Thunder CFW High-Performance Versatile Firewall
DATASHEETTHUNDER CFWHigh-Performance Versatile FirewallSupported PlatformsThe A10 Thunder Convergent Firewall (CFW) is a standalone security product, built onA10 Networks Advanced Core Operating System (ACOS ) platform. Thunder CFW isthe first converged security solution for service providers, cloud providers and largeenterprises that includes:Thunder CFWphysical appliance A powerful Secure Web Gateway that combines URL filtering, A10’s SSL Insighttechnology, and explicit proxy to increase security efficacy by decrypting SSLtraffic at high speed and restricting access to undesirable websites.Thunder SPEphysical appliance A high-performance Data Center Firewall with an integrated Layer 4 firewall, DDoSprotection, and server load balancing. By uniting application delivery control andsecurity on a single platform, Thunder CFW lowers hardware and operating costs.APPvThundervirtual appliance A scalable Gi/SGi Firewall with integrated DDoS protection and Carrier GradeNetworking (CGN) for mobile carriers. The Gi/SGi Firewall protects mobileinfrastructure with advanced policy enforcement. High-speed site-to-site IPsec VPN that enables enterprises and service providersto encrypt data at a massive scale and in the cloud.aGalaxyCentralized ManagementOverviewA10 Networks Thunder ConvergentFirewall (CFW) is a high-performance,all-inclusive and flexible securitysolution featuring a Secure WebGateway, Data Center Firewall, Gi/SGiFirewall and site-to-site IPsec VPNfor enterprises and service providers.Thunder CFW uncovers threats in SSLtraffic and blocks access to maliciouswebsites at the enterprise perimeter.It also protects high-value assets inthe data center from network andDistributed Denial of Service (DDoS)attacks. A10 Thunder CFW offers theperformance and the versatility youneed to safeguard your applications,your users and your infrastructure.With its data center efficient design and compact form factor, Thunder CFW providesan integrated security and application networking solution that minimizes rack space,power consumption and cooling costs.Thunder CFW also leverages the A10 Harmony architecture to provide open andstandards-based programmability, which offers rapid integration with management andorchestration systems, consistent policy enforcement and telemetry. The A10 NetworksaGalaxy Centralized Management System delivers everything that organizations need toconfigure, monitor and troubleshoot all A10 Thunder solutions, including Thunder CFW.Features and BenefitsWhether you are an enterprise, service provider or mobile carrier, A10 Thunder CFWoffers the performance and the versatility you need to safeguard your applications, yourusers and your infrastructure.Secure Web GatewayDecrypt SSL once and inspect multiple times: Thunder CFW enables security devicesto inspect encrypted traffic, eliminating the SSL blind spot in corporate defenses.Leveraging SSL Insight technology, Thunder CFW decrypts SSL traffic and forwards itto third-party security devices for inspection. With the Thunder CFW, organizations canmake their security infrastructure effective again.Prevent data exfiltration and enforce compliance: Thunder CFW allows seamlessintegration with third-party Data Loss Prevention (DLP) solutions via the industry standardICAP. Thunder CFW can send decrypted traffic to DLP servers for inspection before1
forwarding intercepted traffic to a client or a server. According toinspection results from DLP servers, Thunder CFW enforces a policyby either permitting or denying traffic to prevent data leaks andharmful infection.Gi/SGi FirewallAchieve massive scale and multiple functionality in a singlecompact appliance: The Thunder CFW, with an integrated Gi/SGiFirewall, delivers the performance that mobile carriers require toGain superior URL classification coverage: Thunder CFW providesan optional URL filtering service that maximizes employeeproductivity and mitigates web-based threats. Thunder CFW canmonitor or block access to malicious websites, including malware,spam and phishing sites. The A10 URL Classification Service,scale and protect their networks. With the ability to support largesession capacity and high connections-per-second rates, theThunder CFW will meet both current and future traffic requirements.Thunder CFW enables mobile carriers to efficiently safeguard theirinfrastructure, including the Gateway GPRS Support Node (GGSN)powered by Webroot, categorizes over 460 million domains andand P-Gateway in the Evolved Packet Core (EPC).13 billion URLs into 83 categories, enabling organizations to blockThe Thunder CFW includes integrated Carrier Grade NATdesirable sites and shield their users from online threats.Extend the life of security infrastructure: Thunder CFW, withintegrated load balancing, enables organizations to maximizeuptime and increase the capacity of their security infrastructure.It also unburdens firewalls and other security devices fromcomputationally intensive tasks like SSL decryption and ICAPsupport, enabling those devices to do what they do best – detectand stop attacks.functionality to allow mobile carriers to preserve their investmentin IPv4-based infrastructure. Also included are various IPv6transition technologies, such as NAT64/DNS64, to assist inproviding a smooth transition to IPv6 networking and seamlesssubscriber access to resources regardless of the type of IPversion used. Integrated application layer gateways (ALGs) ensurethat applications remain addressable and operate transparentlythrough address translation. By including IPv4 preservation andIPv6 migration support in the multi-functional Thunder CFW,Data Center FirewallAchieve unprecedented firewall performance: Powered by A10’sAdvanced Core Operating System (ACOS), Thunder CFW provideshigh performance in a compact appliance, allowing organizationsto stop emerging threats at scale. Combining a Shared MemoryArchitecture and Flexible Traffic Accelerator (FTA) technology, theData Center Firewall offers ultra-high throughput and unmatchedconnection rates, eliminating traditional performance bottleneckswhile protecting data center assets.Lower OPEX and CAPEX: Consolidating multiple services onone platform reduces the number of appliances that need to bepurchased and cuts power, space and cooling costs. Thunder CFW’sData Center Firewall takes unification further by converging notjust security but also networking and application delivery features,empowering organizations to eliminate single-purpose devices fromtheir data centers and reduce hardware and operating costs.Protect multi-tenant environments: Thunder CFW leverages theA10 Harmony architecture to deliver completely programmablesecurity for the data center. A10 Harmony unifies policy control,offers unprecedented telemetry and provides 100% RESTful APIcoverage. Thunder CFW also supports multi-tenancy features likeApplication Delivery Partitions (ADPs) for segmentation.operational tasks are greatly simplified.To protect mobile infrastructure, the Thunder CFW Gi/SGi Firewallprovides granular control over network resources, allowing mobilecarriers to block network attacks and unauthorized access. It deliversa stateful firewall with a rich set of features to protect subscribers,along with shielding the LTE data and control plane services frommultiple types of threats. The Thunder CFW can also secure its ownresources, such as Network Address Translation (NAT) pools, toensure that its operational functions are not compromised.Site-to-Site IPsec VPNEncrypt data at unparalleled speeds: Thunder CFW enablesenterprises and service providers to build out large-scale VPNdeployments. By supporting thousands of VPN tunnels perThunder CFW platform and a broad array of encryption algorithmsand data integrity methods, organizations can deploy ThunderCFW alongside their existing VPN equipment or build out new VPNnetworks with Thunder CFW appliances.Consolidate IPsec VPN, firewall and application delivery: ThunderCFW combines Data Center Firewall, Gi/SGi Firewall and IPsec VPNon a single platform. Whether used with the Data Center Firewallto support secure interconnectivity between data centers or tosupport high-speed VPN connections in the cloud, Thunder CFWprovides a comprehensive networking and security platform thatreduces customers’ data center footprint and operating costs.A10 Thunder CFW Data Center Firewall hasachieved the ICSA Labs Firewall CorporateCertification.2The A10 Thunder CFW IPsec solution has achievedthe IPsec IKEv2 certification from ICSA Labs. ICSALabs testing and certification ensures that A10Thunder CFW performs as intended and providesinteroperable, cryptographically-based securityservices for IP layer environments.
