HTML/CSS 

DEPLOYMENT MODELS

HTML/CSS 

Features & Benefits

Hardware Firewall, VPN & Secure Web Gateway
HIGH-PERFORMANCE<br>STATEFUL FIREWALL

HIGH-PERFORMANCE
STATEFUL FIREWALL

Delivers up to 220 Gbps of throughput and supports up to 256 million concurrent sessions in a one rack-unit (RU) appliance.
EFFECTIVE POLICY<br>ENFORCEMENT

EFFECTIVE POLICY
ENFORCEMENT

Up to 128,000 firewall rules enable granular and flexible policies to filter and monitor incoming connections and traffic.
INTEGRATED<br>SITE-TO-SITE VPN

INTEGRATED
SITE-TO-SITE VPN

Encrypt communication between data centers with IPsec VPN to ensure data privacy and security.
BUILT-IN<br>DDOS PROTECTION

BUILT-IN
DDOS PROTECTION

FPGA-based Flexible Traffic Acceleration (FTA) mitigates common anomaly attacks before burdening CPUs for DCFW functionality.
ADVANCED SERVER<br>LOAD BALANCING

ADVANCED SERVER
LOAD BALANCING

Reduce footptrint and CAPEX/OPEX by combining DCFW with application delivery, NAT and IPsec features in a single appliance.
FLEXIBLE<br>DEPLOYMENT OPTIONS

FLEXIBLE
DEPLOYMENT OPTIONS

Support traditional north-south and east-west traffic for both IPv4 and IPv6 networks with high-availability (HA) mode.
LOGGING<br>AND COMPLIANCE

LOGGING
AND COMPLIANCE

High-speed logging for all session activities in CEF format and per-rule statistics for SIEM integration.
HIGH-SCALE<br>MULTI-TENANCY

HIGH-SCALE
MULTI-TENANCY

Define unique policies by service, application or tenant to efficiently scale data center security.
SITE-TO-SITE VPN

SITE-TO-SITE VPN

Securely interconnect remote sites and private/public clouds using high-performance, hardware-based IPsec cryptography.
SCALE AND PERFORMANCE

SCALE AND PERFORMANCE

Support up to 20,000 IPsec VPN tunnels and 80 Gbps of throughput in a one rack-unit (RU) appliance.
BOOST VPN CAPACITY

BOOST VPN CAPACITY

ECMP with BGP load balances traffic across multiple paths to boost VPN capacity. BFD enables fast-path failure detection and route convergence.
HIGH AVAILABILITY

HIGH AVAILABILITY

Dead Peer Detection (DPD) for rapid tunnel failover ensures service availability.
STATEFUL FIREWALL

STATEFUL FIREWALL

Stateful L4 firewall protects control plane and data plane communications in the mobile network.
CARRIER-GRADE NAT

CARRIER-GRADE NAT

CGNAT scales networks to overcome IPv4 exhaustion with NAT44(4) and ALGs to support network growth and a seamless user experience.
IPv6 TRANSITION

IPv6 TRANSITION

Support complete IPv6 transition lifecycle to seamlessly migrate to IPv6 with translation, tunneling and interplay between IPv4 and IPv6.
DDOS PROTECTION<br>FOR NAT IP POOLS

DDOS PROTECTION
FOR NAT IP POOLS

Protect mobile core infrastructure and subscribers from destructive DDoS attacks.
IP ANOMALY DETECTION

IP ANOMALY DETECTION

Check for over 30 IP packet anomalies or combine anomaly detections with IP blacklists for granular attack mitigation.
CONNECTION-RATE LIMITING

CONNECTION-RATE LIMITING

Detect and block attack traffic using IP-based connection-rate limiting and system-wide connection limits.
APPLICATION LAYER<br>GATEWAY SUPPORT

APPLICATION LAYER
GATEWAY SUPPORT

Integrated application layer gateways (ALG) ensure applications remain addressable and operate transparently through address translation.
IPSEC FOR MOBILE BACKHAUL

IPSEC FOR MOBILE BACKHAUL

Prevent eavesdropping, authenticate eNodeBs, protect data integrity and secure communications over wireless and Wi-Fi networks.
DECRYPT ACROSS PORTS<br>AND PROTOCOLS

DECRYPT ACROSS PORTS
AND PROTOCOLS

Decrypt traffic across all standard TCP ports and advanced protocols like SSH, STARTTLS, XMPP, SMTP and POP3.
FULL-PROXY ARCHITECTURE

FULL-PROXY ARCHITECTURE

As a full proxy, ciphers can be re-negotiated to ciphers of similar strength to prepare for future ciphers or TLS versions.
ICAP-COMPATIBLE

ICAP-COMPATIBLE

Acting as an ICAP client, Thunder SSLi passes traffic to a network’s existing DLP systems without extra solutions.
FIPS 140-2 LEVEL 3 COMPLIANCE

FIPS 140-2 LEVEL 3 COMPLIANCE

The only SSL decryption solution that supports up to four internal HSMs, and multiple external HSMs, to secure private keys.
URL BYPASSING

URL BYPASSING

Selectively bypass traffic decryption to enforce privacy policies using a list of over 460 million domains.
URL CATEGORIZATION

URL CATEGORIZATION

Categorizes over 460 million domains to maximize employee productivity and security by blocking malicious websites as well as to selectively bypass decryption for compliance.
LOAD BALANCING AND STEERING

LOAD BALANCING AND STEERING

Increase security capacity by load-balancing multiple security devices and selective traffic steering based on fine-grained policies.
APPCENTRIC TEMPLATES

APPCENTRIC TEMPLATES

Reduce deployment times and simplify configuration, management and troubleshooting with AppCentric Templates.
DATA CENTER FIREWALL
IPSEC VPN
GI/SGI FIREWALL
SECURE WEB GATEWAY

DEPLOYMENT SCENARIOS

UNIFIED CAPABILITIES

Description Text 

By unifying firewall and application delivery controller (ADC) capabilities, organizations are able to load-balance traffic and protect the data center, services and related applications from DDoS attacks and other threats. Global communication between various data centers is encrypted with an IPsec virtual private network (VPN).

 

 

MOBILE SERVICE PROVIDER USING GI/SGI FIREWALL

Description Text 

Deploy Gi/SGi Firewall on the Gi/SGi interface to secure communication between the evolved packet core (EPC) and the internet to protect the mobile core infrastructure. Integrated carrier-grade NAT enables carriers to manage communication with both IPv4 and IPv6 address protocols. Built-in DDoS protection safeguards the NAT IP pools to avoid service interruption.

 

 

SECURE WEB GATEWAY PROTECTS THE ENTERPRISE PERIMETER

Description Text 

Deploy Thunder CFW, with integrated SSL Insight technology, to decrypt traffic for a variety of security products, including inline, non-inline (passive/TAP) and ICAP-enabled devices.

 

DATA CENTER FIREWALL 
& IPSEC VPN
GI/SGI FIREWALL
SECURE WEB GATEWAY

SECURITY CERTIFICATIONS

The complete line of carrier-grade A10 Thunder CFW products has been independently certified by ICSA Labs, which tests firewalls against the Modular Firewall Product Certification Criteria (Version 4.2).

Thunder CFW is a logical extension of A10’s security strategy. It takes A10’s SSL Insight into new realms, allowing customers to increase employee productivity and reduce risk with URL filtering and threat intelligence. It should draw consideration from a wide range of A10 customers, including service providers, cloud providers, and large enterprises.”

SCHEDULE A DEMO

SCHEDULE A DEMO

Ready for a first-hand demonstration of A10 Thunder CFW?
Sign up for your one-on-one session.