New docs for Magic WAN custom IKE IDs plus changelog for custom IKE IDs and bidirectional health check update (cloudflare#25047)

* Write new doc on custom IKE IDs for IPsec in Magic WAN. Write changelog for custom IKE and health check updates.

* Fix side bar ordering for other documents in the Magic WAN common settings page

* Apply suggestions from code review

---------

Co-authored-by: marciocloudflare <[email protected]>

Author: cdraper-cloudflare

src/content/changelog/magic-wan/2025-09-05-bidirectional-health-check-any-on-ramp.mdx

@@ -0,0 +1,13 @@
+---
+title: Bidirectional tunnel health checks are compatible with all Magic on-ramps
+description: Bidirectional tunnel health check return packets are accepted by any Magic on-ramp
+date: 2025-09-05
+---
+
+All bidirectional tunnel health check return packets are accepted by any Magic on-ramp.
+
+Previously, when a Magic tunnel had a bidirectional health check configured, the bidirectional health check would pass when the return packets came back to Cloudflare over the same tunnel that was traversed by the forward packets.
+
+There are SD-WAN devices, like VeloCloud, that do not offer controls to steer traffic over one tunnel versus another in a high availability tunnel configuration.
+
+Now, when a Magic tunnel has a bidirectional health check configured, the bidirectional health check will pass when the return packet traverses over any tunnel in a high availability configuration.

src/content/changelog/magic-wan/2025-09-08-custom-ike-id-ipsec-tunnels.mdx

@@ -0,0 +1,9 @@
+---
+title: Custom IKE ID for IPsec Tunnels
+description: Customers can now set a custom IKE ID for their IPsec Tunnels
+date: 2025-09-08
+---
+
+Now, Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together can utilize this new feature to create a high availability configuration.
+
+This feature is available via API only. Customers can read the Magic WAN documentation to learn more about the [Custom IKE ID feature and the API call to configure it](/magic-wan/configuration/common-settings/custom-ike-id-ipsec/).

src/content/docs/magic-wan/configuration/common-settings/check-tunnel-health-dashboard.mdx

@@ -2,7 +2,7 @@
 pcx_content_type: how-to
 title: Check tunnel health in the dashboard
 sidebar:
-  order: 3
+  order: 2
 ---
 
 import { Render } from "~/components";
@@ -11,18 +11,20 @@ import { Render } from "~/components";
 	file="tunnel-health/check-tunnel-healthchecks-dash"
 	product="networking-services"
 	params={{
-		dashInfo: "The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.",
+		dashInfo:
+			"The dashboard shows the view of tunnel health as measured from each Cloudflare location where your traffic is likely to land.",
 		productPath: "**Magic WAN** > **Network health**",
 		graphQL: "/magic-wan/analytics/query-tunnel-health/",
-		notificationsPath: "[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)"
+		notificationsPath:
+			"[notifications wizard](/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts/)",
 	}}
 />
 
 <Render
 	file="tunnel-health/health-checks-compatible-cmb-eu"
 	product="networking-services"
 	params={{
-		productName: "Magic WAN"
+		productName: "Magic WAN",
 	}}
 />
 

src/content/docs/magic-wan/configuration/common-settings/configure-magic-tunnel-health-alerts.mdx

@@ -3,6 +3,8 @@ pcx_content_type: how-to
 title: Configure Magic Tunnel health alerts
 head: []
 description: Use the API to set up and configure Magic Tunnel health alerts
+sidebar:
+  order: 4
 ---
 
 import { Render } from "~/components";
@@ -13,8 +15,9 @@ import { Render } from "~/components";
 	params={{
 		magicWord: "Magic WAN",
 		productName: "Magic WAN",
-		magicTunnelHealthCheckCalculation: "/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/",
+		magicTunnelHealthCheckCalculation:
+			"/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/",
 		networkAnalyticsPath: "/magic-wan/analytics/network-analytics/",
 		healthChecks: "/magic-wan/reference/tunnel-health-checks/",
 	}}
-/>
+/>

src/content/docs/magic-wan/configuration/common-settings/custom-ike-id-ipsec.mdx

@@ -0,0 +1,22 @@
+---
+pcx_content_type: how-to
+title: Custom IKE ID for IPsec
+sidebar:
+  order: 6
+---
+
+Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together should utilize this option to create a high availability configuration.
+
+:::note
+This feature is only available via API. There are no configuration options for a custom IKE ID for an IPsec tunnel in the Cloudflare dashboard.
+:::
+
+VeloCloud has a high availability mechanism that allows customers to specify one set of IKE parameters (like IKE ID) and multiple remote IPs. Customers create an IKE ID, and then assign the same custom IKE ID to their primary IPsec tunnel and their backup IPsec tunnel. FQDN is the only supported type for custom IKE IDs.
+
+Magic WAN customers can set a custom IKE ID for an IPsec tunnel using the following API call. Customers will need to fill in the appropriate values for <account_id>, <tunnel_id>, and the FQDN wildcard before running the API call.
+
+```txt
+% cloudflared access curl
+https://conduit-api.cfdata.org/accounts/<account_id>/ipsec_tunnels/<tunnel_id>
+-XPUT -d '{"custom_remote_identities": {"fqdn_id": "*.<account_id>.custom.ipsec.cloudflare.com"}}'
+```

