D ATA S H E E T
A10 Defend Mitigator
DDoS Mitigation with Intelligent Automation
A10 Defend Mitigator (formerly Thunder TPS), a part of A10
Defend suite, is the scalable and automated DDoS protection
solution powered by advanced machine learning, leading the
industry in precision, scalability, and performance.
Surgical Multi-vector
DDoS Protection
Ensuring availability of business services
requires organizations to rethink how to build
scalable DDoS defenses that can surgically
distinguish an attacker from a legitimate user.
New threat vectors have changed the breadth,
intensity, and complexity of options available
to attackers. Today’s attacks have evolved,
and now include DDoS toolkits, weaponized
IoT devices, online DDoS services, and more.
Established solutions, which rely on ineffective
signature-based IPS or only traffic rate-limiting,
are no longer adequate.
Due to the increasing complexity and volume
of modern-day DDoS attacks, DDoS protection
has also evolved. A holistic DDoS protection
suite is needed. Part of that holistic A10 Defend
suite is the high precision, intelligent, scalable
and automated DDoS mitigation.
A10 Defend Mitigator scales to defend against
the DDoS of Things and traditional zombie
botnets, and precisely screens out multi-
vector DDoS attacks including reflection
©️2024 A10 Networks, Inc. All rights reserved.
Platforms
Physical and SPE
Appliances
Virtual Appliance
and zero-day attacks to minimize collateral
damage to users. It’s built with a unique
multi-modal and source-based protection
Cloud
posture with intelligent automation in mind,
including an auto-updated threat intelligent
Related
list at a scale, five-level adaptive mitigation
policies, and automated zero-day attack Products & Services
pattern recognition powered by machine
learning technologies, to name a few.
A10 Defend Mitigator’s scale and zero-touch
A10 Defend Detector
intelligent automation architecture with
Defend Orchestrator maximize effectiveness
of limited staff and reduce operational cost,
resulting in better ROI. Thus, A10 Defend
suite consisting of A10 Defend Detector,
A10 Defend Orchestrator
Mitigator, Orchestrator, and Threat Control
helps organizations enable more effective
DDoS protection or create profitable DDoS
scrubbing services for their customers.
A10 Defend Threat Control
A10 Networks is available when you need help
most. A10 support provides 24x7x365 services,
including emergency assistance from the
A10 DDoS Security Incident Response Team
(DSIRT) to immediately help you understand
DSIRT Support
and respond to DDoS incidents.
Talk with A10
A10Networks.com/a10-defend

Benefits
Maintain
Service Availability
Downtime results in immediate productivity and revenue
loss for any business. A10 Defend Mitigator ensures service
availability by automatically spotting anomalies across the
traffic spectrum and mitigating multi-vector DDoS attacks.
Defeat
Growing Attacks
A10 Defend Mitigator protects the largest, most-demanding
network environments. Defend Mitigator offloads common
attack vectors to specialized hardware, allowing its powerful
multicore CPUs to distinguish legitimate users from attacking
botnets and complex application-layer attacks that require
resource-intensive deep packet inspection (DPI).
Scalable
Protection
Select A10 Defend Mitigator hardware models benefit
from our Security and Policy Engine (SPE) hardware
acceleration, leveraging FPGA-based FTA technology
and other hardware-optimized security checks for highly
scalable packet processing and hardware DDoS protection
capabilities. Defend Mitigator appliances can scale up
to eight times the mitigation capacity, regardless of form
factor, either hardware or virtual appliance, by
the clustering and synchronization technology.
©️2024 A10 Networks, Inc. All rights reserved.
A10 DEFEND MITIGATOR | DATA SHEET
Deploy
Wartime Support
No organization has unlimited trained personnel or
resources during real-time DDoS attacks. A10 Defend
Mitigator supports five levels of programmatic mitigation
escalation and de-escalation per protected zone. Remove
the need for frontline personnel to make time-consuming
manual changes to escalating mitigation strategies and
improve response times during attacks. Administrators
have the option to manually intervene and coordinate with
A10's DSIRT at any stage of an attack.
$
Reduce
Security OPEX
A10 Defend Mitigator is extremely efficient. It delivers high
performance in a small form factor to reduce OPEX with
significantly lower power usage, rack space, and cooling
requirements. A10 Defend Mitigator’s scale and intelligent
automated mitigation architecture, along A10 Defend
Orchestrator, simplifies the full DDoS protection workflow
and lifecycle from detection, mitigation to reporting, while
strengthening security posture.
The A10 Defend solution maximizes effectiveness of the
SecOps team and reduces operational cost, resulting in
better ROI.
2
 A10 DEFEND MITIGATOR | DATA SHEET

