FORM FACTORS

Physical
Virtual

Features & Benefits

HIGH-PERFORMANCE
STATEFUL FIREWALL

Delivers up to 220 Gbps of throughput and supports up to 256 million concurrent sessions in a one rack-unit (RU) appliance.

EFFECTIVE POLICY
ENFORCEMENT

Up to 128,000 firewall rules enable granular and flexible policies to filter and monitor incoming connections and traffic.

INTEGRATED
SITE-TO-SITE VPN

Encrypt communication between data centers with IPsec VPN to ensure data privacy and security.

BUILT-IN
DDOS PROTECTION

FPGA-based Flexible Traffic Acceleration (FTA) mitigates common anomaly attacks before burdening CPUs for DCFW functionality.

ADVANCED SERVER
LOAD BALANCING

Reduce footptrint and CAPEX/OPEX by combining DCFW with application delivery, NAT and IPsec features in a single appliance.

FLEXIBLE
DEPLOYMENT OPTIONS

Support traditional north-south and east-west traffic for both IPv4 and IPv6 networks with high-availability (HA) mode.

LOGGING
AND COMPLIANCE

High-speed logging for all session activities in CEF format and per-rule statistics for SIEM integration.

HIGH-SCALE
MULTI-TENANCY

Define unique policies by service, application or tenant to efficiently scale data center security.

SITE-TO-SITE VPN

Securely interconnect remote sites and private/public clouds using high-performance, hardware-based IPsec cryptography.

SCALE AND PERFORMANCE

Support up to 20,000 IPsec VPN tunnels and 80 Gbps of throughput in a one rack-unit (RU) appliance.

BOOST VPN CAPACITY

ECMP with BGP load balances traffic across multiple paths to boost VPN capacity. BFD enables fast-path failure detection and route convergence.

HIGH AVAILABILITY

Dead Peer Detection (DPD) for rapid tunnel failover ensures service availability.

STATEFUL FIREWALL

Stateful L4 firewall protects control plane and data plane communications in the mobile network.

CARRIER-GRADE NAT

CGNAT scales networks to overcome IPv4 exhaustion with NAT44(4) and ALGs to support network growth and a seamless user experience.

IPv6 TRANSITION

Support complete IPv6 transition lifecycle to seamlessly migrate to IPv6 with translation, tunneling and interplay between IPv4 and IPv6.

DDOS PROTECTION
FOR NAT IP POOLS

Protect mobile core infrastructure and subscribers from destructive DDoS attacks.

IP ANOMALY DETECTION

Check for over 30 IP packet anomalies or combine anomaly detections with IP blacklists for granular attack mitigation.

CONNECTION-RATE LIMITING

Detect and block attack traffic using IP-based connection-rate limiting and system-wide connection limits.

APPLICATION LAYER
GATEWAY SUPPORT

Integrated application layer gateways (ALG) ensure applications remain addressable and operate transparently through address translation.

IPSEC FOR MOBILE BACKHAUL

Prevent eavesdropping, authenticate eNodeBs, protect data integrity and secure communications over wireless and Wi-Fi networks.

DECRYPT ACROSS PORTS
AND PROTOCOLS

Decrypt traffic across all standard TCP ports and advanced protocols like SSH, STARTTLS, XMPP, SMTP and POP3.

FULL-PROXY ARCHITECTURE

As a full proxy, ciphers can be re-negotiated to ciphers of similar strength to prepare for future ciphers or TLS versions.

ICAP-COMPATIBLE

Acting as an ICAP client, Thunder SSLi passes traffic to a network’s existing DLP systems without extra solutions.

FIPS 140-2 LEVEL 3 COMPLIANCE

The only SSL decryption solution that supports up to four internal HSMs, and multiple external HSMs, to secure private keys.

URL BYPASSING

Selectively bypass traffic decryption to enforce privacy policies using a list of over 460 million domains.

URL FILTERING

Maximize employee productivity and reduce risk by blocking non-business and malicious websites, including malware and phishing sources.

LOAD BALANCING AND STEERING

Increase security capacity by load-balancing multiple security devices and selective traffic steering based on fine-grained policies.

APPCENTRIC TEMPLATES

Reduce deployment times and simplify configuration, management and troubleshooting with AppCentric Templates.
DATA CENTER FIREWALL
IPSEC VPN
GI/SGI FIREWALL
SECURE WEB GATEWAY

DEPLOYMENT SCENARIOS

UNIFIED CAPABILITIES

By unifying firewall and application delivery controller (ADC) capabilities, organizations are able to load-balance traffic and protect the data center, services and related applications from DDoS attacks and other threats. Global communication between various data centers is encrypted with an IPsec virtual private network (VPN).    

MOBILE SERVICE PROVIDER USING GI/SGI FIREWALL

Deploy Gi/SGi Firewall on the Gi/SGi interface to secure communication between the evolved packet core (EPC) and the internet to protect the mobile core infrastructure. Integrated carrier-grade NAT enables carriers to manage communication with both IPv4 and IPv6 address protocols. Built-in DDoS protection safeguards the NAT IP pools to avoid service interruption.    

SECURE WEB GATEWAY PROTECTS THE ENTERPRISE PERIMETER

Deploy Thunder CFW, with integrated SSL Insight technology, to decrypt traffic for a variety of security products, including inline, non-inline (passive/TAP) and ICAP-enabled devices.  

DATA CENTER FIREWALL 
& IPSEC VPN
GI/SGI FIREWALL
SECURE WEB GATEWAY

SECURITY CERTIFICATIONS

The complete line of carrier-grade A10 Thunder CFW products has been independently certified by ICSA Labs, which tests firewalls against the Modular Firewall Product Certification Criteria (Version 4.2).

HELPFUL RESOURCES

Deployment Guides
A10 Thunder CFW IPsec VPN Interoperability with Azure VPN Gateways
Solution Briefs
Data Center DDoS Protection
Solution Briefs
Gi/SGi Firewall Protection for Mobile Networks
Solution Briefs
Secure Web Gateway with SSL Insight
Data Sheets
Thunder CFW High-Performance Versatile Firewall
Tech Specs
Thunder CFW High-Performance Versatile Firewall Model Comparisons
Solution Briefs
Thunder CFW IPsec site-to-site VPN

Thunder CFW is a logical extension of A10’s security strategy. It takes A10’s SSL Insight into new realms, allowing customers to increase employee productivity and reduce risk with URL filtering and threat intelligence. It should draw consideration from a wide range of A10 customers, including service providers, cloud providers, and large enterprises.”