Description Text 

Managing multiple DDoS appliances can be challenging. Administrators must swiftly detect and defeat DDoS attacks – often in diverse geographic locations.

  • A10 aGalaxy streamlines DDoS monitoring and management for as many as 20 Thunder TPS appliances.
  • It allows you to consolidate all management tasks into a single pane of glass making it simple to apply consistent policies across all your DDoS devices.
  • Security administrators can view a dashboard of DDoS attacks in real time. With a wide variety policies and thresholds at your fingertips, regulate traffic and block suspicious activity with fine granularly.
  • Apply any of the advanced Thunder TPS features through mitigation templates. Create custom countermeasures instantly. Within seconds of applying policies, verify whether policies mitigated the attack and adjust countermeasures, as needed.


Save Money

Save Money

Streamline operations and lower IT costs for deployments across geographic locations.
Save Time

Save Time

Diagnose and resolve DDoS-based problems before they impact users.
Reduce Risk

Reduce Risk

Ensure DDoS response policies are consistently enforced.
Be Agile

Be Agile

Quickly provision changes and easily roll back configurations.

Key Features of DDoS Management From A10

#1 Intelligent Automation

Description Text 
  • Fully automated DDoS attack detection and mitigation
  • When attack is detected, Thunder TPS is instructed to apply mitigation and initiate a BGP route change of the suspicious traffic
  • Centrally manage aFleX® scripts and operations for backups, upgrades and restoration.
  • Learning mode during peacetime and build a profile of nominal behavior.
  • JSON-based REST API controls Thunder TPS
  • 100 percent API coverage for SecOps, on-box GUI, CLI, or to manage all your TPS devices



#2 Integration

Description Text 
  • Deploy security policies to all of your Thunder TPS devices simultaneously from the dashboard or using the REST API
  • DDoS attack incident created in real-time using REST API
  • Integrates with third-party DDoS attack detection systems (e.g., protocol anomalies, sudden surge in traffic, large numbers of requests from known bots).
  • Role-based access control management and external authentication policies that support RADIUS and TACACS+ 
  • 17 flow data indictors to spot anomalous behavior for inbound or bi-directional traffic

#3 Single Pane of Glass

Description Text 
  • Audit logs for network availability, usage, performance, inventory, history and logins
  • View active incidents against protected objects and zone services in real-time.
  • Live visualization and geolocation tracking of attacks
  • Apply all advanced Thunder TPS features through mitigation templates or instantly create custom countermeasures
  • Run health checks, upgrade software, manage SSL certificates, reboot/shutdown, and backup/restore configuration files for all of your appliances managed devices


#4 Event Management and Reporting

Description Text 
  • Variety of summaries, detailed incident reports and real-time dashboards
  • Track security events, identify attack trends and address compliance risk
  • Rich set of reports that illustrate overall traffic and blocked attacks by protocol
  • Reports can be saved as PDF or exported to CSV
  • Customizable event alerts/alarms, send email reports
  • Centralized packet capture from all managed Thunder TPS
  • On-demand and scheduled reports



Reactive mode leverages the flow data available from edge routers and switches and analyze meta data to detect anomalies.

This on-demand mitigation works well for most networks. aGalaxy orchestrates globally deployed devices for any network configuration. This eliminates the need for additional diversion and re-injection routers.



Proactive mode delivers the highest resolution detection capabilities. Detection uses an inline tool with 100 percent visibility of all packets. This offers the fastest mitigation.

This always-on mode is most useful for real-time environments where user experience is critical such as with voice, video and gaming.


DDoS Defense Deployments: Proactive vs. Reactive


Hardware Model

  • Manage 20 Thunder TPS devices, 12 if using built-in detector
  • 4x 1GE Copper + 4x 10GE SFP+
  • 2 x Intel Xeon 10-core CPUs
  • 2U Formfactor

Software Virtual Model

  • Manage 4 Thunder TPS devices
  • 250 Protected Zones
  • VMware ESXi 5.0 or higher
  • KVM version 0.14 or higher

Specifications for aGalaxy DDoS Management System


GET DDOS Monitoring and Defense Management

Add DDoS Defense Management to your Thunder TPS

Learn more about better managing your DDoS defenses. Sign up for a consultation.


Speak with an A10 expert about protecting yourself from the next DDoS attack.