Reference Architectures
Proactive Deployment
(Asymmetric or Symmetric)

Clean Traffic
Deploying A10 Defend Mitigator inline or
in-path of the services network provides
Firewall
Services continuous, comprehensive detection and
Edge Router A10 Defend
Mitigator
fast mitigation. This mode is most useful
API
for real-time services such as gaming and
REST API,
Cloud-based sFlow, UI VoIP where the user experience is critical,
DDoS Scrubbing Syslogs and for protection against application-layer
(Hybrid)
A10 Defend GUI, REST API
attacks. Mitigator supports L2 or L3 in-path
Orchestrator deployments. It also eases deployment of
hybrid DDoS protection with a cloud scrubbing
service in case volumetric attacks exceed an
organization’s internet bandwidth.

A10 Defend
Reactive Deployment
Orchestrator
Larger networks benefit from on-demand
API Communication
mitigation, triggered manually or by flow
analytical systems. A10 Defend Detector
is available as a standalone appliance
API, sFlow, (hardware or virtual). The flow-based DDoS
A10 Defend Detector A10 Defend Syslogs detector is tightly integrated with A10 Defend
Mitigator
Suspected Orchestrator and Mitigator for a intelligent
Traffic
Clean
UI and automated DDoS defense solution.
BGP / Traffic A10 Defend Mitigator is capable of sending
BGP FlowSpec
GUI, REST API
Flow BGP FlowSpec for better collaborating with
Information upstream routers.

Edge Router Access Router Firewall Services

©️2024 A10 Networks, Inc. All rights reserved. 3

 A10 DEFEND MITIGATOR | DATA SHEET

Reference Architectures
A10 Defend
Orchestrator
Reactive Deployment with
Third-party Flow Detector
API Communication

A10 Defend Mitigator fits in any network

configuration with integrated BGP and other
API, sFlow,
routing protocols. This eliminates the need
Flow-based Detection A10 Defend Mitigator Syslogs for any additional diversion and re-injection
Suspected routers. A10 Networks partners with the
Traffic
Clean
UI industry’s leading network monitoring
BGP / Traffic and DDoS detection companies to provide
BGP FlowSpec
GUI, REST API additional flexibility for creating best-of-class
Flow
Information solutions for each customer’s unique business
needs. The third-party DDoS detection can
leverage API (A10’s aXAPI® and aGAPI®), syslog,
or BGP Flowspec, to create tightly integrated
Edge Router Access Router Firewall Services DDoS protection solutions.

©️2024 A10 Networks, Inc. All rights reserved. 4


Features
Full Spectrum DDoS Protection for Service Availability
Complete Solution
For Flexible Deployments
A10 Defend Mitigator provides a complete solution for
DDoS defenses in proactive always-on or on-demand
reactive modes to meet customers' business objectives.
Defend Mitigator can be deployed with inline mode in L2
or L3 with full IPv4 and IPv6 support, where the proactive
mode is ideal for critical and real-time services such as
gaming, voice and DNS. In reactive mode, A10 Defend
Mitigator works in concert with A10 Defend Detector
and Orchestrator, and becomes active only when needed.
When an attack is detected by a Detector, Orchestrator
instructs Mitigator to initiate a BGP route redirection
for the suspicious traffic. Then Mitigator applies the
appropriate countermeasures using a progressive
auto-mitigation level escalation technique before
delivering the clean traffic to the intended destination.
Multi-vector
Attack Protection
Mitigate DDoS attacks of many types, including volumetric,
protocol, or resource attacks, application-level attacks,
or IoT-based attacks. Hardware acceleration offloads the
CPUs and makes A10 Defend Mitigator particularly adept to
deal with simultaneous multi-vector attacks.
Hybrid
DDoS Protection
A10 Defend Mitigator's on-premises protection works in
concert with third-party cloud-based DDoS scrubbing services
to provide full-spectrum protection against attacks of any type.
When attacks grow beyond an organization’s bandwidth
capacity, cloud mitigation can be initiated automatically by
A10 Defend Mitigator using BGP-based signaling, API, and
scripting, etc.
©️2024 A10 Networks, Inc. All rights reserved.
A10 DEFEND MITIGATOR | DATA SHEET
ZAP
Zero-day Automated Protection
The Zero-day Automated Protection (ZAP) utilizes
heuristics and machine learning to automatically discover
mitigation filters without advanced configuration or
manual intervention. ZAP speeds the response time against
increasingly sophisticated multi-vector attacks while
minimizing downtime and errors and lower operating costs.
Non-stop DNS
DNS
Authoritative DNS Cache
A10 Defend Mitigator can be configured as a high-
performance authoritative DNS cache, enabling A10 Defend
Mitigator's non-stop DNS operational mode to cache up to
240 million DNS records using zone transfer and respond
to queries at rates of up to 35 million queries per second.
Non-stop DNS can also work in conjunction with regular
A10 Defend Mitigator DDoS defenses to create a highly
resilient DNS service.
A10 DDoS Threat
Intelligence
Aggregated and correlated DDoS weapons intelligence from
over 40 reputable data sources, is included with support
contract enabling A10 Defend Mitigator to instantly recognize
and block traffic to and from known malicious sources. The
service includes millions of current and accurate IP addresses
of DDoS weapons used regularly in reflected amplification
attacks and crippling IoT botnet attacks.
5
 A10 DEFEND MITIGATOR | DATA SHEET

High Performance and Efficiency to Meet Growing Attack Scale

High Performance Simultaneous

Protection
Select A10 Defend Mitigator models have high-performance
FPGA-based Flexible Traffic Acceleration (FTA) technology
to immediately mitigate up to 60 common attack vectors
including packet and protocol anomalies in hardware, up to
500 million packets per second (Mpps), before data CPUs
are involved. Defend Mitigator enforces highly granular
traffic rates as low as 100 ms intervals.
Protected Objects
To protect entire networks, applications, and services,
A10 Defend Mitigator simultaneously mitigates up to 3,000
zones with individual protection policies that include
thousands of hosts, subnets, and services per zone. The
scale of simultaneous mitigation helps organizations apply
granular controls to protected objects and create profitable
DDoS scrubbing services.

Scalability Precise
Leading Mitigation Capacity Attack Mitigation at Scale

A10 Defend Mitigator provides solutions to protect
organizations from attacks of all sizes, from 5 to 380 Gbps
in power-efficient and small form factor hardware. It's also
available as a virtual appliance with a feature parity and
provides 100 Gbps throughput.
A10 Defend Mitigator tracks more than 27 traffic and
behavioral indicators and can apply escalating protocol
challenges to surgically differentiate attackers from
valid users for appropriate mitigation of up to 256 million
concurrent tracked sessions.

The Defend Mitigator can easily scale its mitigation capacity Complex application attacks (e.g., HTTP, DNS, etc.) are
by clustering up to 8 appliances (e.g., 3 Tbps in hardware, mitigated with advanced parallel processing across a large
800 Gbps in a virtual appliance) with a list synchronization number of CPU cores to maintain high-performance system
technology. scaling, even for multi-vector attacks.

A10 Defend Mitigator

1.2 380 3 8x16M
7655S Tbps
HW Blocking
Gbps
Throughput
Tbps
Throughput in
Cluster
Threat Class
Lists
by the Numbers

100 500 60 64K

Mpps
GE Ports Hardware Protected
Anomaly Drop
Mitigations Objects
(HW assisted)

©️2024 A10 Networks, Inc. All rights reserved. 6


Large Threat
Intelligence Class Lists
Eight lists, each containing up to 16 million entries, may
be defined to utilize data from DDoS threat intelligence
sources, such as A10 Defend Threat Control. Such class
lists, along with own custom black/white lists, can be
configured as IP block lists or used for source IP-based
mitigation policy as needed.
Full Control and Smart Automation for Agile Protection
Efficient
Intelligent Automation
No organization has unlimited resources or the time for
manual interventions. A10 provides the industry’s most
advanced intelligent automation capabilities powered by
machine learning throughout the entire protection lifecycle.
Operators define the networks to protect and A10
defenses do the rest based on the operator’s pre-defined
policies, including individual learned detection thresholds
per monitored entity, automatic traffic redirection
orchestration, start of mitigation and escalation, and
then extract and apply attack pattern filters. When the
attack subsides, the network and defenses are returned to
peacetime posture and detailed reports are generated for
future analysis.
Effective
Management
A10 Defend Mitigator supports an industry-standard CLI,
on-box GUI, and the A10 Defend Orchestrator centralized
management system. The CLI allows sophisticated
operators easy troubleshooting and debugging. The
intuitive on-box GUI enables ease of use and basic
graphical reporting. Defend Orchestrator offers a
comprehensive dashboard with advanced reporting,
mitigation console, and policy enforcement for multiple
Mitigator and Detector devices.
©️2024 A10 Networks, Inc. All rights reserved.
A10 DEFEND MITIGATOR | DATA SHEET
Zero-day
Attack Pattern Recognition
DDoS attackers continue to innovate their multi-vector attack
arsenals with new strategies. The A10 Defend Mitigator Zero-
day Attack Pattern Recognition (ZAPR) engine automatically
identifies DDoS attack characteristics and dynamically
applies mitigation filters without advanced configuration or
manual intervention.
Easy
Network Integration
With multiple performance options and flexible deployment
models, A10 Defend Mitigator may be integrated into any
network architecture of any size, including MPLS and BGP.
And with aXAPI, A10’s 100-percent programmable RESTful
API, A10 Defend Mitigator easily integrates into third-party
detection solutions and into agile SecOps workflows.
Leveraging open standards like BGP blackhole and
Flowspec functionality, A10 Defend Mitigator integrates
easily with any DDoS detection and DDoS mitigation
capable BGP routers solution. Open APIs and networking
standards enable tight integration with other devices,
including A10 threat detection partners, SDN controllers,
and other security products.
7
 A10 DEFEND MITIGATOR | DATA SHEET

A10 Defend Mitigator Physical Appliance Specifications

Thunder Thunder Thunder Thunder
Defend Mitigator
1040 3350-E 5845-40G 5845
Mitigation Permanence
Throughput (software scrubbing)*1 5 Gbps 10 Gbps 40 Gbps 100 Gbps

Hardware Blocking N/A N/A 250 Gbps 250 Gbps

Packets Rate (pps)*1 2.2 Million 6 Million 12 Million 25 Million

Software-based - SYN Authentication

2.2 Million 6 Million 12 Million 25 Million
(pps)

Hardware-based - Anomaly Flood

N/A N/A 125 Million 125 Million
Blocking (pps)

Maximum Concurrent Sessions

8 Million 8 Million 32 Million 48 Million
(asymmetric deployment)

Average Latency 10 µs 20 µs 50 µs 50 µs

Minimum Rate Enforcement Interval 100 ms 100 ms 100 ms 100 ms

DNS Authoritative Cache Performance

DNS Queries Per Second (qps) N/A N/A 10 Million 18 Million

Hardware
Network Interface Bypass Model

1+4
1 GE Copper 5 6 0 0
(Bypass)

1 GE Fiber (SFP) 0 0 2 0 0

1/10 GE Fiber (SFP+) 4 *3

4*3
8+4 *3
48 48

2 (Optical
1/10 GE Fiber (Fixed) 0 0 0 0
bypass)*5

100 GE Fiber 0 0 0 4 (QSFP28) 4 (QSFP28)

Management Ports Ethernet mgmt. port, RJ-45 console port

Hardware Specifications
Processor Intel
Intel Xeon 8-core Intel Xeon 18-core*6 Intel Xeon 18-core
Communications Processor

Memory (ECC RAM) 16 GB 16 GB 64 GB *6 64 GB

Storage SSD SSD SSD SSD

Hardware Acceleration Software Software 2 x FTA-4, SPE 2 x FTA-4, SPE

Dimensions (inches) 1.75 (H) x 17.5 (W) x 17.25 (D) 1.75 (H) x 17.5 (W) x 18(D) 1.75 (H) x 17.5 (W) x 30 (D) 1.75 (H) x 17.5 (W) x 30 (D)

Rack Units (mountable) 1U 1U 1U 1U

Unit Weight 14 lbs | 16 lbs (RPS) 18 lbs 34.3 lbs 34.3 lbs

Single 750W*4 Dual 750W RPS Dual 1500W RPS Dual 1500W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (typical/max)*2 80W / 110W 151W / 205W 585W / 921W 585W / 921W

Heat in BTU/Hour (typical/max) *2

273 / 376 516 / 700 1,997 / 3,143 1,997 / 3,143

Cooling Fan (front-to-back airflow) Removable fans Hot swap smart fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications
FCC Class A, UL, CE, UKCA,
CB, VCCI, BSMI, RCM | RoHS
FCC Class A, UL, CE, UKCA,
FCC Class A, UL, CE, UKCA,
CB, VCCI, KCC, BSMI,
CB, VCCI, BSMI, RCM | RoHS
RCM | RoHS
FCC Class A, UL, CE, UKCA,
CB, VCCI, KCC, BSMI,
RCM | RoHS

Standard Warranty 90-day hardware and software

©️2024 A10 Networks, Inc. All rights reserved. 8

 A10 DEFEND MITIGATOR | DATA SHEET

A10 Defend Mitigator Physical Appliance (cont.)

Thunder Thunder
Thunder Thunder
Defend Mitigator
7445 14045 14045 7655S
Single-Module Dual-Module

Mitigation Permanence
Throughput (software scrubbing)*1 220 Gbps 150 Gbps 300 Gbps 380 Gbps

Hardware Blocking 500 Gbps 500 Gbps 500 Gbps 1.2 Tbps

Packets Rate (pps) *1

50 Million 50 Million 100 Million 110 Million

Software-based - SYN Authentication

50 Million 50 Million 100 Million 110 Million
(pps)

Hardware-based - Anomaly Flood

250 Million 220 Million 440 Million 500 Million
Blocking (pps)

Maximum Concurrent Sessions

64 Million 128 Million 256 Million 256 Million
(asymmetric deployment)

Average Latency 60 µs 60 µs 60 µs 60 µs

Minimum Rate Enforcement Interval 100 ms 100 ms 100 ms 100 ms

DNS Authoritative Cache Performance

DNS Queries Per Second (qps) 35 Million 35 Million N/A N/A

Network Interface
1/10 GE Fiber (SFP+) 48 0 0 0

40 GE Fiber (QSFP+) 0 4 4 0

100 GE Fiber 4 (QSFP28) 4 (CFP2 or QSFP28) 4 (CFP2 or QSFP28) 16 (QSFP28)

Management Ports Ethernet mgmt. port, RJ-45 console port+

Hardware Specifications
Processor 2 x Intel Xeon 18-core 2 x Intel Xeon 18-core 4 x Intel Xeon 18-core 2 x Intel Xeon 28-core

Memory (ECC RAM) 128 GB 256 GB 512 GB 384 GB

Storage SSD SSD SSD SSD

Hardware Acceleration 3 x FTA-4, SPE 4 x FTA-3, SPE 8 x FTA-3, SPE 2 x FTA-5, SPE

Dimensions (inches) 1.75 (H) x 17.5 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D) 2.625 (H) x 17.5 (W) x 30 (D)

Rack Units (mountable) 1U 3U 3U 1.5U

Unit Weight 35.7 lbs 80 lb 102 lbs 44.2 lbs

Dual 1500W RPS 2+2 1100W RPS 2+2 1100W RPS Dual 1500W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (typical/max)*2 784W / 1,078W 1,000W / 1,200W 1,700W / 2,000W 1,121W / 1,300W

