A10 Networks Thunder CGN Review

Enabled us to collapse hardware- and software-based solutions into one

What is our primary use case?

It's strictly for outbound NAT-ing to the internet. We are taking internal IPs and masking them from a private IP to a public IP to get to the internet.

For this application, everything is hosted on-prem. We are not using a cloud instance of this solution, but we do have cloud-based third-party solutions that are not associated with the A10 product.

How has it helped my organization?

We have been able to take a software NAT solution and a third-party hardware NAT solution and collapse them into a single solution on the A10 HW.

The solution has saved us money by our not having to purchase additional IPv4 number pools. The savings are on the order of $250,000, maximum, at the moment.

What is most valuable?

The most valuable features are

  • its ease of use and deployment
  • being able to collapse a couple solutions into a single solution, all contained within a single bit of hardware and software.

What needs improvement?

There was only one feature that we found was unavailable which required a workaround that is now in place (IPv6 NATing for a specialized reason).

For how long have I used the solution?

It has been in our environment and active for three months, but we ordered the solution about six months ago. It is a hardware-based appliance that sits in our data centers.

What do I think about the stability of the solution?

So far, the stability is good.

What do I think about the scalability of the solution?

The scalability is good for us. The 5440 HW is more than capable of handling our current traffic patterns allowing us to grow and not have to do in-place upgrades in the immediate to near term.  It's meeting a small portion of our overall network needs, but provides the solution that we sought out.

From a hardware standpoint, it makes up a small fraction of our overall deployment, but the usage behind it is very different from what we utilize our production data center hardware for. As I mentioned, it is just providing outbound NAT-ing for us. As we grow our data center space we would expand its usage and footprint.

We typically see changes in traffic due to our organic growth and ramp-up of internal services.

We plan to implement the following technologies/strategies in the next three years: keeping up with PFS/ECC encryption standards as they evolve. We may or may not move more applications to public cloud. Also, it's possible we could implement cloud repatriation of applications from public cloud to private data centers.

How are customer service and technical support?

Overall, I would give their technical support a 9 out of 10.

Which solution did I use previously and why did I switch?

We had an in-house, software-based solution and we had a hardware-based solution from another provider. We collapsed them down into this solution.

The benefits we consider most important when finding new technology include cost savings, customer satisfaction, and operational improvements. 

How was the initial setup?

The initial setup was straightforward in terms of configuration and understanding what was needed and how it was to be implemented. Utilizing the CLI on it was straightforward for my engineers. Interacting with the A10 team was quite easy. When we had questions in regard to NAT pool exhaustion, they had no issue jumping in to help us figure out what to do to mitigate it.

Due to our own issues, the deployment took three months.

Our implementation strategy was that we placed the HW in our data centers, and then we migrated 25 percent of traffic at a time, in each region. There are two regions. We started off with the East Coast and migrated 25 percent of the traffic from that region to it, then 50 percent, 75, and 100. We let it run stable over a course of time and then we did the same thing in the West coast region.

I have a team of 25 individuals using the solution. It's being supported on the engineering side by three folks and we have about eight of our operations folks involved.

What was our ROI?

We're getting there, in terms of ROI, being that it's only been three months. We're not there yet, but from a soft dollars perspective we are seeing ROI.

What's my experience with pricing, setup cost, and licensing?

Costs in addition to the standard fees are the maintenance and support, yearly which is not atypical.

Which other solutions did I evaluate?

We evaluated Palo Alto Networks. Without going into too much detail, pricing was definitely a factor, as was feature set, in going with A10.

What other advice do I have?

Do your research and figure out needs versus offerings. Don't pay for what you don't need with any vendor solution. Also, ensure you're picking a box that will allow you to scale out, versus having short-term solutions. Don't be shortsighted.

In terms of our biggest security concerns they include malicious code, hacking/cyber defacement, DDoS attacks, insider attacks, and brand damage/loss of confidence. Specific to DDoS, I would want to make certain that, outside-in, we aren't getting attacked, but we have a solution that we utilize to mitigate DDoS attacks, so it's not specific to the A10 product. But it would ensure that we aren't getting DDoS-ed on the A10 product. We have a third-party solution that helps to prevent that.

The malicious code concern would be more along the lines of something attacking the code on the A10 box. Again, we have preventative measures in place against an external intruder trying to get to that box and execute anything maliciously. In terms of hacking or cyber defacement, there is a general trend in the industry to ensure that it doesn't occur.

Since it's new to us, I don't see many areas for improvement. It's serving the purpose that it should and hopefully it will continue to do so.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

Thunder 5440
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
ITCS user