Datasheet

THUNDER CFW
High-Performance Versatile Firewall

Supported Platforms_____________ The A10 Thunder Convergent Firewall (CFW) is a standalone security product, built on
A10 Networks Advanced Core Operating System (ACOS®) platform. Thunder CFW is
the first converged security solution for service providers, cloud providers and large
enterprises that includes:
Thunder CFW • A powerful Secure Web Gateway that combines URL filtering, A10’s SSL Insight
physical appliance
technology, and explicit proxy to increase security efficacy by decrypting SSL
traffic at high speed and restricting access to undesirable websites.
• A high-performance Data Center Firewall with an integrated Layer 4 firewall, DDoS
aGalaxy
protection, and server load balancing. By uniting application delivery control and
centralized management
security on a single platform, Thunder CFW lowers hardware and operating costs.
• A scalable Gi/SGi Firewall with integrated DDoS protection and Carrier Grade
Networking (CGN) for mobile carriers. The Gi/SGi Firewall protects mobile
infrastructure with advanced policy enforcement.
Overview_________________________ • High-speed site-to-site IPsec VPN that enables enterprises and service providers
to encrypt data at a massive scale and in the cloud.
A10 Networks® Thunder® Convergent
With its data center efficient design and compact form factor, Thunder CFW provides
Firewall (CFW) is a high-performance,
an integrated security and application networking solution that minimizes rack space,
all-inclusive and flexible security power consumption and cooling costs.
solution featuring a Secure Web
Thunder CFW also leverages the A10 Harmony™ architecture to provide open and
Gateway, Data Center Firewall, Gi/SGi
standards-based programmability, which offers rapid integration with management and
Firewall and site-to-site IPsec VPN
orchestration systems, consistent policy enforcement and telemetry. The A10 Networks
for enterprises and service providers.
aGalaxy® Centralized Management System delivers everything that organizations need to
Thunder CFW uncovers threats in SSL configure, monitor and troubleshoot all A10 Thunder solutions, including Thunder CFW.
traffic and blocks access to malicious
websites at the enterprise perimeter. Features and Benefits
It also protects high-value assets in Whether you are an enterprise, service provider or mobile carrier, A10 Thunder CFW
the data center from network and offers the performance and the versatility you need to safeguard your applications, your
Distributed Denial of Service (DDoS) users and your infrastructure.
attacks. A10 Thunder CFW offers the
Secure Web Gateway
performance and the versatility you
Decrypt SSL once and inspect multiple times: Thunder CFW enables security devices
need to safeguard your applications,
to inspect encrypted traffic, eliminating the SSL blind spot in corporate defenses.
your users and your infrastructure. Leveraging SSL Insight technology, Thunder CFW decrypts SSL traffic and forwards it
to third-party security devices for inspection. With the Thunder CFW, organizations can
make their security infrastructure effective again.

Prevent data exfiltration and enforce compliance: Thunder CFW allows seamless
integration with third-party Data Loss Prevention (DLP) solutions via the industry standard
ICAP. Thunder CFW can send decrypted traffic to DLP servers for inspection before

