Set up Private Network Load Balancing with Magic WAN
Consider the following steps to learn how to configure Private Network Load Balancing solution, using Magic WAN as the on-ramp and off-ramp to securely connect to your private or internal services. This is currently an API only feature.
- 
Create and configure virtual networks using either the Cloudflare UI or the Cloudflare API. 
- 
Set your virtual network as the default. Your load balancer will use the defaultvirtual network. In the API, specify the default virtual network by settingis_default_network = true.
- 
Retrieve the ID of the virtual network you created. To get the VNET ID, send a GETrequest to the following API endpoint:
https://api.cloudflare.com/client/v4/accounts/{account_id}/teamnet/virtual_networks?is_default=trueThe VNET ID value will be used to ensure that your load balancer is properly integrated with the specified virtual network.
- 
Once you have your VNets configured, you need to make sure that the pools you will be using with your load balancer are configured with the default VNet value in the Virtual Network field. 
- 
Next, create an Account Load Balancer by sending a POSTrequest to the following API endpoint. The request body should be structured similarly to a Zone Load Balancer. Refer to the Cloudflare API documentation for details on the required fields and their formats. Make sure that the pools you are using in your load balancer have the default VNET configured (previous step).
https://api.cloudflare.com/client/v4/accounts/{account_id}/load_balancersTo retrieve a list of all created Account Load Balancers, send a GET request to the same endpoint.
- The tunnel_idparameter of the created Load Balancer is necessary for subsequent requests, so make sure to save thetunnel_idwhen you receive it in the response of thePOSTrequest. You can also retrieve thetunnel_idfrom theGETrequest if you need it for future operations.
To access the new load balancer, you need to create a tunnel route. This will be done automatically for you, but in case you would need to create one yourself or add an additional one, you need to:
- 
Use the tunnel_idof the Account Load Balancer, retrieved in the previous step. By using thetunnel_idof the Account Load Balancer and assigning a private network IP we are making the Load Balancer available at that IP address on the associated virtual network.
- 
To create a route for your Load Balancer, send a POSTrequest to following endpoint with this sample body:
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/teamnet/routes \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{"comment": "Example comment - account load balancing",  "network": "<PRIVATE_IP/CIDR_MASK>,  "tunnel_id": "<TUNNEL_ID>"}'After completing these steps, the load balancer should be deployed with the selected private IP address and available to traffic on the same virtual network.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark