Open topic with navigation

Mitigator Settings

Thunder TPS devices can be registered either as detectors or mitigators as clusters, TPS Detector Group and TPS Mitigator Group via A10 Control. Clusters help to streamline the device configuration in bulk. For example, you can push a specific configuration to all devices at once.

A mitigator group is a set of anomaly mitigation polices. When a detector group detects anomalies in the traffic, it sends a notification to the mitigator group. The mitigator group takes an appropriate action as per the configured security policy.

Mitigator Settings allows you to modify the ZAPR settings, DDoS interface, and BGP AS number for the mitigator devices.

Perform the following steps to view the mitigator settings:

  1. Navigate to Devices > Mitigator Settings.

    Table 145 : Mitigator Settings Window

    Column heading

    Description

    Name

    Displays the TPS device names. These devices appear from the mitigator cluster. For more details, see TPS Clusters & Devices.
    ZAPR Settings Displays the ZAPR settings applied to a device.
    DDoS Outside Interface IP Displays the DDoS interface settings applied to a device.
    BGP AS Number Displays the BGP AS Number applied to a device.

    Actions
    • Edit ZAPR Settings—Allows you to edit the ZAPR settings.
    • Edit DDoS interface—Allows you to edit the DDoS interface settings.
    • Edit BGP AS Number—Allows you to edit the BGP AS Number.

    • Edit Domain List Settings — Allows you to configure polling interval, concurrent tasks, and domain list per group for the TPS device.

Perform the following steps to modify the mitigator settings:

Edit ZAPR Settings

  1. To edit the ZAPR settings, click the kebab icon for a device under the Actions column and select Edit ZAPR Settings. The Edit ZAPR Settings page appears.

  2. Enable Pattern Recognition to configure the global ZAPR setting.

    A TPS device extracts the unknown attack signatures from the attack traffic and stops extraction when TPS sends de-escalation notification to ADO App. The extracted attack signatures are analyzed using Machine Learning techniques and converted to signature rules using Berkeley Packet Filter (BPF) expressions.

  3. Select the number of data CPUs for pattern recognition from the CPU Detected drop-down list.

    Dedicated Control CPUs for Zero-day Attack Pattern Recognition can be assigned only if the device has more than 3 data CPUs.

    Reboot is read-only field which will be enabled when any changes in ZAPR settings is done.
  4. Click Submit.

Edit DDoS Interface

If the BGP Flowspec is being used to redirect the traffic to TPS, enter the DDoS outside interface of the mitigator device.

  1. To edit the DDoS interface, click the kebab icon for a device under the Actions column and select Edit DDoS Interface. The Edit DDoS Outside Settings page appears.
  2. Enter IPv4 address or IPv6 address, or both.
  3. Click Submit.

Edit BGP AS number

When a TPS device is added to ADO App and if ‘BGP AS number’ is already configured, it is scanned from the mitigator device and then persisted in the ADO App database. If ‘BGP AS number’ is not configured on the TPS mitigator device, user can manually enter ‘BGP AS number’ here.

  1. To edit the BGP AS number, click the kebab icon for a device under the Actions column and select Edit BGP AS Number. The Edit BGP AS Number page appears.

  2. Enter AS Number.

    The BGP AS number is only saved locally and not pushed to the device.

  3. Click Submit.

Edit Domain List Settings

When a TPS device is registered with A10Control, the system scans for existing Domain List Settings on the mitigator device. If the settings are found, the values are scanned from the mitigator device and then stored in the ADO App database. If the Domain List Settings are not found, you can manually configure them here. Domain List Settings need to be configured to support large number of FQDNs in a domain-group.

  1. To edit the Domain List Settings, click the kebab icon for a device under the Actions column and select Edit Domain List Settings.

    The Edit Domain List Settings page appears.

  2. Enter the following values on the page:

    1. Polling Interval: The frequency with which the device polls the domain data for updates.
    2. Concurrent Tasks: The number of simultaneous domain list processing tasks handled by the device.
    3. Domain List Per Group: The number of domain entries grouped together for processing.
  3. Click Submit.
NOTE: Device reboot is required for the configuration to take effect.

COMPANY INFORMATION: Copyright © 2025 A10 Networks, Inc. All Rights Reserved. Legal Notice