1
forwarding intercepted traffic to a client or a server. According to The Thunder CFW includes integrated Carrier Grade NAT
inspection results from DLP servers, Thunder CFW enforces a policy functionality to allow mobile carriers to preserve their investment
by either permitting or denying traffic to prevent data leaks and in IPv4-based infrastructure. Also included are various IPv6
harmful infection. transition technologies, such as NAT64/DNS64, to assist in
providing a smooth transition to IPv6 networking and seamless
Gain superior URL classification coverage: Thunder CFW provides
subscriber access to resources regardless of the type of IP
an optional URL filtering service that maximizes employee
version used. Integrated application layer gateways (ALGs) ensure
productivity and mitigates web-based threats. Thunder CFW can
that applications remain addressable and operate transparently
monitor or block access to malicious websites, including malware,
through address translation. By including IPv4 preservation and
spam and phishing sites. The A10 URL Classification Service,
IPv6 migration support in the multi-functional Thunder CFW,
powered by Webroot, categorizes over 460 million domains and
operational tasks are greatly simplified.
13 billion URLs into 83 categories, enabling organizations to block
desirable sites and shield their users from online threats. To protect mobile infrastructure, the Thunder CFW Gi/SGi Firewall
provides granular control over network resources, allowing mobile
Extend the life of security infrastructure: Thunder CFW, with
carriers to block network attacks and unauthorized access. It delivers
integrated load balancing, enables organizations to maximize
a stateful firewall with a rich set of features to protect subscribers,
uptime and increase the capacity of their security infrastructure.
along with shielding the LTE data and control plane services from
It also unburdens firewalls and other security devices from
multiple types of threats. The Thunder CFW can also secure its own
computationally intensive tasks like SSL decryption and ICAP
resources, such as Network Address Translation (NAT) pools, to
support, enabling those devices to do what they do best – detect
ensure that its operational functions are not compromised.
and stop attacks.
Site-to-Site IPsec VPN
Data Center Firewall
Encrypt data at unparalleled speeds: Thunder CFW enables
Achieve unprecedented firewall performance: Powered by A10’s
enterprises and service providers to build out large-scale VPN
Advanced Core Operating System (ACOS), Thunder CFW provides
deployments. By supporting thousands of VPN tunnels per
high performance in a compact appliance, allowing organizations
Thunder CFW platform and a broad array of encryption algorithms
to stop emerging threats at scale. Combining a Shared Memory
and data integrity methods, organizations can deploy Thunder
Architecture and Flexible Traffic Accelerator (FTA) technology, the
CFW alongside their existing VPN equipment or build out new VPN
Data Center Firewall offers ultra-high throughput and unmatched
networks with Thunder CFW appliances.
connection rates, eliminating traditional performance bottlenecks
while protecting data center assets. Consolidate IPsec VPN, firewall and application delivery: Thunder
CFW combines Data Center Firewall, Gi/SGi Firewall and IPsec VPN
Lower OPEX and CAPEX: Consolidating multiple services on
on a single platform. Whether used with the Data Center Firewall
one platform reduces the number of appliances that need to be
to support secure interconnectivity between data centers or to
purchased and cuts power, space and cooling costs. Thunder CFW’s
support high-speed VPN connections in the cloud, Thunder CFW
Data Center Firewall takes unification further by converging not
provides a comprehensive networking and security platform that
just security but also networking and application delivery features,
reduces customers’ data center footprint and operating costs.
empowering organizations to eliminate single-purpose devices from
their data centers and reduce hardware and operating costs. Management
Protect multi-tenant environments: Thunder CFW leverages the Comprehensive and scalable management: Thunder CFW
A10 Harmony architecture to deliver completely programmable devices feature an array of options to simplify and automate
security for the data center. A10 Harmony unifies policy control, management tasks that reduce administrative costs and ensure
offers unprecedented telemetry and provides 100% RESTful API that complex tasks can be done accurately the first time. To
coverage. Thunder CFW also supports multi-tenancy features like complement our industry-standard CLI and Web GUI, our RESTful
Application Delivery Partitions (ADPs) for segmentation. API with 100% coverage offers rapid integration with third-party
management consoles to efficiently operate one or more Thunder
Gi/SGi Firewall CFW appliances. For larger deployments, our aGalaxy Centralized
Achieve massive scale and multiple functionality in a single Management System ensures that routine tasks can be performed
compact appliance: The Thunder CFW, with an integrated Gi/SGi at scale, across multiple appliances, regardless of physical location.
Firewall, delivers the performance that mobile carriers require to
Thunder CFW supports granular role-based access control,
scale and protect their networks. With the ability to support large
enabling you to create users and groups and grant read-only
session capacity and high connections-per-second rates, the
or read/write privileges for specific partitions or management
Thunder CFW will meet both current and future traffic requirements.
interfaces. To scale load-balancing capacity, A10 Networks aVCS®
Thunder CFW enables mobile carriers to efficiently safeguard their
Virtual Chassis System allows multiple appliances to operate
infrastructure, including the Gateway GPRS Support Node (GGSN)
as one, with a single management point for all appliances in the
and P-Gateway in the Evolved Packet Core (EPC).
virtual chassis.
2
Architecture and Key Components
Mobile Service Provider 2 Gi/SGi FW Data Center 3 DC FW

