~snip~
"Cloudflare can't be enough always, they can get past it, having dedicated firewall is necessary" doesn't make sense either. To get past CloudFlare either the attack must be BIG (and 10 Gbps is pretty average, not BIG).
Let me claify this..
In other words, you want to say that CloudFlare should be enough protection for average DDoS attacks and probably for most big DDoS attacks (this over 10Gbps)?