Architecture and Key Components2 Gi/SGi FWMobile Service ProviderData Center3 DC FWWeb Appv4v6DC FW & ADCDNSRouterEPC with GGSN and PGWCGN & Gi/SGi FW1Enterprise PerimeterIPsec VPNSecure WebGatewayInternetOther Apps4 IPsec VPNWeb AppICAP (AV/DLP)IPsec VPNInternalNetworkIPSATPDNSNGFWSSLi & SWGDC FW & ADCSSLi & SWGOther AppsFigure 1: Thunder CFW use casesFlexibility to Deploy ADC and CGNThunder CFW supports multi-tenancy and isolation of configurationcomponents including administration with Application DeliveryPartitions (ADPs) using L3V (Layer 3 Visualization). L3V partitionsenables flexible deployment of independent services like applicationcomplement our industry-standard CLI and Web GUI, our RESTfulAPI with 100% coverage offers rapid integration with third-partymanagement consoles to efficiently operate one or more ThunderCFW appliances. For larger deployments, our aGalaxy CentralizedManagement System ensures that routine tasks can be performeddelivery controller (ADC) and carrier grade networking (CGN) onat scale, across multiple appliances, regardless of physical location.a single appliance to accelerate faster time to market of loadThunder CFW supports granular role-based access control, enablingbalancing and networking services.you to create users and groups and grant read-only or read/writeprivileges for specific partitions or management interfaces. ToManagementComprehensive and scalable management: Thunder CFWdevices feature an array of options to simplify and automatemanagement tasks that reduce administrative costs and ensurescale load-balancing capacity, A10 Networks aVCS Virtual ChassisSystem allows multiple appliances to operate as one, with a singlemanagement point for all appliances in the virtual chassis.that complex tasks can be done accurately the first time. ToThunder CFW’s integrated Web applicationfirewall has achieved WAF certificationfrom ICSA Labs. ICSA Labs testing andcertification ensures that Thunder CFWperforms as intended to secure applicationservices from exploitation and attack.3
Product DescriptionThunder CFW Product LineThunder CFW appliances support any deployment need. EachThunder CFW appliance is powered by ACOS software, whichbrings a unique combination of shared memory accuracy andefficiency, 64-bit scalability and advanced flow processing.Thunder SPE Appliances:-- The Thunder SPE appliances deliver ultra high-speed-- All models are dual power supply-capable*, feature solidstate drives (SSDs) and use no inaccessible moving partsfor high availability.-- All models benefit from A10’s Flexible Traffic Accelerator(FTA) technology, with select models featuring FieldProgrammable Gate Arrays (FPGAs) for hardware optimizedFTA processing; this provides highly scalable flowdistribution and DDoS protection capabilities.-- Select models include switching and routing processorsSecurity and Policy Enforcement for your most demandingfor high-speed network processing, dedicated securityapplication networking and security requirements. Thunderprocessors for SSL offload, and lights-out managementSPE appliances leverage A10’s innovative Security and(LOM) for out-of-band monitoring and management.Policy Engine (SPE) to implement security and policy-- Each appliance offers exceptional performance per rackenforcement functions at higher speed, harnessing theunit and the highest level “80 PLUS Platinum” certification*power of advanced Flexible Traffic Acceleration (FTA)for power supplies* to reduce power consumption costs andtechnology and high speed lookup capabilities. In addition,ensure a green solution. Coupled with high densityThunder SPE is a future-proof design capable of enabling an1 GbE, 10 GbE, and 40 GbE port options, Thunder CFWexpanded set of security and policy enforcements.meets the highest networking bandwidth demands.-- All models are dual power supply-capable, feature solidstate drives (SSDs) and utilize no inaccessible moving partsfor high availability.