Introducing TR7 ZeroLeak: Visual Isolation — only pixels reach the user, never your data
Under Attack? Support Partner Portal
Free Live Demo
DE DeutschEN EnglishES EspañolFR FrançaisJA 日本語PT PortuguêsTR Türkçe

TR7 Platform — four products, one operator UI, one shared backend pool.

PRODUCT

Application Delivery Controller

The control plane for enterprise application traffic.

TR7 ADC publishes, routes, accelerates, protects, and makes application traffic observable — from a single point. From HTTP/3 down to legacy TCP/UDP services, it manages diverse workloads on one platform; load balancing, SSL/TLS, traffic optimization, health monitoring, security, and reporting converge in a single operator UI.

Right request. Right service. Uninterrupted delivery.

All of TR7 ADC's capabilities — service types, algorithms, rules, masking, and access control — work toward a single purpose: getting the right request to the right server, fast, securely, and under control.

What Is an ADC? Load Balancing, Enterprise-Grade

A classical load balancer distributes connections across servers. A modern ADC goes further: it terminates SSL/TLS, accelerates traffic, monitors service health, preserves session continuity, applies rule-based routing, and makes application traffic observable. TR7 ADC is the enterprise application-delivery layer that brings all of this together on a single platform.

From HTTP/3 and QUIC down to legacy TCP/UDP services, different protocols are published through the same engine. With TLS 1.3, modern cipher policies, and post-quantum hybrid key exchange, today's traffic is carried securely while tomorrow's cryptographic requirements are already in scope.

TR7 ADC is not a load balancer with features bolted on; it is an ADC designed from the ground up for application delivery. Service types, algorithms, rules, masking, and access control all work toward a single purpose: getting the right request to the right server — fast, securely, and under control.

INCLUDED WITH ADC

Three enterprise capabilities ship inside every ADC license

TR7 ADC doesn't just distribute traffic; it protects and makes application traffic visible. Adaptive L4 DDoS, adaptive L7 DDoS, and on-device L7 reporting come standard with every ADC license — at sensible default limits. No extra appliance, no separate management server, no different product family. When your environment grows, a matched add-on scales on the same data path; the architecture stays intact.

IncludedCovers 2 route tables

Adaptive L4 DDoS Protection

Learns your network's normal traffic behavior and detects deviations against that baseline. SYN floods, UDP floods, reflection, amplification, and protocol anomalies are brought under control while legitimate user traffic stays unaffected.

More route tables to protect?L4 DDoS Add-on
IncludedCovers 7 vServices

Adaptive L7 DDoS Protection

Learns each application's normal request behavior on a per-vService basis. HTTP floods, slow-loris, brute-force login attempts, bot traffic, and content-aware anomalies are filtered the moment they deviate from the application's actual normal — without breaking the legitimate user experience.

More vServices to protect?L7 DDoS Add-on
IncludedCovers 7 vServices

On-Device L7 Reporting

Monitors and reports L7 requests on the appliance itself. User behavior, TLS details, error patterns, security decisions, and traffic trends are all followed from the same console. Operational visibility without standing up a separate reporting server.

More vServices to report on?L7 Reporting Add-on
PROTOCOL COVERAGE

One delivery engine — from HTTP/3 to legacy TCP/UDP services

Enterprise applications aren't just HTTP. APIs, web apps, database connections, mail services, DNS, syslog, VoIP, gaming traffic, and bespoke TCP/UDP protocols all share the same environment. TR7 ADC publishes these services on a single platform — no separate product, separate UI, or separate operating model per protocol.

L7

HTTP / HTTPS services

Full Layer-7 termination for modern web and API traffic. SSL/TLS offload, re-encryption, host/path-based routing, content rewriting, caching, compression, and security headers — all managed per vService.

  • HTTP/1.1, HTTP/2, HTTP/3 listeners
  • SSL/TLS termination + re-encryption
  • Per-service host- and path-based routing
  • Rules, profiles, custom block pages
L7

TCP services (L7)

Connection-aware TCP proxy for non-HTTP applications. Connection management, TLS termination, re-encryption, and traffic shaping for databases, mail, message queues, and bespoke TCP applications.

  • Any TCP protocol — database connections, message queues, mail servers (SMTP/IMAP/POP3), custom TCP applications
  • SSL/TLS termination + re-encryption to backend
  • Connection limits, timeouts, traffic protection
  • Protocol-aware traffic shaping
L3/L4

Network services (L3/L4)

High-performance L3/L4 forwarding for TCP and UDP workloads. Suitable for DNS, syslog, VoIP, RTP, gaming servers, and any service that doesn't need the HTTP stack.

