Cisco SD-WAN + Cloudflare One Solution Brief

Available Languages

Download Options

  • PDF
    (176.3 KB)
    View with Adobe Reader on a variety of devices
Updated:April 15, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (176.3 KB)
    View with Adobe Reader on a variety of devices
Updated:April 15, 2025

Table of Contents

 

 

Modernize your WAN architecture and enforce device-aware security policies with Cisco and Cloudflare.

Challenge

Enterprise WAN requirements have evolved, with hybrid work becoming the norm in most organizations. With users working from anywhere and connecting from any device, and applications distributed between hybrid multicloud and Software-as-a-Service (SaaS) environments, IT teams can no longer rely only on perimeter security to keep their users, apps, and data safe.

Solution

Cisco and Cloudflare have partnered to provide a best-in-class Secure Access Service Edge (SASE) solution to organizations of all sizes that combines the power of Cisco® Catalyst SD-WAN with Cloudflare’s internet-native Security Services Edge (SSE) platform. Customers can now easily enable zero – trust security controls and provide fast connectivity to SaaS applications and internet sites, with firewall-as a service, intrusion detection, data loss prevention, Cloud Access Security Broker (CASB), and browser isolation built in.

Cisco Catalyst SD-WAN and Cloudflare Integration Solution

Figure 1.            

Cisco Catalyst SD-WAN and Cloudflare Integration Solution

Benefits

Ease of use

Simplified integration between Cisco Catalyst SD-WAN and Cloudflare One, with comprehensive visibility through -Cisco Catalyst SD-WAN Manager (formerly vManage) and the Cloudflare dashboard.

Performance and security

Easy traffic direction to the Cloudflare global anycast network for fast access to internet sites and SaaS applications, with cloud-native Secure Web Gateway (SWG) and CASB built-in.

Monitoring and visibility

Comprehensive visibility into network traffic patterns, user activity, shadow IT discovery, and security threats using SD-WAN Manager, Cisco Catalyst SD-WAN Analytics (formerly vAnalytics), and the Cloudflare dashboard.

How it works

Cloudflare One integrates with Catalyst SD-WAN on the Cisco Catalyst 8000 Edge Platforms Family running Cisco IOS® XE to provide customers an easy on-ramp to Cloudflare One security services. Customers can use Catalyst SD-WAN Manager to create tunnels to their assigned Cloudflare anycast IP endpoints. Once configured, Cisco routing policies can be used to send branch traffic to Cloudflare One. Customers can configure SWG, CASB, and browser isolation policies via the Cloudflare dashboard to enable secure access to internet and SaaS applications.

Additional considerations

Note: Cloudflare requires routers behind NAT to initiate IKE communication on port 4500. Cisco Catalyst routers support NAT Traversal (NAT-T) for IKE sessions that start on port 500 and transition to port 4500 (as per RFC 3947). Due to this requirement, to deploy an IPsec tunnel with Cloudflare SSE, one of the following conditions must be met:

1.     The Edge WAN interface must have a public IP address

2.     If the Edge WAN interface has a private IP address, external NAT device must be configured with one-to-one NAT (Static NAT) without Port Address Translation (PAT).

End-to-end SASE provided by Cisco Catalyst WAN Edge and Cloudflare

Figure 2.            

End-to-end SASE provided by Cisco Catalyst WAN Edge and Cloudflare

“IT leaders are facing increasing operational challenges with hybrid work and multicloud becoming the norm. Our partnership with Cloudflare offers customers more options to modernize their WAN while enabling advanced cloud-native security controls to keep their users, apps and data safe, and reducing their attack surface at the same time”.

JP Shukla

Director, Product Management, Cisco

About Cloudflare

Cloudflare is a global cloud platform that delivers integrated security, performance, and reliability for applications and teams. Cloudflare offers a broad range of network and security products that protect and accelerate applications, networks, and employees and contractors — all delivered from the cloud.

About Cisco

Cisco is the worldwide leader in technology that powers the internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future.

Try it now

Take the first step in modernizing your WAN architecture. Contact us for a free consultation on integrating your Cisco Catalyst SD-WAN with Cloudflare One.

      SDWAN@cisco.com.

      enterprise@cloudflare.com.

 

Learn more