Web App
v4 v6

DC FW & ADC
DNS
EPC with GGSN and PGW Router

CGN & Gi/SGi FW

IPSec VPN Other Apps

Internet
Secure Web
Enterprise Perimeter 1 Gateway 4 IPSec VPN

ICAP (AV/DLP) Web App

IPSec VPN

ATP NGFW DNS

Internal IPS
Network
SSLi & SWG SSLi & SWG DC FW & ADC Other Apps

Figure 1: Thunder CFW use cases

Product Description -- Select models include switching and routing processors

for high-speed network processing, dedicated security
Thunder CFW Product Line
processors for SSL offload, and lights-out management
Thunder CFW appliances support any deployment need. Each
(LOM) for out-of-band monitoring and management.
Thunder CFW appliance is powered by ACOS software, which
-- Each appliance offers exceptional performance per rack
brings a unique combination of shared memory accuracy and
unit to reduce power consumption costs and ensure a
efficiency, 64-bit scalability and advanced flow processing.
green solution. Coupled with high density 1 GbE, 10 GbE,
Thunder CFW Hardware Appliances: 40 GbE and 100 GbE port options, Thunder CFW meets the
-- The A10 Thunder CFW line of appliances fits all size highest networking bandwidth demands.
networks with entry-level models starting at 5 Gbps and The aGalaxy® Centralized Management System delivers everything
scaling to 220 Gbps in a single, rack-mountable appliance that organizations need to monitor, configure and troubleshoot
to address the most demanding requirements. their Thunder CFW deployment.
-- All models are dual power supply-capable, feature solid-
state drives (SSDs) and use no inaccessible moving parts
for high availability.
-- All models benefit from A10’s Flexible Traffic Accelerator
(FTA) technology, with select models featuring Field
Programmable Gate Arrays (FPGAs) for hardware optimized
FTA processing; this provides highly scalable flow
distribution and DDoS protection capabilities.

3
Thunder CFW Specifications Table
Thunder 840 Thunder 3230(S) Thunder 3430(S)
Data Center Firewall
DCFW Throughput 5 Gbps 25 Gbps 38 Gbps
DCFW Layer 4 CPS 200k 1.4 million 2 million
DCFW Concurrent Sessions 8 million 32 million 64 million
DCFW Rules 8k 16k 32k
Secure Web Gateway*1 | *2
SSLi Throughput (2k key) 0.5 Gbps 3.5 Gbps 5.5 Gbps
SSLi CPS (2k key) 300 12.5k 18k
IPsec VPN *2