  • TCP and UDP at line rate
  • Seven L3/L4 algorithms
  • Direct routing, NAT/route, and SNAT modes
  • Connection-table-free forwarding for UDP

Every protocol becomes a service object — same UI, same profile model, same policy semantics. When a new application type arrives, you add a service, not a new product.

THE HEART OF TR7 ADC

Load balancing

13 algorithms, 9 session-persistence methods, and 7+ deployment topologies. Each chosen per vService, switchable live.

Load balancing is not a side feature of an ADC; it is the core function. TR7 ADC lets you pick the right algorithm, the right persistence method, and the right network topology per vService for each application type. Changes apply live; operations continue without dropping active connections.

13 algorithms — selectable per vService

From round-robin to Maglev hash, all the way to the TR7 Fastest+ engine: pick the algorithm that matches the traffic character. Static content, APIs, stateful applications, and caching layers can run on the same appliance under different algorithms; the choice is made per vService and is changeable live.

Round-robinLeast-connectionsFirst-availableRandomSource-IPURIURL-paramHeaderRDP-cookieConsistent hashMaglevSEDFastestFastest+
See all algorithms
TR7-EXCLUSIVE

TR7 Fastest+ — computes the fastest backend for every request

Round-robin picks the next server in line; least-connections picks the one with fewest active connections. Fastest+ combines 8 live signals from each healthy backend to compute a current speed score per request. No external monitoring needed; the signals are measured from the traffic TR7 carries.

Response time
Connect time
Queue time
Active sessions
Active queue depth
Connection errors
Server-side terminations
Connections in use
Fastest+ details

Nine ways to keep a user on the right backend

Shopping carts, admin panels, banking sessions, RDP gateways and other stateful flows need the user to stay on the same backend. TR7 ADC offers 9 persistence methods, selectable per vService. SAM (Session Affinity Manager) configures cookie source, session format, and security flags from the UI — no backend application changes required.

Source-IPURI-lengthURL-paramHeaderRDP cookieTR7 cookieBackend cookieDynamicSAM
SAM: 2 cookie sources × 4 session formats × 4 security flags
See all persistence methods

Place TR7 ADC in your network — without touching the backends

The hardest part of ADC deployment is often fitting the network to the product, not the other way around. TR7 ADC offers 7+ topology modes — one-arm, two-arm, reverse proxy, transparent L7 bind, L2 bridge, transparent gateway, and IP-takeover inline — so you take over traffic without changing backend IPs, default gateways, or application configs.

Cross route-table forwarding: A VIP in one route table can forward to a backend in a different route table — DMZ, internal, tenant, and management segments stay isolated yet connect in a controlled way.
See all deployment modes
THE FULL ADC SURFACE

Every baseline capability an enterprise ADC must have

SSL/TLS, certificate lifecycle, health checks, traffic rules, optimization, error pages, and live visibility are all built in. All managed from the same UI, all updated live without breaking connections.

SSL / TLS acceleration

TLS termination, modern cipher policies, and secure re-encryption to backend — accelerate application traffic without compromising on crypto.

mTLS client certificate authentication

Validate client identity at the TLS layer; protect critical services with certificate-based access without touching application code.

URL and path rewriting

Translate between legacy URL structures, partner paths, and modern endpoint schemes without touching application code.

Active health monitoring

Continuously probe every backend; pull unhealthy targets out of rotation before users feel it.

Response caching

Returns frequently requested responses without hitting the backend; reduces latency and lightens server load.

Per-vService traffic shaping

Apply connection limits, timeouts, and traffic protection settings live, per vService.

Custom block and error pages

Build branded block and error pages aligned to your corporate design; control the user experience.

Live traffic tracking

Search, filter, and watch the live request stream; see problems during operations, not after they hit the log file.

DIFFERENTIATOR

Build traffic rules without scripts. Roll them out without restarts.

Classical ADCs often hide advanced routing and security logic behind vendor-specific scripting languages. TR7 ADC delivers the same flexibility through visual, declarative rules. Rules, profiles, and certificates apply to live traffic; no service restart, no dropped connection.

Content-aware rules

Route, rate-limit, deny, or rewrite based on traffic attributes — headers, paths, query, method, IP, geography, and parsed JSON body values. Logic is built as a visual rule; no scripting.