-- Thunder SPE appliances offer the best performance perrack unit coupled with high density interface 1 GbE, 10 GbE,40 GbE and 100 GbE port options and the highest level “80PLUS Platinum” certification for power supplies to ensurea green solution and reduce power consumption costs.Thunder CFW Hardware Appliances:-- The A10 Thunder CFW line of appliances fits all sizenetworks starting with entry level models and moving upvThunder Virtual Appliances:-- The vThunder CFW line of virtual appliances is designedto meet the growing needs of organizations requiring aflexible and easy-to-deploy converged security, carrier gradenetworking, application delivery and server load balancersolution running within a virtualized infrastructure or publiccloud service.-- Each vThunder instance has a full set of features that canrun atop your choice of commodity hardware, as well asyour choice of leading hypervisor; for example, VMwareESXi, Microsoft Hyper-V, and KVM.to high performance appliance for your most demandingThe aGalaxy Centralized Management System delivers everythingrequirements.that organizations need to monitor, configure and troubleshoottheir Thunder CFW deployment.* Except for Thunder 8404
Thunder CFW Specifications TableThunder 840Thunder 1030SThunder 3030SDCFW Throughput5 Gbps10 Gbps30 GbpsDCFW Layer 4 CPS200k300k500k8 million16 million32 million8k8k16kData Center FirewallDCFW Concurrent SessionsDCFW RulesSecure Web Gateway*1 *2SSLi Throughput0.5 Gbps1.5 Gbps2.5 GbpsRSA (1K): 500RSA (2K): 300RSA (1K): 4KRSA (2K): 3kRSA (1K) : 8kRSA (2K): 6k1.5 Gbps6 Gbps8 Gbps501001k1 GE Copper5661 GE Fiber (SFP)0221/10 GE Fiber (SFP )224SSLi CPSIPsec VPN*2IPsec ThroughputIPsec TunnelsNetwork Interface40 GE Fiber (QSFP )000YesYesYesLights Out ManagementNoYesYesConsole PortYesYesYesManagement InterfaceSolid-state Drive (SSD)ProcessorMemory (ECC RAM)YesYesYesIntelCommunication ProcessorIntel Xeon4-coreIntel Xeon4-core8 GB8 GB16 GBHardware Acceleration64-bit Linear Decoupled ArchitectureYesYesYesFlexible Traffic ingSoftwareSoftwareSoftwareN/AYesYes57W / 75W98W / 108W180W / 240WSSL Security Processor ('S' Models)Power Consumption (Typical/Max)Heat in BTU/hour (Typical/Max)*3*3Power Supply (DC option available)195 / 256334 / 369615 / 819Single 150W (AC only)Single 600W Dual 600W RPS100 - 240 VAC, 50-60Hz80 Plus Platinum efficiency, 100 - 240 VAC, 50 – 60 HzCooling FanSingle Fixed FanHot Swap Smart FansDimensions1.75 in (H), 17.0 (W), 12 in (D)Rack Units (Mountable)Unit Weight1.75 in (H), 17.5 in (W), 17.45 in (D)1.75 in (H), 17.5 in (W), 17.45 in (D)1U1U1U8.8 lbs"18.0 lbs20.1 lbs (RPS)"20.1 lbsOperating RangesRegulatory CertificationsStandard WarrantyTemperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE, TUV, CB,VCCI, CCC, BSMI, RCM RoHSFCC Class A, UL, CE, TUV, CB,VCCI, CCC, KCC BSMI, RCM,FAC RoHS, FIPS 140-2 FCC Class A, UL, CE, TUV, CB,VCCI, CCC, KCC, BSMI, RCM,EAC, FAC RoHS, FIPS 140-2 90-day Hardware and Software*1 Tested in single appliance SSLi deployment with maximum SSL option. Cipher “AES128-SHA256” with 2K RSA keys are used for RSA cases, “ECDHE-RSA-AES128-SHA256” with EC P-256 and 2K RSAkeys are used for PFS case *2 With maximum SSL *3 With base model. Number varies by SSL model *4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Certification in process FIPS model must be purchased5
Thunder CFW Specifications Table (continued)Thunder 3040(S)Thunder 3230(S)Thunder 3430(S)Data Center FirewallDCFW Throughput30 Gbps25 Gbps38 GbpsDCFW Layer 4 CPS500k1.4 million2 million32 million32 million64 million16k16k32kDCFW Concurrent SessionsDCFW RulesSecure Web Gateway*1 *2SSLi Throughput2.5 Gbps3.5 Gbps5.5 GbpsRSA: 6.5kECDHE: 4.5kRSA: 12.5kECDHE: 7kRSA: 18kECDHE: 10kN/A15 Gbps30 Gbps1k1k4k1 GE Copper6001 GE Fiber (SFP)2441/10 GE Fiber (SFP )444SSLi CPSIPsec VPN*2IPsec ThroughputIPsec TunnelsNetwork Interface40 GE Fiber (QSFP )Management Interface000YesYesYesLights Out ManagementYesYesYesConsole