/configuration/common-settings/index.mdx index 8fa730a9f2d4d45..c291ff2f82035cf 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/index.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/index.mdx @@ -1,13 +1,13 @@ --- title: Common settings pcx_content_type: navigation +head: [] sidebar: order: 4 - --- -import { DirectoryListing } from "~/components" +import { DirectoryListing } from "~/components"; -Review this section to learn about the settings shared between the Magic WAN Connector and the manual setup process for Magic WAN. +Review this section to learn about the common settings that apply to both the Magic WAN Connector setup process and the manual setup process for Magic WAN. diff --git a/src/content/docs/magic-wan/configuration/common-settings/sites.mdx b/src/content/docs/magic-wan/configuration/common-settings/sites.mdx index fc2e655aad8a861..1d11076519f9f60 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/sites.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/sites.mdx @@ -2,12 +2,12 @@ title: Set up a site pcx_content_type: how-to sidebar: - order: 2 + order: 1 badge: text: Beta --- -import { Render } from "~/components" +import { Render } from "~/components"; Sites represent the local network of a data center, office, or other physical location, and combine all on-ramps available there. Sites also allow you to check, at a glance, the state of your on-ramps and set up health alert settings so that you get notified when there are issues with the site's on-ramps. @@ -24,9 +24,9 @@ To use a site, start by setting up your on-ramps. These can be [GRE or IPsec tun 7. Select **Continue**. 8. In **Define alert settings** you set up alerts to notify you when there are issues with your site's on-ramps. If you want to set up alerts later, select **Skip this for now** to complete your setup. Otherwise, continue reading. 9. In **Magic WAN Health Check Alert** > **Notification name**, enter a name for the site's alert. -9. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses. -10. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information. -11. Select **Complete setup** to finish setting up your site. +10. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses. +11. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information. +12. Select **Complete setup** to finish setting up your site. Your site is now set up. If you have other sites you need to set up, repeat the steps above. If you did not set up alerts, we strongly recommend that you do it. Otherwise you will not be notified when there is a problem with one of your on-ramps. @@ -34,7 +34,11 @@ Your site is now set up. If you have other sites you need to set up, repeat the ## Site analytics - + --- @@ -60,4 +64,7 @@ If you add geographic coordinates to your site, it will show up in the Network m ### Set thresholds for Magic WAN site health - \ No newline at end of file + diff --git a/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx b/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx index 2450021fd18c4b4..84def14b656a4cb 100644 --- a/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx +++ b/src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Update tunnel health checks frequency sidebar: - order: 4 + order: 3 --- import { Render } from "~/components"; @@ -14,7 +14,8 @@ import { Render } from "~/components"; magicProduct: "Magic WAN", productName: "Magic WAN", healthChecksUrl: "/magic-wan/reference/tunnel-health-checks/", - addTunnelsPath: "/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels" + addTunnelsPath: + "/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels", }} /> @@ -22,6 +23,6 @@ import { Render } from "~/components"; file="tunnel-health/health-checks-compatible-cmb-eu" product="networking-services" params={{ - productName: "Magic WAN" + productName: "Magic WAN", }} -/> \ No newline at end of file +/>