A10 Networks Thunder ADC Valuable Features

Chris Cummings
Director of Information Technology at Klein Independent School District
With the Thunder SSLi, we're better protected. We can stop use of VPN and proxies. We are better protected against dirty traffic coming back to our schools. Having a secure decrypt zone with the equipment lowers the chances that our security infrastructure could possibly miss an attack. It gives us insight into the actual traffic that a student is following. What's the value of identifying possible risks or possible intent based on unencrypted traffic where you have insight to what the student's intent may be? E.g., anonymous bully reporting. It's invaluable to be able to leverage that insight and data to maybe bring help or avert a possible bad circumstance. It's something that's very important to us that this type of system gives us insight into that. For terms of ease of use, it's fairly simple. My analysts tell me that they don't mind getting in there. It was something new that we had to throw on their plate. Every time you add a new element and a new level of complexity, your analysts will look at you like you're crazy, Our plan was originally to use our native firewalls to do the decryption. Unfortunately, that was a feature set which was added on afterward. It just ended up bogging down our system. That is the reason why we had to add the extra hardware. Once the team understood that, the UI was intuitive and a huge help. We use the solution’s Harmony analytics and visibility controller. We have been able to proactively engage and deescalate situations with it. We love Harmony’s traffic management capabilities because it is centralized management. It has a rich analytics capability. This allows us insight into the aggregate performance of all the boxes. so we can possibly leverage any resources available to enhance the environment. We love the single pane of glass traffic management. Single pane of glass is huge, centralized logging. It is the buzzword that everyone is talking about right now, except what nobody seems to take into consideration, is that an analyst only has two eyes. The administration piece of it is huge. It allows us to not just look and get the information, but also cipher it, which is actionable. Looking at logs all day is great, but you can stare in the matrix so long before you want to get in the game. This single pane of glass allows us to look at information that's actionable. View full review »
Shiven Singh
Network Manager at a university with 1,001-5,000 employees
We send all of our production web traffic through our A10. We have a major website, which is our school's website. On the website, there are many different applications and sites, so being able to balance that between our on-premise resources as well as our public cloud with AWS is a huge feature. The solution's security features are excellent. It actively helped us mitigate a DDoS attack in October of 2018. You can do SSL offloading. You can use the A10 to terminate your SSL connectivity, meaning that you can install all your public certificates on the A10 box itself. It just has a wealth of security features. Being a public entity and having a public website, which is highly visible with a lot of traffic, we are a target for DDoS. Within the last year, we have had a couple of DDoS attacks which could have affected our web traffic and taken down certain parts of our website. This did not happen because the A10 was able to mitigate the attacks using rate limiting that can be configured for DDoS mitigation on the box. The single pane of glass traffic management is a nice feature. It allows us to be able to delegate access to different groups of people. This means that I can provide a front line support (a help desk) a certain level of access to be able to look at things, a second level support a little more access, and then engineers can have full access. It is very useful to have a simple dashboard where you can login and look into what your traffic patterns are, then look and see what times of day you're experiencing the heaviest traffic. You can quickly identify if you are possibly having a security issue or security breach. It makes it very easy to use the box. Troubleshooting traffic flows is fairly easy on the box, as you can do packet captures or tcpdumps directly on the A10 itself. So, you can do a trace and see what the A10 is doing with certain traffic. E.g., if I have a client somewhere out in the world who is coming into my A10 box and reporting some weird behavior, or saying, "Hey, I can't get to this application on your website," or "I'm getting blocked for this reason. I can't look at the A10 and figure it out." I could then go into the traffic flows, run a tcpdump, and do a traffic capture. At this point, I can immediately identify where the traffic is coming from and why it is not getting through the box. I have a very technical background and was a network engineer for many years before I became a manager. For me, it is a very easy to use product. The web GUI makes it very easy to configure. The CLI is not very difficult to use, along with the syntax. The command line is very easy to learn. View full review »
Reviewer982346
Enterprise Security Manager at a mining and metals company with 5,001-10,000 employees
A10 supports net devices. All our servers and all our end-users, after the firewall, are connecting to public IP addresses. That means the second box cannot see the source IP addresses. Users use internal IP addresses, but after the firewall, the firewall translates the IP addresses to the public. But A10 can recognize the same HTTPS traffic without looking to source IP addresses. A10 actually translates the port as well. For example, the HTTPS port is 443, and we translate it to a different port. The second box catches this port and then encrypts the traffic and sends it to the internet. This is one of the cool features which other vendors don't have. ADC is also a local answer. We have several proxies in our environment, so we localized internet traffic between these proxies. Instead of getting a really huge proxy box, according to our size, we can use three boxes and share the traffic with A10's load-balancer feature. View full review »
Find out what your peers are saying about A10 Networks, F5, Citrix and others in Application Delivery Controllers. Updated: November 2019.
383,725 professionals have used our research since 2012.
Amita Mahajan
Network Analyst at Alamo Colleges
The features we have used are basically for load balancing. The round-robin feature, the persistent cookies, the source IPs, source mapping, we use all of that in our situation. They also have a feature I use frequently. We have two appliances and I'm able to move my application from one appliance to another. I don't have to move my whole A10 to be active on the other side or to be passive on the other side. If an application is having a problem, I can just move it using a command. That is really interesting and very appropriate for our environment. It's very easy to use. The commands are easy to use. I have used a couple of other load balancers and I find A10 to be the easiest one. The language and the commands are easier, as is the layout. Even the technology behind it all just links together, so it's pretty easy to use. You just follow the steps and you're good. Within load balancing, we use some of the security features as well, such as the source mapping. We make sure that everything goes in and out from A10 itself. That makes the messages more secure too. We know what's going in and what's going out. It captures their source IP addresses if we want it to. The VRRP solution is also good. It has automatic failover. It also has a Virtual Chassis System, although we don't use it. But we do have the option of creating virtual chassis, so that gives it a bit more security. If we find an application which is not going to play well in the main pool, we can easily create a virtual chassis and have that application in that virtual chassis. With the virtual chassis we can also create system partitions and have a test system for test applications and have the others elsewhere. View full review »
Himanshu Rastogi
IT Head at Medi Assist
I use SSL, TSL, and additional offloading. With additional offloading, this is where I can put my certificate on A10, as servers don't have the capability. It has allowed us to smooth out our traffic. View full review »
reviewer1202652
IT Specialist at a university with 10,001+ employees
We don't use many of the features. We're just using the basic ADC features. We're not really using anything particularly extensive on them. They sit and work most of the time. The ease of use is very good. It's very robust. It just sits and works. We forget that it's there a lot of the time. View full review »
SeniorNe57cd
Senior Network Engineer at a recreational facilities and services company with 1,001-5,000 employees
The Global Server Load Balancing (GSLB) is simple to use. View full review »
SeniorNe5355
Senior Network Architect at a financial services firm with 10,001+ employees
The Deterministic CGNAT feature. View full review »
it_user626721
Security Consultant & IT Professional at Sistemas Aplicativos, SISAP
The load balancing, proxies, and internal proxies are valuable features. View full review »
Find out what your peers are saying about A10 Networks, F5, Citrix and others in Application Delivery Controllers. Updated: November 2019.
383,725 professionals have used our research since 2012.
Sign Up with Email