-
HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487) Attack Advisory
An emerging threat, the HTTP/2 Rapid Reset Vulnerability (CVE-2023-44487), has been identified as a new application layer denial-of-service attack that brings a significant risk to network security. This vulnerability allows attackers to exploit the HTTP/2 protocol's design and any organizations running web, application,…
-
[T&C] CGNAT Port Reservation (Port Forwarding) with Firewall using Thunder CGN/CFW
In this article we will see how you can implement CGNAT Static Port Reservation (also known as Port Forwarding) using A10 Thunder CGN/CFW. Deployment Scenario Here is the deployment scenario: We have two internal services that we want to make accessible to the outside world using Thunder CGN/CFW: SSH server running on…
-
[T&C] Deploy DNS recursive resolver using Thunder CFW
In this article, we will see you can deploy DNS recursive resolver using Thunder CFW. Setup This is what we want to achieve: By default, the Thunder device should resolve queries starting from the root servers. However, for the domain names ending in a10networks.com, it should use the response from a DNS service-group that…
-
[T&C] DNS over HTTPS (DoH) with certificate from Let's Encrypt
DNS over HTTPS (DoH) is a protocol for securing DNS communication by sending DNS queries and getting DNS responses over HTTPS. For details, refer to RFC 8484 (https://tools.ietf.org/html/rfc8484). This article shows you can deploy DNS over HTTPS (DoH) with automatic certificate enrollment and renewal from Let's Encrypt CA…
-
[T&C] Deploy NAT64 and DNS64 with Thunder CGN/CFW
In this article, we will see how you can deploy NAT64 with DNS64 using Thunder CGN/CFW to enable IPv6 clients to access IPv4 resources. Setup Here is an overview of the setup and the overall functionality (DNS64 and NAT64): Base configuration Here we have the following base configuration on the Thunder device: ip dns…
-
How to set up Harmony Controller ?
In this article, we will look at how to set up Harmony Controller after activating Controller and Thunder licenses. The next steps are to: 1. Check Networking Pre-requisites 2. On-board Thunder to Harmony Controller 3. Viewing Analytics and Insights Step 1: Check Networking Pre-requisites Communication between Harmony…
-
How to get started with vThunder Free trial ?
In this article, we will look into how you can sign-up & quickly set up your vThunder free trial in 30 minutes. This trial allows you to explore and test the benefits of A10 application service capabilities Convergent Firewall (CFW), Application Delivery Controller (ADC), Carrier Grade Networking (CGN), and SSL Insight…
-
Get started with Harmony Controller Trial
Harmony Controller offers single-pane-of-glass management and analytics for A10 secure application services, including A10 Thunder® ADC, SSLi®, CFW, and CGN across on-premises data centers and public, private, and hybrid cloud deployments. It improves agility and efficiency with automation, thus reducing the need for IT…
-
[T&C] HTTP/HTTPS URL Filtering with Thunder ADC/CFW
In this article, we will look at how you can do HTTP/HTTPS URL filtering using Thunder CFW. Download and install web category license and database First, make sure you have the web category license on the Thunder device: vThunder#sh license-info…
-
[T&C] Firewall with Application-based Rate-Limiting using Thunder CFW
In this article, we will see how you can use the Thunder CFW to rate-limit traffic on a per-application (or application category) basis. Objective Here, we want to rate-limit application traffic for each subscriber as follows: Social network traffic: upload speed = 1 Mbps, downlink speed = 2 Mbps FTP or TFTP traffic:…
-
[T&C] Harmony Controller: Send alerts to Microsoft Teams (Webhook URL)
In this article, we will look at configuring Harmony Controller to send alerts to a Microsoft Teams channel (webhook URL). Objective Here we have a Thunder device with the following virtual service: slb virtual-server DOH-VIP 100.64.1.250 port 53 dns-udp service-group SG-DNS template dns dns1 We want to monitor the status…
-
[T&C] Firewall with Application Visibility using Thunder CFW
Thunder CFW offers Gi LAN services consolidation to combine L4–L7 functions, including CGNAT, stateful firewall, and application visibility to integrate greater efficiencies on the Gi LAN. In this article, we will look at how you can configure Thunder CFW for application-level visibility. First, make sure you have the…
-
[T&C] Example of using SNI with aFleX
In an SSL/TLS handshake, the name of the server being accessed is sent using the SNI extension in the Client Hello message. For example, suppose you access the site https://intranet.a10tests.com, it will show up in the SNI extension as follows: Starting from ACOS 5.1.0, this SNI field can be captured using the aFleX…
-
[T&C] Using DNS over HTTPS (DoH) while preserving Client IP
Thunder CFW enables you to provide DNS over HTTPS (DoH) service to end-users without having to upgrade the DNS infrastructure itself. Here is a sample setup: The client browser (in this case Firefox browser) is configured with a custom DoH URI, which resolves to a VIP on the Thunder CFW: The Thunder CFW configuration is as…
-
[T&C] DNS over HTTPS (DoH) and DNS services on the same VIP
DNS over HTTPS (DoH) is a protocol for securing DNS communication by sending DNS queries and getting DNS responses over HTTPS. In DoH, each DNS query-response pair is mapped into an HTTP exchange. For details, refer to RFC 8484 (https://tools.ietf.org/html/rfc8484). Thunder CFW enables you to provide DoH service to…