Heat in BTU/Hour (typical/max)*2 2,676 / 3,679 3,412 / 4,095 5,801 / 6,825 3,826 / 4,436

Cooling Fan (front-to-back airflow) Hot swap smart fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications
FCC Class A, UL, CE, UKCA,
CB, VCCI, BSMI, RCM | RoHS
FCC Class A, UL, CE, UKCA,
CB, VCCI, CQC, KCC, BSMI,
RCM | RoHS
FCC Class A, UL, CE, UKCA,
FCC Class A, UL, CE, UKCA,
CB, VCCI, CQC, KCC, BSMI,
CB, VCCI, BSMI, RCM | RoHS
RCM | RoHS

Standard Warranty 90-day hardware and software

Hardware specifications and performance numbers are subject to change without notice, and may vary depending on configuration and environmental conditions. As for
network interface, it’s highly recommended to use A10 Networks qualified optics/transceivers to ensure network reliability and stability.

*1 Throughput performances are traffic-forwarding capacity and measured with legitimate traffic with DDoS protection enabled.
*2 With base model | *3 10Gbps speed only | *4 Optional RPS available | *5 Fixed SFP+ optical ports with dual rate (10GBASE-SR and 1000BASE-SX) | *6 Active CPU core
counts and memory size may vary depending on the modular license | ^ Certification in process | + Thunder 14045 comes with a splitter cable for console to provide access
to both modules

©️2024 A10 Networks, Inc. All rights reserved. 9

 A10 DEFEND MITIGATOR | DATA SHEET

A10 Defend Mitigator Virtual Appliance Specifications

A10 Defend Mitigator Virtual Appliance

Supported Hypervisors VMware ESXi 6.7 or higher (SR-IOV)

Hardware Requirements See installation guide

Standard Warranty 90-day software

Virtual Appliance License and Sizing Recommendations

Throughput Lab/1/2/5 Gbps 40 Gbps*1 100 Gbps*1

vCPU 6 8 24

vRAM 16 GB 32 GB 64 GB

vDisk 60 GB 60 GB 100 GB

Bandwidth license
Licence Types FlexPool FlexPool
(per instance)

Hypervisors ESXi ESXi ESXi

*1 Available in ACOS 6.0 and above. Tested with Defend Mitigator running on ESXi 7.0 with NVIDIA Mellanox ConnectX-6 NIC (SR-IOV enabled)

A10 Defend Mitigator for Cloud Microsoft Azure

Throughput per instance Up to 5 Gbps

Image Format Microsoft VHD

Licenses 30-day trial license | BYOL FlexPool license

©️2024 A10 Networks, Inc. All rights reserved. 10

 A10 DEFEND MITIGATOR | DATA SHEET

Detailed Feature List

Features may vary by appliance.