IPsec Throughput 1.5 Gbps 15 Gbps 30 Gbps

IPsec Tunnels 50 1k 4k
Network Interface
1 GE Copper 5 0 0
1 GE Fiber (SFP) 0 4 4
1/10 GE Fiber (SFP+) 2 4 4
40 GE Fiber (QSFP+) 0 0 0
Management Interface Yes Yes Yes
Lights Out Management No Yes Yes
Console Port Yes Yes Yes
Solid-state Drive (SSD) Yes Yes Yes
Intel Intel Xeon Intel Xeon
Processor
Communication Processor 4-core 6-core
Memory (ECC RAM) 8 GB 16 GB 32 GB
Hardware Acceleration
64-bit Linear Decoupled Architecture Yes Yes Yes
Flexible Traffic Acceleration Software 1 x FTA-4 FPGA 1 x FTA-4 FPGA
Switching/Routing Software Hybrid*4 Hybrid*4
SSL Security Processor ('S' Models) N/A Dual Dual or Quad
Power Consumption (Typical/Max) *3
57W / 75W 190W / 240W 210W / 260W
Heat in BTU/hour (Typical/Max)*3 195 / 256 648 / 819 717 / 887
Single 150W (AC only) Dual 600W RPS Dual 600W RPS
Power Supply (DC option available)
100 - 240 VAC, 50-60Hz 80 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 Hz
Cooling Fan Single Fixed Fan Hot Swap Smart Fans
1.75 in (H), 17.5 in (W), 1.75 in (H), 17.5 in (W),
Dimensions 1.75 in (H), 17.0 (W), 12 in (D)
17.15 in (D) 17.15 in (D)
Rack Units (Mountable) 1U 1U 1U
Unit Weight 8.8 lbs 23 lbs 23 lbs
Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%
FCC Class A^, UL, CE^, TUV^, CB^, FCC Class A, UL, CE, TUV, CB, FCC Class A, UL, CE, TUV, CB,
Regulatory Certifications VCCI^, China CCC, BSMI^, RCM^ VCCI, China CCC, MSIP, BSMI, VCCI, China CCC, MSIP, BSMI,
| RoHS RCM, NEBS | RoHS RCM, NEBS | RoHS, FIPS 140-2^|+
Standard Warranty 90-day Hardware and Software

*1 SSLi performance are measured in single appliance SSLi deployment. | *2 With maximum SSL | *3 With base model. Number varies by SSL model |
*4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions | ^ Certification in process | + FIPS model must be purchased

4
Thunder CFW Specifications Table (continued)
Thunder 4440(S) Thunder 5330(S) Thunder 5440(S)
Data Center Firewall
DCFW Throughput 70 Gbps 70 Gbps 90 Gbps
DCFW Layer 4 CPS 2.8 million 2.8 million 3.5 million
DCFW Concurrent Sessions 64 million 64 million 128 million
DCFW Rules 32k 32k 64k
Secure Web Gateway*1 | *2
SSLi Throughput (2k key) 8 Gbps 8 Gbps 12.5 Gbps
SSLi CPS (2k key) 22k 24k 28k
IPsec VPN *2

IPsec Throughput 30 Gbps 35 Gbps 35 Gbps

IPsec Tunnels 4k 4k 8k
Network Interface
1 GE Copper 0 0 0
1 GE Fiber (SFP) 0 0 0
1/10 GE Fiber (SFP+) 24 8 24
40 GE Fiber (QSFP+) 4 0 4
Management Interface Yes Yes Yes
Lights Out Management Yes Yes Yes
Console Port Yes Yes Yes
Solid-state Drive (SSD) Yes Yes Yes
Intel Xeon Intel Xeon Intel Xeon
Processor
6-core 10-core 12-core
Memory (ECC RAM) 32 GB 32 GB 64 GB
Hardware Acceleration
64-bit Linear Decoupled Architecture Yes Yes Yes
Flexible Traffic Acceleration 2 x FTA-4 FPGA 1 x FTA-4 FPGA 2 x FTA-4 FPGA
Switching/Routing Hardware Hybrid*4 Hardware
SSL Security Processor ('S' Models) Dual or Quad Dual or Quad Dual or Quad
Power Consumption (Typical/Max) *3
360W / 445W 210W / 260W 360W / 445W
Heat in BTU/hour (Typical/Max)*3 1,229 / 1,519 717 / 887 1,229 / 1,519
Dual 1100W RPS Dual 600W RPS Dual 1100W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 Hz
Cooling Fan Hot Swap Smart Fans
1.75 in (H), 17.5 in (W),
Dimensions 1.75 in (H), 17.5 in (W), 30 in (D) 1.75 in (H), 17.5 in (W), 30 in (D)
17.15 in (D)
Rack Units (Mountable) 1U 1U 1U
Unit Weight 32.5 lbs 23 lbs 32.5 lbs
Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%
FCC Class A^, UL^, CE^, TUV^, FCC Class A, UL, CE, TUV, CB, FCC Class A^, UL^, CE^, TUV^, CB^,
Regulatory Certifications CB^, VCCI^, China CCC, BSMI^, VCCI, China CCC, BSMI, RCM, VCCI^, China CCC, BSMI^, RCM^ |
RCM^ | RoHS NEBS | RoHS RoHS, FIPS 140-2^|+
Standard Warranty 90-day Hardware and Software