PortYesYesYesSolid-state Drive (SSD)ProcessorMemory (ECC RAM)YesYesYesIntel Xeon4-coreIntel Xeon4-coreIntel Xeon6-core16 GB16 GB32 GBHardware Acceleration64-bit Linear Decoupled ArchitectureYesYesYesFlexible Traffic AccelerationSoftware1 x FTA-4 FPGA1 x FTA-4 sYes180W / 240W190W / 240W210W / 260WSSL Security Processor ('S' Models)Power Consumption (Typical/Max)Heat in BTU/hour (Typical/Max)*3*3Power Supply (DC option available)615 / 819648 / 819717 / 887Dual 600W RPSDual 600W RPSDual 600W RPS100 - 240 VAC, 50-60Hz80 Plus Platinum efficiency, 100 - 240 VAC, 50 – 60 HzCooling FanSingle Fixed FanHot Swap Smart FansDimensions1.75 in (H), 17.5 in (W),17.45 in (D)1.75 in (H), 17.5 in (W),17.15 in (D)1.75 in (H), 17.5 in (W),17.15 in (D)1U1U1U23 lbs23 lbsRack Units (Mountable)Unit Weight20.6 lbsOperating RangesRegulatory CertificationsStandard WarrantyTemperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE, CB,GS , VCCI, CCC, KCC, BSMI,RCM RoHSFCC Class A, UL, CE, TUV, CB,VCCI, CCC, KCC, BSMI, RCM,NEBS RoHSFCC Class A, UL, CE, GS, CB,VCCI, CCC, KCC, BSMI, RCM,NEBS RoHS90-day Hardware and Software*1 Tested in single appliance SSLi deployment with maximum SSL option. Cipher “AES128-SHA256” with 2K RSA keys are used for RSA cases, “ECDHE-RSA-AES128-SHA256” with EC P-256 and 2K RSAkeys are used for PFS case *2 With maximum SSL *3 With base model. Number varies by SSL model *4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Certification in process FIPS model must be purchased6
Thunder CFW Specifications Table (continued)Thunder 4440(S)Thunder 5330(S)Thunder 5440(S)Data Center FirewallDCFW Throughput70 Gbps70 Gbps90 GbpsDCFW Layer 4 CPS2.8 million2.8 million3.5 millionDCFW Concurrent Sessions64 million64 million128 million32k32k64kDCFW RulesSecure Web Gateway*1 *2SSLi Throughput8 Gbps10 Gbps15 GbpsRSA: 22kECDHE: 10kRSA: 30kECDHE: 15kRSA: 35kECDHE: 20k30 Gbps35 Gbps35 Gbps4k4k8k1 GE Copper0001 GE Fiber (SFP)0001/10 GE Fiber (SFP )24824SSLi CPSIPsec VPN*2IPsec ThroughputIPsec TunnelsNetwork Interface40 GE Fiber (QSFP )Management Interface404YesYesYesLights Out ManagementYesYesYesConsole PortYesYesYesSolid-state Drive (SSD)ProcessorMemory (ECC RAM)YesYesYesIntel Xeon6-coreIntel Xeon10-coreIntel Xeon12-core32 GB32 GB64 GBHardware Acceleration64-bit Linear Decoupled ArchitectureFlexible Traffic AccelerationSwitching/RoutingSSL Security Processor ('S' Models)Power Consumption (Typical/Max)Heat in BTU/hour (Typical/Max)*3*3Power Supply (DC option available)YesYesYes2 x FTA-4 FPGA1 x FTA-4 FPGA2 x FTA-4 FPGAHardwareHybrid*4HardwareYesYesYes360W / 445W210W / 260W360W / 445W1,229 / 1,519717 / 8871,229 / 1,519Dual 1100W RPSDual 600W RPSDual 1100W RPS80 Plus Platinum efficiency, 100 - 240 VAC, 50 – 60 HzCooling FanDimensionsRack Units (Mountable)Unit WeightOperating RangesRegulatory CertificationsStandard WarrantyHot Swap Smart Fans1.75 in (H), 17.5 in (W), 30 in (D)1.75 in (H), 17.5 in (W),17.15 in (D)1.75 in (H), 17.5 in (W), 30 in (D)1U1U1U23 lbs32.5 lbs32.5 lbsTemperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE, GS, CB,VCCI, CCC, KCC, BSMI, RCM RoHS , FIPS 140-2 FCC Class A, UL, CE, GS,CB, VCCI, CCC, BSMI, RCM,NEBS RoHSFCC Class A, UL, CE, GS, CB,VCCI, CCC, BSMI, RCM RoHS90-day Hardware and Software*1 Tested in single appliance SSLi deployment with maximum SSL option. Cipher “AES128-SHA256” with 2K RSA keys are used for RSA cases, “ECDHE-RSA-AES128-SHA256” with EC P-256 and 2K RSAkeys are used for PFS case *2 With maximum SSL *3 With base model. Number varies by SSL model *4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Certification in process FIPS model must be purchased7
