Description Text 

Managing multiple DDoS appliances can be challenging. Administrators must swiftly detect and defeat DDoS attacks – often in diverse geographic locations.

  • One-DDoS Protection - Thunder ADC, CGN, and CFW work in concert with Thunder TPS’ edge flow-based detection and centralized mitigation to enable service providers to achieve full spectrum DDoS protection.
  • aGalaxy streamlines DDoS monitoring and management for as many as 20 Thunder TPS appliances.
  • It allows you to consolidate all management tasks into a single pane of glass making it simple to apply consistent policies across all your DDoS devices.
  • Security administrators can view a dashboard of DDoS attacks in real time. With a wide variety policies and thresholds at your fingertips, regulate traffic and block suspicious activity with fine granularly.
  • Apply any of the advanced Thunder TPS features through mitigation templates. Create custom countermeasures instantly. Within seconds of applying policies, verify whether policies mitigated the attack and adjust countermeasures, as needed.


Save Money

Save Money

Streamline operations and lower IT costs for deployments across geographic locations.
Save Time

Save Time

Diagnose and resolve DDoS-based problems before they impact users.
Reduce Risk

Reduce Risk

Ensure DDoS response policies are consistently enforced.
Be Agile

Be Agile

Quickly provision changes and easily roll back configurations.

Key Features of DDoS Management

#1 Intelligent Automation

Description Text 
  • Automated service discovery - eliminate cumbersome manual provisioning
  • Always-on adaptive learning - continuous machine learning provides real-time adaptive traffic learning
  • Proactive Dynamic Attack Pattern Recognition (DAPR) - automatic attack learning to thwart zero-day attacks
  • Progressive five-level mitigation escalation - apply the right level of mitigation to prevent collateral damage against users
  • 100 percent REST API coverage for SecOps, on-box GUI, CLI, or to manage all your TPS devices



#2 Integration

Description Text 
  • One-DDoS Protection - full spectrum protection with distributed detection across key networks elements Thunder ADC, CGN, CFW, and TPS detector
  • Integrates with third-party DDoS attack detection systems (e.g., protocol anomalies, sudden surge in traffic, large numbers of requests from known bots)
  • 100 percent REST API coverage for SecOps, on-box GUI, CLI, or to manage all your TPS devices
  • Role-based access control management and external authentication policies that support RADIUS and TACACS+

#3 Single Pane of Glass

Description Text 
  • Deploy security policies to all of your Thunder TPS devices
  • Audit logs for network availability, usage, performance, inventory, history and logins
  • View active incidents against protected objects and zone services in real-time
  • Live visualization and geolocation tracking of attacks
  • Apply all advanced Thunder TPS features through mitigation templates or instantly create custom countermeasures
  • Run health checks, upgrade software, manage SSL certificates, reboot/shutdown, and backup/restore configuration files


#4 Event Management and Reporting

Description Text 
  • Variety of summaries, detailed incident reports and real-time dashboards
  • Track security events, identify attack trends and address compliance risk
  • Rich set of reports that illustrate overall traffic and blocked attacks by protocol
  • Reports can be saved as PDF or exported to CSV
  • Customizable event alerts/alarms, send email reports
  • Centralized packet capture from all managed Thunder TPS
  • On-demand and scheduled reports



Reactive mode leverages the flow data available from edge routers and switches and analyze meta data to detect anomalies.

This on-demand mitigation works well for most networks. aGalaxy orchestrates globally deployed devices for any network configuration. This eliminates the need for additional diversion and re-injection routers.



Proactive mode delivers the highest resolution detection capabilities. Detection uses an inline tool with 100 percent visibility of all packets. This offers the fastest mitigation.

This always-on mode is most useful for real-time environments where user experience is critical such as with voice, video and gaming.


DDoS Defense Deployments: Proactive vs. Reactive


Hardware Model

  • Manage 20 Thunder TPS devices, 12 if using built-in detector
  • 4x 1GE Copper + 4x 10GE SFP+
  • 2x Intel Xeon 10-core CPUs
  • 2U form factor

Software Virtual Model

  • Manage 4 Thunder TPS devices
  • 250 Protected Zones
  • VMware ESXi 5.0 or higher
  • KVM version 0.14 or higher

Specifications for aGalaxy DDoS Management System


GET DDOS Monitoring and Defense Management

Add DDoS Defense Management to your Thunder TPS

Learn more about better managing your DDoS defenses. Sign up for a consultation.


Speak with an expert about protecting yourself from the next DDoS attack.