Cloudflare Web Application Firewall Reviews

I'm highly satisfied. It's remarkably user-friendly, enabling me to quickly identify issues, and deploy solutions, and it offers the necessary features. This ease of use makes it efficient in resolving our problems. 

Improvements should be done according to our customer's requirements. 

I have been using Cloudflare Web Application Firewall for more than a year. 

Regarding satisfaction, I would say that typically, we don't require support for the usual setup. We can manage it without significant difficulty. However, a key challenge arises when dealing with numerous integrations with HVAC systems. Depending on the specifics, there might be some configuration mismatches, which necessitate specific support.

They offer an array of features within a single service, including comprehensive functionality for web apps. However, we sometimes struggle to find experts who can help us harness these capabilities effectively. In some instances, their support team may lack the cost-effectiveness needed to address certain challenges, leading customers to consider alternative solutions like Skylight.

As for the typical implementation time for Cloudflare WAF, it usually takes around a week. This initial setup is quite straightforward and rarely poses any issues. The complete setup, including configuration and initial testing, typically extends over a month. However, the precise duration may vary based on the account and specific requirements. Some straightforward setups can be completed within a week.

When it comes to Cloudflare, you can initiate a basic setup within a week, but a more comprehensive implementation with fine-tuned configurations may take longer, potentially up to a month. The exact timeline depends on the intricacies of your specific service and the level of detail required in the configuration for each service.

I believe the pricing is not the best, but it's reasonable and acceptable. We also use the McAfee system in parallel. In terms of pricing, it's okay - not great, but not bad either. It falls in the middle, which is acceptable.

In terms of support licensing, last time, we were searching for a solution, and we considered products from resellers rather than directly from the cloud provider. However, the pricing we encountered was exceptionally high. As a result, we are inclined to select support from the reseller.

Typically, a larger solution is preferable, not a small one. I believe it depends on the project's financial considerations. If the project can benefit from a larger solution and the revenue generated can cover the associated costs, then we opt for that. It's not solely based on the company's size; it's about the customer's business and its specific needs.

When considering the use of a web app, it's crucial to perform a comprehensive self-analysis. This analysis should focus on understanding aspects like bandwidth, connections, and content sessions. By assessing these factors, you can make informed decisions about the most suitable solution. Pricing is a significant component, as it directly impacts your service and, by extension, your business. The challenge with bandwidth is that it's not always within your control, especially when dealing with increased demands. Therefore, before choosing a web app, it's important to conduct a thorough self-analysis. Once you've identified your needs and requirements, you can seek a solution tailored to your specific circumstances. Trying to cover every possible scenario can be a daunting and costly task, so a well-informed and targeted approach is key.

I would rate the solution a nine out of ten.

We are using Cloudflare for two purposes. The first is for our in-house self-service platform to manage all customers, and the second is for reselling.

The integration of Cloudflare with Cloud Suite is its most valuable feature. This is where it stands out, as it can be integrated according to multiple scenarios.

The first one is the log management and reporting part. If they add logs history within the Cloudflare offering, that would be a great benefit.

There are a few features that come free with Cloudflare WAF, such as bot management. When users use it they ask for a fee. Users are not usually aware of these features in the initial phase. Users should know that these features are free for three or four months, and after that, they have to pay for them. This would help to align their expectations from the very first day.

There should be training modules that we use for our sales teams and product experts similar to Fortinet and VMware.

I have been using Cloudflare Web Application Firewall for three months.

I rate the product’s stability an eight out of ten.

Cloudflare Web Application Firewall is easy to scale. As users scale it, it integrates more features, but they may have to pay for these additional features. It is challenging to convince smaller companies that are using open-source solutions. Upon comparison, Cloudflare's features stand out over open-source solutions, but the cost element is still the factor people are most concerned about.

The technical support is good.

The initial setup of the product is simple because we have a good technical team that can manage it. We reach out to small companies if they don't have that sort of technical expertise to see if they can easily integrate it. 

Overall, I rate Cloudflare Web Application a nine out of ten.

It is used in the banking sector.

Cloudflare WAF provides protection through rules and functionalities like Cloudflare's SDRAP. Machine learning enables numerous policies that protect traffic flowing through Cloudflare's CDN and endpoints of the application. Additionally, specific protections are implemented against DDoS attacks and to block suspicious IP addresses attempting to access the sites.

Cloudflare provides numerous ready-to-use policies that can be easily enabled with minimal configuration. One such policy is WAF, which includes predefined rulesets for common threats like DDoS attacks. These policies are pre-configured for immediate use, making tuning straightforward. Adjustments may be needed for specific configurations, but the majority are ready to be deployed directly.