Thunder CFW Specifications Table (continued)Thunder 5840(S)Thunder 6440(S)Thunder 7440(S)Data Center FirewallDCFW Throughput100 Gbps150 Gbps220 GbpsDCFW Layer 4 CPS4.5 million4.5 million6.5 millionDCFW Concurrent Sessions128 million256 million256 million64k128k128kDCFW RulesSecure Web Gateway*1 *2SSLi Throughput20 GbpsN/AN/ARSA: 50kECDHE: 25kN/AN/A35 GbpsN/AN/A8k20k20k1 GE Copper0001 GE Fiber (SFP)0001/10 GE Fiber (SFP )244848SSLi CPSIPsec VPN*2IPsec ThroughputIPsec TunnelsNetwork Interface40 GE Fiber (QSFP )Management Interface444YesYesYesLights Out ManagementYesYesYesConsole PortYesYesYesSolid-state Drive (SSD)ProcessorMemory (ECC RAM)YesYesYesIntel Xeon18-coreIntel XeonDual 10-coreIntel XeonDual 18-core64 GB128 GB128 GBHardware Acceleration64-bit Linear Decoupled ArchitectureFlexible Traffic AccelerationSwitching/RoutingSSL Security Processor ('S' Models)Power Consumption (Typical/Max)*3Heat in BTU/hour (Typical/Max)*3Power Supply (DC option available)YesYesYes2x FTA-4 FPGA3 x FTA-4 FPGA3 x FTA-4 FPGAHardwareHardwareHardwareYesYesYes375W / 470W480W / 550W690W / 820W1,280 / 1,6041,638 / 1,8772,355 / 2,798Dual 1100W RPSDual 1100W RPSDual 1100W RPS80 Plus Platinum efficiency, 100 - 240 VAC, 50 – 60 HzCooling FanDimensionsRack Units (Mountable)Unit WeightOperating RangesRegulatory CertificationsStandard WarrantyHot Swap Smart Fans1.75 in (H), 17.5 in (W), 30 in (D)1.75 in (H), 17.5 in (W), 30 in (D)1.75 in (H), 17.5 in (W), 30 in (D)1U1U1U32.5 lbs36 lbs36 lbsTemperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE, GS, CB,VCCI, CCC, BSMI, RCM RoHSFCC Class A, UL, CE, GS, CB,VCCI, CCC, BSMI, RCM RoHSFCC Class A, UL, CE, GS, CB,VCCI, CCC, KCC, BSMI, RCM RoHS, FIPS 140-2 90-day Hardware and Software*1 Tested in single appliance SSLi deployment with maximum SSL option. Cipher “AES128-SHA256” with 2K RSA keys are used for RSA cases, “ECDHE-RSA-AES128-SHA256” with EC P-256 and 2K RSAkeys are used for PFS case *2 With maximum SSL *3 With base model. Number varies by SSL model *4 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Certification in process FIPS model must be purchased8
Thunder CFW SPE Specifications TableThunder 4435(S) SPEThunder 5435(S) SPEThunder 6435(S) SPEThunder 6635(S) SPEData Center FirewallDCFW Throughput38 Gbps76 Gbps140 Gbps150 GbpsDCFW Layer 4 CPS2.7 million2.8 million5.5 million5.5 millionDCFW Concurrent Sessions128 million128 million256 million256 million64k64k128k128k8 Gbps8 Gbps17.5 Gbps17.5 Gbps22k22k50k50k20 Gbps20 Gbps70 Gbps80 Gbps6k6k20k20k1 GE Copper00001 GE Fiber (SFP)00001/10 GE Fiber (SFP )1616161240 GE Fiber (QSFP )0440DCFW RulesSecure Web Gateway*1 *2SSLi Throughput (RSA 2K key)SSLi CPS (RSA 2K key)IPsec VPN*2IPsec ThroughputIPsec TunnelsNetwork Interface100 GE Fiber (CXP)0004Management InterfaceYesYesYesYesLights Out ManagementYesYesYesYesConsole PortYesYesYesYesSolid-state Drive (SSD)YesYesYesYesIntel Xeon10-coreIntel Xeon10-coreIntel XeonDual 12-coreIntel XeonDual 12-core64 GB64 GB128 GB128 GBYesYesYesYesProcessorMemory (ECC RAM)Hardware Acceleration64-bit Linear Decoupled ArchitectureFlexible Traffic Acceleration1 x FTA-3 FPGA2 x FTA-3 FPGA4 x FTA-3 FPGA4 x FTA-3 FPGASecurity & Policy utingHardwareHardwareHardwareHardwareSSL Security Processor ('S' Models)DualDualQuad2 x Dual, 2 x Quad or4 x QuadPower Consumption (Typical/Max)*3350W / 420W400W / 480W620W / 710W995W / 1,150WHeat in BTU/hour (Typical/Max)*31,195 / 1,4331,365 / 1,6382,116 / 2,4233,395 / 3,924Dual 1100W RPSDual 1100W RPS2 2 1100W RPSPower Supply (DC option available)Dual 1100W RPS80 Plus Platinum efficiency, 100 - 240 VAC, 50 – 60 HzCooling FanDimensionsRack Units (Mountable)Unit WeightHot Swap Smart Fans1.75 in (H), 17.5 in (W),30 in (D)Standard Warranty1.75 in (H), 17.5 in (W),30 in (D)5.3 in (H), 16.9 in (W),28 in (D)1U1U1U3U34.5 lbs35.5 lbs39 lbs74.5 lbs / 78 lbs*2FCC Class A, UL, CE,TUV, CB, VCCI, CCC,MSIP, BSMI, RCM, EAC,NEBS RoHSFCC Class A, UL, CE,TUV, CB, VCCI, CCC,BSMI, RCM, EAC,NEBS RoHSOperating RangesRegulatory Certifications1.75 in (H), 17.5 in (W),30 in (D)Temperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE,TUV, CB, VCCI, CCC,BSMI, RCM, EAC,NEBS RoHSFCC Class A, UL, CE,TUV, CB, VCCI, EAC,FAC RoHS90-day Hardware and Software*1 SSLi performance are measured in single appliance SSLi deployment *2 With maximum SSL *3 With base model. Number varies by SSL model9