Detection/Analysis Challenge-based Authentication

• In-line packet-based DDoS detection • TCP SYN cookies, SYN authentication
• Individual detection policies for more than 256K servers and services • ACK authentication
• Manual and learned thresholds • Spoof detection
• Protocol anomaly detection • DNS authentication
• Inspection within IPinIP (e.g., networking, encapsulation) • HTTP challenge
• Black/white lists
• Traffic indicator and top talkers
• Mitigation console
Protected Objects
• Packet debugger tool • Protected zones for automated detection and mitigation
• Top-k insights (source, destination) • Source/destination IP address/subnet
• Outbound detection • Source and destination IP pair
• Victim IP Identification • Destination port
• Source port
• Protocol (e.g., HTTP, DNS, SIP, TCP, UDP, ICMP and others)
DDoS Threat Intelligence List • Class list/geolocation
• Large capacity class lists for proactive blocking of toxic • Passive mode
IP addresses as a first layer of protection • Outbound mitigation symmetric deployment
• Up to 96 million active entries - maximum 8 lists with each
containing up to 16M
• Action or mitigation policies can be defined for each list Non-stop DNS Solution
• Support various types of DDoS threat intelligence feed including • Act as authoritative DNS cache
ThreatSTOP and IP block list from A10 Defend Threat Control • Seamless layered protection with A10 Defend Mitigator in scrubbing center
• DNS water torture (random subdomain) attack protection
• Selective and customizable action (response/ forward/ drop)
Zero-day Automated Protection
• ZAPR: Machine learning powered attack pattern recognition and filtering
• TCP progression tracking Actions
• Prevent zero-day attacks • Capture packet
• No pre-configuration or manual intervention • Run script
• Fast, automated response • Drop
• TCP reset
• Dynamic authentication
Resource Attack Protection • Add to black list
• Fragmentation attack • Add to white list
• Slowloris • Log
• Slow GET/POST • Limit concurrent connections
• Long form submission • Limit connection rate
• SSL renegotiation • Limit traffic rate (pps/bps)
• Forward to other device
Application Attack Protection • Remote-triggered black hole (RTBH)
• BGP Flowspec
• Application-aware filter
• Regular expression filter (TCP/UDP/HTTP/SIP)
• HTTP request rate limit (per URI) Management
• DNS request rate limit (per type, FQDN, label count) • Dedicated on-box management interface (GUI, CLI, SSH, Telnet)
• SIP request limit (per type) • aGalaxy for comprehensive management
• Application request malformed check (DNS/HTTP/SIP) • SNMP, syslog, email alerts
• DNS domain-list • REST API (aXAPI) or SDK
• HTTP/S protocol compliance • LDAP, TACACS+, RADIUS support
• Application (DNS/HTTP/SIP) flood protection • Configurable control CPUs
• Signature-based IPS
• QUIC version control and malformed header check
• Packet watermarking (UDP) for gaming traffic Networking and Deployment
• Encrypted flood attack protection • Proactive, Reactive, Asymmetric, Symmetric, Out-of-band (TAP)
• Transparent (L2), routed (L3)
• Virtual wire
Protocol Attack Protection • Routing: static routes, BGP4+, OSPF, OSPFv3, IS-IS
• Invalid packets • Bidirectional forwarding detection (BFD)
• Anomalous TCP flag combinations (no flag, SYN-FIN, SYN frag, LAND attack) • VLAN (802.1Q)
• SYN-ACK amplification attack protection • Trunking (802.1AX), LACP
• IP options • Access control lists (ACLs)
• Packet size validation (ping of death) • Network Address Translation (NAT)
• POODLE attack • MPLS traffic protection
• TCP/UDP/SSL/ICMP flood protection • BGP route injection,
• Per-connection traffic control • BGP FlowSpec
• IPinIP (source and terminate)
• GRE tunnel interface
• VXLAN

©️2024 A10 Networks, Inc. All rights reserved. 11

 A10 DEFEND MITIGATOR | DATA SHEET

Detailed Feature List (Cont.)

Telemetry Carrier-grade Hardware*
• Rich traffic and DDoS statistics counters • Advanced hardware architecture
• sFlow v5 • Hot-swap redundant power supplies (AC and DC)
• Custom counter blocks for flow-based export • Smart fans (hot swap)
• High-speed logging • Solid-state drive (SSD)
• CEF logging • Tamper detection
• 40 GbE and 100 GbE ports

High-performance, Scalable Platform

• Advanced Core Operating System (ACOS) Security and Capability Assurance Certifications*
• Linear application scaling • Common Criteria EAL 2+
• ACOS on data plane • FIPS 140-2 Level 2 Compliance (A10 Defend Mitigator 14045)
• Linux on control plane • FIPS 140-1 Level 1 Compliance (all)
• IPv6 feature parity
• Security policy engine (SPE) enabling hardware acceleration for policy
enforcement*
• High-performance hardware blocking*

* Features and certifications may vary by appliance.

Learn More ©2023 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, Thunder, Harmony and SSL
Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All
About A10 Networks other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies
in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication
Contact Us without notice. For the full list of trademarks, visit: A10networks.com/a10trademarks.
A10networks.com/contact Part Number: A10-DS-15136-EN-01 Mar 2024