Support can be challenging at times. Personally, I recently had an issue with costs and contacted support—they promptly resolved my problem. However, understanding features can be more complex. While much information is freely available, for specific needs, professional support might be necessary and could pose difficulties, if there isn't an in-house engineering team. Despite this, Cloudflare facilitates easy development of custom functionalities. Alternatively, engaging with dedicated communities can also yield valuable insights with the right investment of time.

I have been using Cloudflare Web Application Firewall as an integrator for one year.

Sometimes, as a software vendor, Cloudflare needs to upgrade their software, which can encounter faults but resolve such issues.

I rate the solution's stability an eight out of ten.

The solution is scalable. I rate the solution's scalability a nine out of ten. 

It's challenging to find technical expertise, for technical issues. While there is a network for sales, finding knowledgeable technical support can be difficult.

Neutral

This level of protection is essential, whether the website is an e-commerce platform or simply a gateway for customers accessing banking services. Maintaining visibility and ensuring the site is consistently up and running are critical requirements for such services.

Integration is quite easy when migrating DNS to Cloudflare, as they manage DNS implementation. Once DNS is set up, traffic redirection to their platform is straightforward. However, it's important to manage your IP addresses carefully, possibly using additional tools or configurations to ensure they are properly protected and directed.

Cloudflare leverages AI-driven solutions, with policies set using machine learning, which forms the foundation of their AI capabilities. They offer AI functionalities for developers looking to optimize or distribute their applications, such as Workers, a serverless solution enabling application deployment without the need for dedicated machines. This setup is also AI-enabled, enhancing its capabilities

Overall, I rate the solution a nine out of ten.

I am using Cloudflare Web Application Firewall to develop web applications and mobile applications for a business belonging to the manufacturing industry which wishes to migrate its entire applications from its existing AWS system to Cloudflare.

The enterprise bundle includes a variety of features, such as a Web Application Firewall, rate limiting, CDN, DDoS protection, remote management, performance monitoring, and more. It is a really nice product.

The additional features I wish to see in the next release include rate limiting on Cloudflare Web Application Firewall and advanced DDoS protection. The current product is highly explorable and does not have many limitations. However, there are some limitations in terms of administrative privileges and the way it manages auto-alerts.

Cloudflare needs to improve its customer support for Indian customers and work on the monitoring and reporting features.

I am a reseller and a direct user. I have been working on the enterprise version of Cloudflare Web Application Firewall for the past year.

The product is stable, and we have been working with a customer who uses it for their manufacturing and connecting car applications, as well as some API-related systems. The customer was previously using AWS Web Application Firewall. However, they have now decided to switch to Cloudflare. In Cloudflare, the rate-limiting feature helps protect against attacks and mitigates brute-force attacks. The DDoS mechanism automatically defends against DDoS attacks. Cloudflare's Web Application Firewall also has 700 signatures and provides intelligence on 10 vulnerabilities. It offers IP, URI, and domain-based filtering options.

The solution is not deployed in my company, but it is used in the company of one of my customers. The customer I mentioned has around 12,000 users working on this solution. I rate the scalability a 10 out of 10.

I have experienced some difficulties with Cloudflare's support as a customer based in India. Despite the company offering 24/7 support, I feel that administrative support does not meet the expectations of its customers.

Neutral

I previously worked with an on-premise version of the F5 tool more than five years ago, and at that time, the concept of SaaS was not prevalent. Currently, the Cloudflare product is considered to be a SaaS-based product since they have CDN, which is different from my previous experience with the F5 tool. Since it has been a long time since I worked with the on-premises version, I am unable to provide a relevant comparison between the two.

I find the deployment process for Cloudflare's firewall to be very smooth. Someone with a basic understanding of networking and security will be able to implement the firewall's basic features within 15 minutes. The deployment of a new domain on Cloudflare can be completed within 15 minutes if the necessary administrative authority and support from the DNS team are available during the process. It also includes the time needed for domain registration. We are working for an ITSM organization and have multiple administrators. During the deployment phase of the solution in the organization, we have limited the number of administrators to just five to ten individuals. We also arranged a few KT sessions to help the company employees who are involved in working with this solution. As of now, they have started working on the tool.

In terms of the licensing cost perspective, it is a subscription-based pricing model. Usually, customers opt for a yearly subscription. However, I don't have a specific or exact figure on the actual cost. Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable. The enterprise-level subscription provides multiple options, such as the ability to enable advanced Web Application Firewall and DDoS protection. This means that customers have multiple subscription options.