src/content/docs/magic-wan/configuration/common-settings/enable-magic-roles.mdx

@@ -4,9 +4,10 @@ title: Enable Magic user roles
 head: []
 description: You can determine which users have, or do not have, configuration
   edit access for Magic products.
-
+sidebar:
+  order: 5
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 <Render file="magic-user-role" product="networking-services" />

src/content/docs/magic-wan/configuration/common-settings/index.mdx

@@ -1,13 +1,13 @@
 ---
 title: Common settings
 pcx_content_type: navigation
+head: []
 sidebar:
   order: 4
-
 ---
 
-import { DirectoryListing } from "~/components"
+import { DirectoryListing } from "~/components";
 
-Review this section to learn about the settings shared between the Magic WAN Connector and the manual setup process for Magic WAN.
+Review this section to learn about the common settings that apply to both the Magic WAN Connector setup process and the manual setup process for Magic WAN.
 
 <DirectoryListing />

src/content/docs/magic-wan/configuration/common-settings/sites.mdx

@@ -2,12 +2,12 @@
 title: Set up a site
 pcx_content_type: how-to
 sidebar:
-  order: 2
+  order: 1
   badge:
     text: Beta
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 Sites represent the local network of a data center, office, or other physical location, and combine all on-ramps available there. Sites also allow you to check, at a glance, the state of your on-ramps and set up health alert settings so that you get notified when there are issues with the site's on-ramps.
 
@@ -24,17 +24,21 @@ To use a site, start by setting up your on-ramps. These can be [GRE or IPsec tun
 7. Select **Continue**.
 8. In **Define alert settings** you set up alerts to notify you when there are issues with your site's on-ramps. If you want to set up alerts later, select **Skip this for now** to complete your setup. Otherwise, continue reading.
 9. In **Magic WAN Health Check Alert** > **Notification name**, enter a name for the site's alert.
-9. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses.
-10. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information.
-11. Select **Complete setup** to finish setting up your site.
+10. Under **Alert settings**, choose how you want to be notified when there is an issue. You can add webhooks as well as email addresses.
+11. In **Alert sensitivity level** define the threshold for Magic Tunnel health alerts to be fired. Refer to [How Cloudflare calculates Magic Tunnel health alerts](/magic-wan/reference/how-cloudflare-calculates-magic-tunnel-health-alerts/) for more information.
+12. Select **Complete setup** to finish setting up your site.
 
 Your site is now set up. If you have other sites you need to set up, repeat the steps above. If you did not set up alerts, we strongly recommend that you do it. Otherwise you will not be notified when there is a problem with one of your on-ramps.
 
 ---
 
 ## Site analytics
 
-<Render file="analytics/site-analytics"	product="networking-services" params={{ instructions: "" }}/>
+<Render
+	file="analytics/site-analytics"
+	product="networking-services"
+	params={{ instructions: "" }}
+/>
 
 ---
 
@@ -60,4 +64,7 @@ If you add geographic coordinates to your site, it will show up in the Network m
 
 ### Set thresholds for Magic WAN site health
 
-<Render file="analytics/set-thresholds-site-health"	product="networking-services" />
+<Render
+	file="analytics/set-thresholds-site-health"
+	product="networking-services"
+/>

src/content/docs/magic-wan/configuration/common-settings/update-tunnel-health-checks-frequency.mdx

@@ -2,7 +2,7 @@
 pcx_content_type: how-to
 title: Update tunnel health checks frequency
 sidebar:
-  order: 4
+  order: 3
 ---
 
 import { Render } from "~/components";
@@ -14,14 +14,15 @@ import { Render } from "~/components";
 		magicProduct: "Magic WAN",
 		productName: "Magic WAN",
 		healthChecksUrl: "/magic-wan/reference/tunnel-health-checks/",
-		addTunnelsPath: "/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels"
+		addTunnelsPath:
+			"/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels",
 	}}
 />
 
 <Render
 	file="tunnel-health/health-checks-compatible-cmb-eu"
 	product="networking-services"
 	params={{
-		productName: "Magic WAN"
+		productName: "Magic WAN",
 	}}
-/>
+/>