Details

Smart ACL conditions

Combine header, geography, ASN, time window, request method, and body fields into composite access conditions. No proprietary DSL to learn; everything is managed through the rule builder.

Details

Hot configuration reload

Update rules, profiles, certificates, route tables, and backend pools live. Active connections are preserved; the maintenance window shrinks.

Details
DIFFERENTIATOR

Mask sensitive data before it leaves the network

When an application accidentally returns a card number, national ID, API key, or any other sensitive field, catching it in the SIEM is too late. TR7 ADC inspects responses before they reach the client, masks sensitive fields based on policy, and stops data leakage at the egress moment.

Sensitive data masking

Detect PII, PAN, credentials, and custom regex patterns in response bodies; mask them before they reach the client to lower data-egress risk.

Details

Data leakage prevention

Catch sensitive data before it leaves your network. Apply policy at the ADC layer even when the application team hasn't tagged a field as sensitive.

Details

IP masking and normalization

Normalize or mask client IPs for privacy-friendly logging, cohort routing, or data minimization.

Details
DIFFERENTIATOR

Intelligent protection, under operator control

TR7 ADC learns the normal behavior of application and network traffic; it catches DDoS deviations early, validates bot suspicions through a local CAPTCHA, and applies defensive actions under operator control. A transparent, enterprise-grade protection layer — no black-box automation, no third-party JavaScript, no unnecessary data egress.

Adaptive DDoS learning

TR7 learns your environment's normal from signals like request rate, connection pattern, and geographic distribution. Defense thresholds run against an operator-confirmed baseline, not a blind automation.

Details

Self-hosted CAPTCHA

The CAPTCHA challenge runs on the ADC itself. No third-party JavaScript, no validation data leaving your network — a more controlled model for GDPR, CCPA, PCI DSS 4.0, and similar compliance contexts.

Details
DIFFERENTIATOR

Your appliance obtains, installs, and renews SSL certificates

Buying certificates, verifying domains, tracking expirations, and managing renewal risk is the old operational model. TR7 ADC manages the certificate lifecycle automatically through ACME-supported certificate authorities: it requests, validates, installs, applies to vServices, and renews before expiry.

Free — really

Certificates come from well-known ACME-supporting certificate authorities. Browser-trusted CAs, no per-certificate fee, no manual renewal toil.

Details

End-to-end automation

TR7 ADC requests the certificate, validates ownership through HTTP or DNS challenge, installs it on the system, binds it to the relevant vServices, and renews in the background.

Details

Enterprise and private-CA support

Enterprise or private certificate authorities that support ACME work through the same mechanism. Public CA, private CA, or internal PKI — the same certificate-lifecycle model applies.

Details
Supported certificate authorities:Let's EncryptZeroSSLBuypassGoogle Trust ServicesSSL.com
BROADER ADC

Broad protocol coverage on a single platform

Enterprise traffic isn't only web. FTP, UDP, syslog, DNS, VoIP, and bespoke protocols are part of the same operation. TR7 ADC manages these diverse workloads through one UI, one profile model, and one rule semantics.

Three service types on one platform

HTTP, TCP (L7), and Network (L3/L4) services are published on a single platform. No separate product family, no separate management UI, no separate policy model.

Details

FTP proxy

A protocol-aware front-end for legacy FTP workloads. Control channel is inspected; connections flow through the modern ADC layer.

Details

UDP load balancing

High-performance forwarding and load balancing for UDP workloads — DNS, gaming, syslog, VoIP, RTP.

Details

Syslog proxy

Route, filter, and shape syslog streams before they reach the collectors; bring log traffic behavior under control.

Details

DNS proxy

Proxy, cache, firewall, and modern DoT/DoH/DoQ flows for DNS traffic — managed at the same gateway.

Details
PLATFORM

The delivery layer is the foundation of the platform

TR7 ADC publishes the application. TR7 WAAP protects it. TR7 AAM decides who can reach it. TR7 GTM routes traffic to the right region. Four products; one platform, one operator UI, and a shared backend-services pool — they work together.

DELIVERY
TR7 ADC
Application Delivery Controller (this product)
PROTECTION
TR7 WAAP
Web Application and API Protection
ACCESS
TR7 AAM
Application Access Manager
ROUTING
TR7 GTM
Global Traffic Manager
Shared by all four pillars
  • Backend resources (services, certificates, health checks)
  • Reports and logs
  • Users and RBAC
  • Multi-tenancy

Each pillar is an independently licensed product; they share the same operator UI, backend-service definitions, certificate store, and reporting plane. That's why running the products together takes minutes, not weeks.