To effectively use Cloudflare Web Application Firewall, it is important for a person to have an internet connection, an understanding of the internet, how the DNS works, and how websites and their administration domains function. I rate this solution a nine out of ten.

The primary use case of Cloudflare Web Application Firewall involves setting up DNS zones and implementing zero trust policies.

Cloudflare Web Application Firewall has enhanced security by effectively managing and cutting off unwanted traffic.

Some of the most valuable features of Cloudflare Web Application Firewall include its DNS zone setup and the zero trust policy.

The dashboard could be more user-friendly, and a console approach like Cloudflare CLI could enhance its usability.

We have been using Cloudflare Web Application Firewall for four years.

On a scale from one to ten, the stability of Cloudflare is a nine.

The scalability of Cloudflare is a ten out of ten.

I had to contact technical support twice, and both times, my issues were resolved satisfactorily. Therefore, I rate them a ten out of ten.

Positive

The initial setup was straightforward, taking only five minutes using Terraform.

From my perspective, the price of Cloudflare Web Application Firewall is quite affordable, rating around an eight or nine.

I highly recommend Cloudflare Web Application Firewall due to its extensive knowledge base and ease of integration with Terraform.

I'd rate the solution ten out of ten.

We use Cloudflare Web Application Firewall for verification of applications from various domains. Also protecting the server from exposure by implementing the Proxy Server feature on front end i.e. on client's side. Also implemented both hosts based & Cloud based WAF. 

We are required to follow a specific and separate set of rules for web applications for DDoS attacks while working with AWS and Azure. Instead, there could be an option to duplicate the cluster to maintain the consistency of rules.

We have been using Cloudflare Web Application Firewall for three to four years.

I rate Cloudflare Web Application Firewall's stability a nine out of ten.

It is a scalable platform. Although it lacks some features. We have two to three users for it. I rate its scalability an eight out of ten.

The initial setup process is simple.

I implemented the product myself.

Cloudflare Web Application Firewall has certain limitations for rules. I rate it a seven out of ten.

Our use case of this solution is to secure our web applications hosted on Cloudflare. I'm a security operations analyst and we are customers of Cloudflare. 

This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks. We know it's doing a good job because we've tested it. 

The reporting could be improved if it were more granular. Fortigate Firewall, for example, shows all the events at a glance with different fields on a table; you can scroll through for patterns and look at all events. That's not possible with CloudFlare where I need to analyze a report that summarizes all the data. It requires exporting the report as a CSV file, analyzing it in Excel, and then going into CloudFlare to carry out a deeper analysis. If I could do that high-level analysis from the web console and then drill down specific events, it would be a great feature that would improve this product. 

I've been using this solution for seven months. 

The solution is stable, we haven't had any downtime. 

The solution is easily scalable. 

I previously used Imperva Web Application Firewall. For tracking metrics, I think CloudFlare does a better job with its graphs and the user interface. Its web console presents those metrics in an easily readable manner and it does that better than Incapsula or Imperva. I think Imperva speaks more to security, and preventing attacks and is more focused on details about the attacks. CloudFlare does more because it shows your availability metrics, traffic metrics, and security metrics. In terms of the user interface, I'd say that CloudFlare does a better job in reporting.

There is some maintenance required when it comes to updates and we periodically have to review the rules sets which require going into the list of rules and finding those connected to that particular view and then enabling them in your environment. We have three admins working on this product. We use the solution on a daily basis. 

If you're going to be reporting heavily and want to leverage the reporting features to measure the performance of your websites, then CloudFlare does that very well.

I rate this solution eight out of 10. 

Cloudflare Web Application Firewall is used to protect the web servers.

The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration.

The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts.

Signature-based detection and data loss prevention could also be improved.

I have been working with Cloudflare Web Application Firewall for one year.

Cloudflare Web Application Firewall is a stable solution.

I am not familiar with the scalability of this solution,

We have 20 people in our organization who are using this solution.

I have not had any issues with the technical support of the Cloudflare Web Application Firewall.

Local support is available.

The initial setup is straightforward, it is easy.

It took four hours to deploy this solution.

It is less expensive than its competitors.

The annual licensing fee is $10,000 USD.

I have not had any issues with this solution, and I would recommend it to others who are interested in using it.

I would rate Cloudflare Web Application Firewall a nine out of ten.

We are partners with Cisco.