vThunder CFW Specifications TablevThunder CFWSupported HypervisorsVMware ESXi 5.5 or higherKVM QEMU 1.0 and higher (VirtIO, OvS with DPDK, SR-IOV)Microsoft Hyper-V on Windows Server 2008 R2 or higherLicenses (Throughput)VMware ESXiKVM (SR-IOV OvS-DPDK)KVMMicrosoft Hyper-VLab1 Gbps4 Gbps8 Gbps Feature Basis Throughput GuidelineLicense is set based on L4 throughput performace of ADC/CGN features. Maximum throughput varies dependingon each feature regardless of license type. See the performance guideline table below for more details.Hardware RequirementsSee installation guideStandard Warranty90-day Software 8 Gbps license not recommended for Microsoft Hyper-VFeature Basis Throughput Guideline1 Gbps License4 Gbps License8 Gbps LicenseADC/CGN1 Gbps4 Gbps8 GbpsData Center Firewall1 Gbps4 Gbps8 GbpsGi Firewall1 Gbps4 Gbps8 Gbps500 Mbps1.5 Gbps3 GbpsSecure Web Gateway (SSL Insight)Thunder 840Thunder 1030SThunder 3030SThunder 3040(S)Thunder 3230(S)Thunder 3430(S)Thunder 4440(S)Thunder 5330(S)Thunder 5440(S)Thunder 5840(S)Thunder 6440(S)Thunder 7440(S)Thunder4435(S) SPEThunder 5435(S) SPEThunder 6435(S) SPEThunder 6635(S) SPE10
Detailed Feature List*( Features may vary by appliance)*Data Center Firewall (DCFW)Firewall: Stateful L4 network firewallApplication Layer Gateways (FTP, TFTP, DNS and SIP)Web Application Firewall (WAF)DNS Application Firewall (DAF)DDoS Protection: Flood attack protection: SYN cookies, TCP/UDP/ICMP floodprotection, DNS/HTTP flood protection Protocol attack protection: Invalid packets, anomalous TCPflag combinations, packet size validation (ping of death) Resource attack protection: Slowloris, slow POST, andSockstress protection, fragmentation Rate limiting: IP-based connection, HTTP, DNS request, DNSquery, ICMP rate limitingApplication Access Management (AAM): Authentication methods: HTTP Basic, NTLM over HTTP, formbased, OCSP, TDS SQL Logon and SAML Authentication servers: LDAP, Active Directory, RADIUS, OCSPResponder, NTLM, Kerberos, RSA Secure ID, Entrust IdentityGuard and SAML Identity Provider (IdP) Authentication relay: Kerberos, form-based, LDAP, WSFederation, and Microsoft SharePoint and Outlook WebAccess Extensive logging for auditADC: Advanced Layer 4/Layer 7 server load balancing-- Fast HTTP, full HTTP proxy-- High-performance, template-based L7 switching withheader/URL/domain manipulation-- Comprehensive L7 application persistence support Comprehensive load-balancing methods – round-robin,weighted round-robin (WRR), least connections (LC), fastestresponse and more Comprehensive IPv4/IPv6 support A10 Networks aFleX TCL-based scripting technology – deeppacket inspection and transformation for customizable,application-aware switching Global Server Load Balancing (GSLB) HTTP acceleration: HTTP connection multiplexing (TCPconnection reuse), RAM caching, HTTP compression SSL acceleration: Hardware SSL offload, TLS 1.2 and 4096bit SSL key support, Elliptic Curve Diffie-Hellman Exchange(ECDHE) and other ECC ciphersGi/SGi FirewallFirewall: Stateful Layer 4 network firewall ALG protocol support for protocols with dynamic ports(including SIP, FTP)DDoS Protection: Integrated DDoS protection for NAT pools IP anomaly detectionIPv4 Preservation (CGNAT): Carrier Grade NAT (CGN/CGNAT), Large Scale NAT (LSN),NAT444, NAT44IPv6 Migration: Dual stack support, full native IPv6 management and features SLB-PT (Protocol Translation), SLB-64 (IPv4 – IPv6,IPv6 – IPv4) NAT64/DNS64, NAT46, DS-Lite, 6rd, LW4o6Secure Web Gateway (SWG)SSL Insight: High-performance SSL decryption and encryption as aforward proxy Internet Content Adaptation Protocol (ICAP) support for dataloss prevention Dynamic port decryption to detect and intercept SSL or TLStraffic regardless of TCP port number Forward proxy failsafe to bypass traffic when there is ahandshake failure SSL Insight bypass based on hostname; bypass