*1 SSLi performance are measured in single appliance SSLi deployment. | *2 With maximum SSL | *3 With base model. Number varies by SSL model |
*4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions | ^ Certification in process | + FIPS model must be purchased

5
Thunder CFW Specifications Table (continued)
Thunder 5840(S) Thunder 6440(S) Thunder 7440(S)
Data Center Firewall
DCFW Throughput 100 Gbps 150 Gbps 220 Gbps
DCFW Layer 4 CPS 4.5 million 4.5 million 6.5 million
DCFW Concurrent Sessions 128 million 256 million 256 million
DCFW Rules 64k 128k 128k
Secure Web Gateway*1 | *2
SSLi Throughput (2k key) 17.5 Gbps TBD TBD
SSLi CPS (2k key) 50k TBD TBD
IPsec VPN *2

IPsec Throughput 35 Gbps TBD TBD

IPsec Tunnels 8k 20k 20k
Network Interface
1 GE Copper 0 0 0
1 GE Fiber (SFP) 0 0 0
1/10 GE Fiber (SFP+) 24 48 48
40 GE Fiber (QSFP+) 4 4 4
Management Interface Yes Yes Yes
Lights Out Management Yes Yes Yes
Console Port Yes Yes Yes
Solid-state Drive (SSD) Yes Yes Yes
Intel Xeon Intel Xeon Intel Xeon
Processor
18-core Dual 8-core Dual 18-core
Memory (ECC RAM) 64 GB 128 GB 128 GB
Hardware Acceleration
64-bit Linear Decoupled Architecture Yes Yes Yes
Flexible Traffic Acceleration 2x FTA-4 FPGA 3 x FTA-4 FPGA 3 x FTA-4 FPGA
Switching/Routing Hardware Hardware Hardware
SSL Security Processor ('S' Models) Dual or Quad 2 x Dual 2 x Dual
Power Consumption (Typical/Max) *3
375W / 470W 480W / 550W 690W / 820W
Heat in BTU/hour (Typical/Max)*3 1,280 / 1,604 1,638 / 1,877 2,355 / 2,798
Dual 1100W RPS Dual 1100W RPS Dual 1100W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 Hz
Cooling Fan Hot Swap Smart Fans
Dimensions 1.75 in (H), 17.5 in (W), 30 in (D) 1.75 in (H), 17.5 in (W), 30 in (D) 1.75 in (H), 17.5 in (W), 30 in (D)
Rack Units (Mountable) 1U 1U 1U
Unit Weight 32.5 lbs 36 lbs 36 lbs
Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%
FCC Class A^, UL^, CE^, TUV^, CB^, FCC Class A^, UL^, CE^, TUV^, CB^, FCC Class A^, UL^, CE^, TUV^, CB^,
Regulatory Certifications VCCI^, China CCC, BSMI^, RCM^ VCCI^, China CCC^, BSMI^, RCM^ VCCI^, China CCC^, BSMI^, RCM^ |
| RoHS | RoHS RoHS, FIPS 140-2^|+
Standard Warranty 90-day Hardware and Software

*1 SSLi performance are measured in single appliance SSLi deployment. | *2 With maximum SSL | *3 With base model. Number varies by SSL model |
*4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions | ^ Certification in process | + FIPS model must be purchased