RECOGNITION

Validated by the teams that use it

Reviews on G2 from network engineers, infrastructure architects, platform teams, and enterprise IT leaders.

Verified Review
"We used to struggle with another brand during peak times, but TR7 solves this seamlessly."
Senior Product ManagerTechnologyMid-Market (51-1000 employees)
TR7 reviews and rating on G2
Verified Review
"TR7 efficiently distributes requests across dozens of application servers, even when transient front-end issues occur."
IT ProfessionalHigher EducationEnterprise (1000+ employees)
TR7 reviews and rating on G2
Verified Review
"I can run more than 50 publicly accessible services on a single appliance."
IT ManagerEnterpriseEnterprise (1000+ employees)
TR7 reviews and rating on G2
Verified Review
"The platform provides uninterrupted traffic distribution across dozens of application servers while delivering real-time monitoring and visibility."
CTOTechnology ServicesMid-Market (51-1000 employees)
TR7 reviews and rating on G2
Verified Review
"We used to use F5 and Citrix. We tried this and replaced both F5 and Citrix with it. We have not regretted it since."
Project Technical ManagerDefense/TechnologyEnterprise (1000+ employees)
TR7 reviews and rating on G2
Verified Review
"TR7 delivers advanced load balancing and WAAP capabilities in a single, well-integrated appliance. It also provides L7 DDoS protection, and the user interface is remarkably clean."
Enterprise UserTechnologyEnterprise (1000+ employees)
TR7 reviews and rating on G2
Verified Review
"TR7 excels in multi-layered protection — from advanced Web App & API Protection (WAAP) and bot prevention to DDoS protection and adaptive security."
Network AdministratorTechnologySmall Business (50 or fewer employees)
TR7 reviews and rating on G2
Verified Review
"TR7 stands out in multi-layered protection — from advanced Web App & API Protection (WAAP) and bot mitigation to DDoS prevention and adaptive security."
Network AdministratorTechnologySmall Business (50 or fewer employees)
TR7 reviews and rating on G2
TR7 ADC CAPABILITIES

Delivery, security, and visibility under one engine

Every capability has its own technical reference page describing actual product behavior. Click any title to open the detail.

Load Balancing Algorithms Served Bandwidth Model Session Affinity Fastest+ — Proprietary 8-Signal Adaptive Routing Built-in Network Diagnostics Connection Multiplexing Cookie Security Flags CORS Policy Rule Hot Config Reload (Zero-Downtime) HTTP Redirect Rules Inline TLS Backend Inspection IP Masking and Normalization Native IPFIX / NetFlow Export JSON Path Operations Native Prometheus + Grafana Integration Per-vService Traffic Shaping and QoS Response Body Modification Traffic Quarantine URL and Path Rewriting Traffic Rules Engine FX Expression and Variable Engine Live Traffic Tracking L7 Traffic Analytics & Reporting Scheduled Report Delivery Cookie Encryption Rule HA Clustering VIP and IP Scenarios Content-Aware Rules SSL/TLS Acceleration TLS / mTLS Client-Cert Authentication Deployment Topology Modes Multi-Namespace Architecture and Cross-NS Routing Active Health Monitoring Response Caching NTP Service Route Table Management Dynamic Interface Management Built-In Firewall ACME Cert Renewal Virtual Hosts Adaptive DDoS Learning Sensitive Data Masking Rate Limiting Geo/ASN Access Control IP Reputation Feeds SIEM Log Streaming Syslog Forwarding Proxy DNS Firewall & Load Balancer Health Check Scenarios Express Zone Acceleration Interactive PTY CLI Server Telemetry and Routing Intelligence ETM Server Integrity and Deployment Intelligence L4 DDoS Attack Coverage Advanced PDF Reporting Process Monitoring Recovery Mode — Lockout-Free Operations L4 Modes Three Service Types UDP Load Balancing CA Management Smart ACL Conditions Timeout Profiles Pool Connection Limits Notification System

Modernize application delivery on your own terms

Bring your hardest topology, your oldest backend, or your strictest compliance requirement — we'll walk through TR7 ADC together. We'll show you how to publish without re-architecting your network or interrupting active services.

One platform · Four products · One operator UI