list scales upto 1 million Server Name Indication (SNI) values Multi-bypass list support Decryption of HTTPS, STARTTLS, SMTP, XMPP Client certificate detection and optional bypass Untrusted certificate handling using the Online CertificateStatus Protocol (OCSP) TLS alert logging to log flow information from SSL Insightevents SSL session ID reuse Firewall Load Balancing (FWLB)URL Filtering: URL Classification Service powered by Webroot to selectivelybypass trusted websites for SSL decryption** Optional monitoring and blocking of malicious or undesirablewebsitesOperation modes Transparent Forward Proxy Explicit Forward Proxy Proxy chainingIPsec VPN Route-based VPN Keying methods – IKEv1, IKEv2 Authentication methods – RSA Signature, Pre-shared Key,Public Key Infrastructure (PKI) Key Exchange Diffie-Hellman Groups – 1, 2, 5, 14, 15, 16, 18 Encryption algorithms – DES, 3DES, AES-128, AES-192,AES-256 Data integrity – MD5, SHA1 and SHA-256 OSPF, BGP and Bidirectional Forwarding Detection (BFD)
attacks. A10 Thunder CFW offers the performance and the versatility you need to safeguard your applications, your users and your infrastructure. THUNDER CFW. High-Performance Versatile Firewall. The A10 Thunder Convergent Firewall (CFW) is a standalone security product, built on A10 Networks Advanced Core Operating System (ACOS ) platform.
www.weg.net 2 CFW-11 Innovative and simple The CFW-11 presents many innovations that are helpful and benefi cial to customers, mainly due to the simplicity of its installation and operation. The CFW-11 was developed based on Plug-and-Play philosophy (connect and use) allowing simple and fast installation of the VSD and its accessories.
Maximum 480 V hp 10 30 15 250 1000 1800 1000/400/800 . WEG (CFW-10, CFW-08, CFW-09) Open IP20, IP66 DH1/EH HVAC drive The DH1 and EH HVAC/R drives are part of the Eaton next generation PowerXL Series of variable frequency drives specifically engineered to exceed the demands of the HVAC/R
latest in a line of classy amps, the Thunder delivers that unmistakable ENGL sound-warm, creamy and extremely dynamic tube tone. This operating manual covers three different versions of the amp, the Thunder 50 Combo (model E322), the Thunder 50 Head (model E325) and the Thunder 50 Reverb (mo
Thunder Convergent Firewalls (CFW) each integrate a powerful and accurate Web Application Firewall (WAF) that stops web application attacks, probes and . Data Security Standard (PCI DSS) sets forth guidelines for merchants, processors and other entities to protect cardholder data. Thunder WAF enables organizations to
enhancing existing security infrastructure A10 Thunder SSLi and A10 Thunder CFW appliances are high-performance Secure Web Gateways with a true full proxy architecture that supports comprehensive protocol suites and dedicated hardware for extraordinary SSL performance. Both solutions support explicit or transparent deployment modes
emi thunder exhaust system if you have any questions about installing the emi thunder system, please feel free to contact sales at eddie marine inc. please note, kits do not inlude 4” hose or lamps for onneting risers to exhaust tips. please check all boxes for parts. any discrepancies
Apr 10, 2019 · Keith Stein Blue Thunder Marching Band Dr. Joe Tornello, Director Boise State University 1910 University Drive Boise, Idaho 83725-1562 Phone (208) 426- 1846 Fax (208) 426-1887 Dear Prospective Blue Thunder Member, I am excited that you are interested in being a part of the Boise State University Keith Stein Blue Thunder Marching Band!
Adolf Hitler Translated into English by James Murphy . Author's Introduction ON APRIL 1st, 1924, I began to serve my sentence of detention in the Fortress of Landsberg am Lech, following the verdict of the Munich People's Court of that time. After years of uninterrupted labour it was now possible for the first time to begin a work which many had asked for and which I myself felt would be .