6
Thunder CFW SPE Specifications Table
Thunder 4435(S) SPE Thunder 5435(S) SPE Thunder 6435(S) SPE Thunder 6635(S) SPE
Data Center Firewall
DCFW Throughput 38 Gbps 76 Gbps 140 Gbps 150 Gbps
DCFW Layer 4 CPS 2.7 million 2.8 million 5.5 million 5.5 million
DCFW Concurrent Sessions 128 million 128 million 256 million 256 million
DCFW Rules 64k 64k 128k 128k
Secure Web Gateway*1 | *2
SSLi Throughput (2k key) 8 Gbps 8 Gbps 17.5 Gbps 17.5 Gbps
SSLi CPS (2k key) 22k 22k 50k 50k
IPsec VPN *2

IPsec Throughput 20 Gbps 20 Gbps 70 Gbps 80 Gbps

IPsec Tunnels 6k 6k 20k 20k
Network Interface
1 GE Copper 0 0 0 0
1 GE Fiber (SFP) 0 0 0 0
1/10 GE Fiber (SFP+) 16 16 16 12
40 GE Fiber (QSFP+) 0 4 4 0
100 GE Fiber (CXP) 0 0 0 4
Management Interface Yes Yes Yes Yes
Lights Out Management Yes Yes Yes Yes
Console Port Yes Yes Yes Yes
Solid-state Drive (SSD) Yes Yes Yes Yes
Intel Xeon Intel Xeon Intel Xeon Intel Xeon
Processor
10-core 10-core Dual 12-core Dual 12-core
Memory (ECC RAM) 64 GB 64 GB 128 GB 128 GB
Hardware Acceleration
64-bit Linear Decoupled Architecture Yes Yes Yes Yes
Flexible Traffic Acceleration 1 x FTA-3+ FPGA 2 x FTA-3+ FPGA 4 x FTA-3+ FPGA 4 x FTA-3+ FPGA
Security & Policy Engine Hardware Hardware Hardware Hardware
Switching/Routing Hardware Hardware Hardware Hardware
2 x Dual, 2 x Quad or
SSL Security Processor ('S' Models) Dual Dual Quad
4 x Quad
Power Consumption (Typical/Max)*3 350W / 420W 400W / 480W 620W / 710W 995W / 1,150W
Heat in BTU/hour (Typical/Max) *3
1,195 / 1,433 1,365 / 1,638 2,116 / 2,423 3,395 / 3,924
Dual 1100W RPS Dual 1100W RPS Dual 1100W RPS 2+2 1100W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 Hz
Cooling Fan Hot Swap Smart Fans
1.75 in (H), 17.5 in (W), 1.75 in (H), 17.5 in (W), 1.75 in (H), 17.5 in (W), 5.3 in (H), 16.9 in (W),
Dimensions
30 in (D) 30 in (D) 30 in (D) 28 in (D)
Rack Units (Mountable) 1U 1U 1U 3U
Unit Weight 34.5 lbs 35.5 lbs 39 lbs 74.5 lbs / 78 lbs*2
Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%
FCC Class A, UL, CE, FCC Class A, UL, CE, FCC Class A, UL, CE,
FCC Class A, UL, CE,
TUV, CB, VCCI, China TUV, CB, VCCI, China TUV, CB, VCCI, China
Regulatory Certifications TUV, CB, VCCI, EAC,
CCC, BSMI, RCM, MSIP, CCC, BSMI, RCM, EAC, CCC, BSMI, RCM, EAC,
FAC | RoHS
EAC, NEBS | RoHS NEBS | RoHS NEBS | RoHS
Standard Warranty 90-day Hardware and Software

*1 SSLi performance are measured in single appliance SSLi deployment. | *2 With maximum SSL | *3 With base model. Number varies by SSL model

