Thunder® Convergent Firewall (CFW)

Advanced Application and Infrastructure Security & Availability

Scalable high-performing firewall, IPsec VPN, secure web gateway, DNS over HTTPS (DoH), and CGNAT with integrated DDoS protection for your networks and customers

Key Benefits of Thunder CFW

5G Security & Scale
  • The ultra-high performance and scale of Thunder CFW enables mobile operators to get ready for the emerging hyperscale demands of 5G and IoT
  • The consolidation of multiple security features ensures protection against 4G/LTE threats as well as emerging 5G security threats
  • The consolidation of functions helps achieve lower network latency as compared to individual point products

Consolidates Services
  • Consolidates data center firewall, IPsec VPN, load balancer and secure web gateway solutions for enterprise deployments
  • Consolidates Gi/SGi firewall, GTP firewall, IPsec VPN, intelligent traffic steering and Carrier Grade NAT (CGNAT) solutions for service providers

Increases ROI
  • Reduces both CAPEX and OPEX by consolidating functions that typically require deployment of multiple, disparate point products
  • Enables service providers to rapidly provision and deliver new revenue-generating services

Key Features of Thunder CFW

DNS over HTTPS (DoH)

  • Leverage DNS security capabilities to protect infrastructure from several DNS attack sources
  • Keep existing DNS components unchanged, and ensure secure connectivity and protocol translation
  • Maintain high performance and scale of high volume DNS over HTTPS (DoH) traffic with providing industry-leading DNS Queries per second (QPS)

Gi/SGi Firewall

  • Comprehensively protect mobile infrastructure with a consolidated carrier-class Gi/SGi firewall, CGNAT, application visibility and control, and integrated DDoS protection solution on a single platform
  • The Gi/SGi firewall is an ultra-high performance and hyperscale firewall with a rich set of features to protect subscribers and shield mobile network services
  • Protect investments in existing IPv4-based infrastructure with CGNAT while transitioning to IPv6 with a comprehensive set of IPv6 transition technologies
  • The built-in GTP firewall enables the telecom operators to protect the mobile core infrastructure against threats in GTP and SCTP traffic
Intelligent Traffic Steering

Intelligent Traffic Steering

  • Route traffic only through selected value-added services that a user has subscribed to, thereby optimizing the utilization of resources
  • Traffic can be steered through different services based on user ID, application ID and other attributes such as radio access type (RAT), IMSI etc.

Secure Web Gateway

  • Gain full control and visibility of your traffic with the flexibility to deploy as an explicit or transparent proxy
  • Reduce risks and gain granular user-level control with subscriptions to URL filtering, application visibility and control and threat intelligence
  • Ensure compliance with privacy standards using multi-layered security services and high-speed logging for SIEM integration
  • Leverage SSL Insight technology to decrypt outbound SSL traffic, enabling the “Secure Decrypt Zone” to inspect traffic in clear-text and prevent data exfiltration by integrating with leading security solutions

Data Center Firewall

  • Eliminate traditional performance bottlenecks while protecting your data center assets with hundreds of Gbps of firewall throughput along with hundreds of millions of concurrent sessions
  • Consolidate security and application delivery controller functionality in one solution to reduce CAPEX and OPEX
  • Enable multi-tenant environments with A10 Networks’ Application Delivery Partitions (ADPs)


  • Securely interconnect remote sites over the internet using high-performance, hardware-based IPsec cryptography
  • Securely connect cell towers and central sites in a service provider infrastructure
  • Improve agility and reduce data center footprint and operating costs through consolidation of firewall and IPsec VPN capabilities in a single platform

Analytics and Management

  • Gain real-time, actionable insights into application and network service statistics with A10 Harmony Controller for faster troubleshooting
  • Manage multi-site deployments from a central location
  • Simplify management and configuration with on-box AppCentric Templates (ACTs)
Case Study

Tier-1 Cable Provider Protects Subscriber Privacy with Encrypted DNS at Scale with A10 Networks Thunder CFW

As the use of encrypted DNS grows, this cable operator can assure subscriber privacy and security without sacrificing performance or impacting the user experience. The company deployed encrypted DNS protocol, DNS over HTTPS (DoH) with Thunder CFW.

Download Case Study

Additional Options

Additional services, products, solutions in which you may be interested.

How to Buy

Harmony Controller
  • Gain comprehensive, real-time and actionable insights with application-level visibility
  • Simplify operations and increase agility
  • Centrally-manage deployment and security policy implementation

Subscriptions for Enterprises
  • Web categorization for:
    – URL filtering
    – Selective bypass
    -Threat investigator
  • Application visibility and control
  • Threat intelligence

Subscriptions for Service Providers
  • Application visibility and control to granularly identify and categorize application traffic
  • Threat intelligence to identify and block malicious IP addresses on the internet
Related Product

Centralized Analytics & Actionable Insights

The Harmony™ Controller delivers centralized management and per-app analytics for different applications. The extensible nature of the platform enables on-demand installation of Harmony apps to better focus on the specific use cases of traffic visibility, security analytics and connected Intelligence.

Centrally Manage Your Apps