This is a comparison post. We sell a competing product (Flowtriq), so we are not a neutral party. Every figure listed here is sourced from publicly available pricing pages and documentation as of May 2026. If any vendor updates their terms, we will update this page.
Why support matters more for DDoS than almost any other security tool
Most security products are set-and-forget. You configure a firewall rule, it runs for months, and you open a support ticket when something breaks during a maintenance window. DDoS detection is different. When you need support, you are typically under active attack. Your network is degrading. Customers are filing tickets. Your NOC is in incident mode.
In that context, the question is not "does the vendor have a support portal?" but rather "can I actually reach them right now, or have I already used my allocation for the month?"
FastNetMon: 1 to 3 tickets per month, depending on tier
FastNetMon Advanced uses a tiered support model where the number of monthly support tickets scales with your bandwidth plan. According to their published pricing page:
| Plan | Price | Support Tickets/Month | Instances |
|---|---|---|---|
| 10 Gbps | $115/mo | 1 ticket | 1 |
| 40 Gbps | $220/mo | 2 tickets | 2 |
| 100 Gbps | $350/mo | 3 tickets | 3 |
| Enterprise | Custom | Dedicated | Custom |
On the entry-level plan, you get one support interaction per month. If you open a ticket for a configuration question on the 5th of the month and then get hit with a multi-vector attack on the 18th, you have already used your allocation. The pricing page notes that additional tickets can be purchased through a custom quote from their sales team, but there is no published price for overages and no self-serve way to buy them in the moment.
All non-enterprise plans also carry an $85 one-time activation fee. The enterprise tier, which includes dedicated support, requires custom pricing negotiation.
What this looks like during an incident
Consider a hosting provider on the 40 Gbps plan. They get 2 tickets per month. In a busy month, they might use one ticket for a BGP FlowSpec configuration issue and another for a false positive investigation. If a third issue comes up, whether it is an attack or an operational question, they are out of tickets until the next billing cycle.
For organizations that experience multiple attack events per month (which is common in hosting and gaming), the ticket cap creates a real operational constraint.
Andrisoft Wanguard: free standard support, paid priority and enterprise tiers
Wanguard takes a different approach. Their published documentation describes three support tiers:
| Tier | Price | Response Time |
|---|---|---|
| Standard Support | Included with subscription | Not published |
| Priority Support | Paid add-on (price not public) | Not published |
| Enterprise Support | Paid add-on (price not public) | Under 1 hour, 24/7/365 |
The good news is that Standard Support has no published ticket cap. The concern is that Wanguard does not publish response time guarantees for Standard or Priority tiers, and the only tier with a published SLA (under one hour, around the clock) is Enterprise, which is a separate paid add-on with undisclosed pricing.
This is on top of the base license costs. Wanguard uses per-component licensing: a Sensor license is $595/year, a Filter license is $995/year, and a DPDK Engine license is $1,410/year. A deployment with both detection and mitigation requires at minimum one Sensor and one Filter license ($1,590/year), before any support upgrades.
The opacity problem
When a vendor does not publish response time SLAs for their standard support tier, you cannot hold them to a specific target. You may get responses in hours, or you may get them in days. Without a published commitment, the only way to guarantee faster response is to pay for a higher tier at an undisclosed price.
What to ask before you sign
Based on the patterns above, here are the questions that will save you from a bad surprise during your next incident:
- How many support tickets are included per month? If there is a cap, ask what happens when you hit it. Is there an overage rate? Do unused tickets roll over?
- What is the response time SLA for your standard tier? "Best effort" is not an SLA. Get a number in hours, in writing.
- Is support available during active attacks, or only for configuration and billing? Some vendors treat incident support differently from general support.
- What does priority or dedicated support cost? If the only tier with guaranteed response times is a paid upgrade, you need to know that number before you sign, not during an attack.
- Can I reach support through the channels my NOC actually uses? Email-only support with a 24-hour SLA is not helpful when your network is down at 3 AM.
- Is support included in the license, or is it a separate line item? Per-component licensing plus tiered support pricing can create a total cost that looks very different from the headline number.
How different support models compare at a glance
| Vendor | Ticket Limit | Response Time SLA | 24/7 Support | Support Cost |
|---|---|---|---|---|
| FastNetMon Advanced | 1-3/month (by tier) | Not published | Enterprise only | Included (capped) |
| Andrisoft Wanguard | No published cap | Enterprise tier only | Enterprise only | Standard free; Priority/Enterprise paid |
| Flowtriq | Unlimited | All plans | All plans | Included ($9.99/node/mo) |
Disclosure: Flowtriq is our product. We include it in the comparison table because it is directly relevant, but the data for FastNetMon and Wanguard comes from their own published pricing pages and documentation.
The real cost of capped support
A single DDoS incident can generate multiple support interactions: initial triage, threshold tuning, false positive review, FlowSpec rule validation, and post-incident analysis. On a plan with 1 to 3 tickets per month, a single complex attack can consume your entire allocation.
The vendors that cap support at the plan level are making a business decision: support is expensive, and limiting it keeps costs down. That is a reasonable choice. But it shifts the operational burden to the customer. If you are a small ISP or hosting provider without a dedicated DDoS specialist on staff, that shift can be the difference between resolving an incident in minutes and spending hours troubleshooting alone.
What unlimited support actually means in practice
Unlimited support does not mean unlimited hand-holding. It means that when your network is under attack and you need help tuning a threshold, validating a mitigation rule, or understanding an alert, you can reach someone without checking how many tickets you have left this month.
For organizations that experience frequent attacks (gaming, hosting, financial services, media), this is not a luxury. It is a basic operational requirement.
Unlimited support is included in every Flowtriq plan
Detection, mitigation, dashboard, API, PCAP forensics, and support. No ticket caps, no per-user fees, no paid support tiers. $9.99/node/month.
Start Free Trial →Frequently asked questions
How many support tickets does FastNetMon include per month?
Does Andrisoft Wanguard include support with the license?
What happens if I exceed my support ticket limit during an attack?
Which DDoS protection vendors offer unlimited support?
Is response time SLA the same as support availability?
The bottom line
Support is not a feature you evaluate once during procurement and forget about. It is the feature you depend on during your worst day. When your network is under a volumetric attack at 2 AM and your BGP FlowSpec rules are not firing correctly, the difference between "unlimited support included" and "you have 0 tickets remaining this month" is the difference between a 5-minute resolution and a multi-hour outage.
Before signing with any DDoS vendor, get the support terms in writing. Know your ticket limits, response time SLAs, escalation paths, and the cost of every support tier. These details are not in the marketing materials. They are in the contract, and they matter more than the detection engine specs when things go wrong.