7
 Thunder 840 Thunder 3230(S) Thunder 3430(S)

Thunder 4440(S) Thunder 5330(S) Thunder 5440(S)

Thunder 5840(S) Thunder 6440(S) Thunder 7440(S)

Thunder4435(S) SPE Thunder 5435(S) SPE Thunder 6435(S) SPE

Thunder 6635(S) SPE

Detailed Feature List* • Authentication relay: Kerberos, form-based, LDAP, WS-

Federation, and Microsoft SharePoint and Outlook Web
Data Center Firewall (DCFW) Access
Firewall: • Extensive logging for audit
• Stateful L4 network firewall ADC:
• Application Layer Gateways (FTP, TFTP, DNS and SIP) • Advanced Layer 4/Layer 7 server load balancing
• Web Application Firewall (WAF) -- Fast HTTP, full HTTP proxy
• DNS Application Firewall (DAF) -- High-performance, template-based L7 switching with
DDoS Protection: header/URL/domain manipulation
• Flood attack protection: SYN cookies, TCP/UDP/ICMP flood -- Comprehensive L7 application persistence support
protection, DNS/HTTP flood protection • Comprehensive load-balancing methods – round-robin,
• Protocol attack protection: Invalid packets, anomalous TCP weighted round-robin (WRR), least connections (LC), fastest
flag combinations, packet size validation (ping of death) response and more
• Resource attack protection: Slowloris, slow POST, and • Comprehensive IPv4/IPv6 support
Sockstress protection, fragmentation • A10 Networks aFleX® TCL-based scripting technology – deep
• Rate limiting: IP-based connection, HTTP, DNS request, DNS packet inspection and transformation for customizable,
query, ICMP rate limiting application-aware switching
Application Access Management (AAM): • Global Server Load Balancing (GSLB)
• Authentication methods: HTTP Basic, NTLM over HTTP, form- • HTTP acceleration: HTTP connection multiplexing (TCP
based, OCSP, TDS SQL Logon and SAML connection reuse), RAM caching, HTTP compression
• Authentication servers: LDAP, Active Directory, RADIUS, OCSP • SSL acceleration: Hardware SSL offload, TLS 1.2 and 4096-
Responder, NTLM, Kerberos, RSA Secure ID, Entrust Identity bit SSL key support, Elliptic Curve Diffie-Hellman Exchange
Guard and SAML Identity Provider (IdP) (ECDHE) and other ECC ciphers

8
Gi/SGi Firewall IPsec tunnel
• Equal Cost Multipath (ECMP) support
Firewall:
• NAT traversal
• Stateful Layer 4 network firewall
• Perfect Forward Secrecy (PFS) support
• ALG protocol support for protocols with dynamic ports
• Life bytes and time rekey
(including SIP, FTP)
• PKI support with Simple Certificate Enrollment Protocol
DDoS Protection:
(SCEP), Online Certificate Status Protocol (OCSP) and
• Integrated DDoS protection for NAT pools
certificate revocation list (CRL) distribution points
• IP anomaly detection
A10 Threat Intelligence Service**
IPv4 Preservation (CGNAT):
• Dynamic threat intelligence feed updated in near real time
• Carrier Grade NAT (CGN/CGNAT), Large Scale NAT (LSN),
• 30+ public, private and proprietary sources to block “call
NAT444, NAT44
homes” to command and control servers, identify known
IPv6 Migration: attack sources and mitigate zero-day attacks
• Dual stack support, full native IPv6 management and features
High-Performance ACOS Platform
• SLB-PT (Protocol Translation), SLB-64 (IPv4<–>IPv6, IPv6<–
• Scalable platform with multi-core, multi-CPU support
>IPv4)
• Linear application performance scaling
• NAT64/DNS64, NAT46, DS-Lite, 6rd, LW4o6
Networking
Secure Web Gateway (SWG) • Integrated L2/L3
SSL Insight: • Transparent mode/gateway mode
• High-performance SSL decryption and encryption as a • Routing – static routes, IS-IS (v4/v6), RIPv2/ng, OSPF v2/v3,
forward proxy BGP4+
• Internet Content Adaptation Protocol (ICAP) support for data • VLAN (802.1Q)
loss prevention • Trunking (802.1AX), LACP
• Dynamic port decryption to detect and intercept SSL or TLS • Access control lists (ACLs)
traffic regardless of TCP port number • Traditional IPv4 NAT/NAPT, IPv6 NAPT
• Forward proxy failsafe to bypass traffic when there is a • Jumbo Frame support
handshake failure • Hardware-accelerated Virtual Extensible LAN (VXLAN)
• SSL Insight bypass based on hostname; bypass list scales up • Network Virtualization using Generic Routing Encapsulation
to 1 million Server Name Indication (SNI) values (NVGRE)
• Multi-bypass list support
Management
• Decryption of HTTPS, STARTTLS, SMTP, XMPP
• Dedicated management interface (console, SSH, Telnet,
• Client certificate detection and optional bypass
HTTPS)
• Untrusted certificate handling using the Online Certificate
• Web-based GUI with language localization
Status Protocol (OCSP)
• Industry-standard CLI support
• TLS alert logging to log flow information from SSL Insight
• Granular role-based access control
events
• SNMP, syslog, email alerts, NetFlow v9 and v10 (IPFIX), sFlow
• SSL session ID reuse
• Port mirroring
• Firewall Load Balancing (FWLB)
• REST-style XML API (aXAPI) for all functions
URL Filtering: • LDAP, TACACS+, RADIUS support
• URL Classification Service powered by Webroot to selectively
Virtualization
bypass trusted websites for SSL decryption**
• aVCS (virtual chassis system)
• Optional monitoring and blocking of malicious or undesirable
• Multi-tenancy with ADPs
websites
-- Partition-based management
Operation modes -- L2/L3 virtualization
• Transparent Forward Proxy
Carrier-Grade Hardware
• Explicit Forward Proxy
• Hot swap redundant power supplies (AC or DC)
• Proxy chaining
• 40 GbE ports, 100 GbE ports
IPsec VPN • Tamper detection
• Route-based VPN • Lights Out Management (LOM/IPMI)
• Keying methods – IKEv1, IKEv2 • Hardware Security Module (HSM) option
• Authentication methods – RSA Signature, Pre-shared Key, • High-performance security processor option
Public Key Infrastructure (PKI) *Features and certifications may vary by appliance
• Key Exchange Diffie-Hellman Groups – 1, 2, 5, 14, 15, 16, 18 **Additional paid service
• Encryption and data integrity algorithms – DES, 3DES, AES-
128, AES-192, AES-256
• OSPF, BGP and Bidirectional Forwarding Detection (BFD) over

9
About A10 Networks
A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations
ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in
San Jose, California, and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com.

Corporate Headquarters Worldwide Offices To discover how A10 Networks products will
enhance, accelerate and secure your business,
A10 Networks, Inc North America Hong Kong
HongKong@a10networks.com contact us at a10networks.com/contact or call to
3 West Plumeria Ave. sales@a10networks.com
San Jose, CA 95134 USA Taiwan speak with an A10 sales representative.
Europe
Tel: +1 408 325-8668 emea_sales@a10networks.com taiwan@a10networks.com
Fax: +1 408 325-8666 South America Korea
www.a10networks.com latam_sales@a10networks.com korea@a10networks.com
Japan South Asia
jinfo@a10networks.com SouthAsia@a10networks.com
Part Number: A10-DS-15112-EN-06 China Australia/New Zealand
Aug 2016 china_sales@a10networks.com anz_sales@a10networks.com

©2016 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, Thunder and SSL Insight are
trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks
are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. For the full list of
trademarks, visit: www.a10networks.com/a10-trademarks. 10