F5 Advanced WAF Reviews

In general, the web interface is not really catchy. It's very powerful, very customizable, but it doesn't have a very nice GUI interface for a new adopter. For them, they'd have to do a lot of configuring. At least the reporting and monitoring parts, let's say, to be honest, should have a better interface. A few other products have very nice dashboards, out of the box, and F5 is not that friendly to use.

Also, when you buy WAF, you have to buy another module called APM to do authentication. You have to buy another module with an extra license, to have the authentication feature. Other vendors have it interwoven. For example, I don't know if Barracuda has it, but Citrix has it under the same license. So maybe add authentication functionality in the AOS license, and not separate.

The stability is perfect. 10 out of 10. We've not had any trouble with any deployment ever. And they are very big deployments: service providers, TelCos, banking, everywhere. Even on distant parts of the network, we have not had any kind of performance issues. Of course, as long as the sizing is within the appliance performance range. But it never has had a failure in performance or degradation of service or anything like this, as long as the full-time traffic is within the box capability, we've never had an issue.

It's scalable. 

We are a partner for F5, or a system integrator, not the client. So we do the implementation for other companies. I've been working with F5 for more than 10 years, so I know them very well. 

I like them because I like the security solution. They get extra marks compared to other solutions or competitors. There are more features than any other product I can think of. They're always monitoring, and the security features offer more than other, lesser products.

I would rate this solution 10 out of 10.

We use the solution to secure web applications running in the organization.

F5 is one of the best products. We use it for multiple segments within our organization and applications. It is a central point of all the applications being scrubbed and checked.

The customer service could be improved.

I have been using F5 Advanced WAF for more than ten years.

The product is stable.

I rate the solution’s stability a seven out of ten.

The solution is scalable.

Our entire organization and clients use the solution.

The initial setup is easy since I have used the technology for almost 20 years. Some applications require more attention depending on what you are doing and trying to achieve with the particular module. You need some assistance from the team in configuring the different components within the application through the web.

The solution is worth the money that you spend.

The solution is expensive.

Whatever you are looking for can be done on the platform. Some features may not be available with IO components. A few features give you the flexibility that no other product can.

Overall, I rate the solution an eight out of ten.

We primarily use the solution to protect web and API applications. You can choose either web classic or API to protect against different types of attacks.

With Advanced WAF protection, F5 was able to protect multiple kind of Web Application, supporting both HTTP & API protocols access

There are two main features that we love on F5.

The first is the hardware itself. It's extremely stable and reliable. We never face any issues with it and performance is never affected. 

The second is the features on offer. Feature-wise, they are always cutting edge and up-to-date. Many features aren't available via competitors. There's always a lot of enhanced critical features that just aren't available through anyone else, or, if they are, are too lightweight. They're the leaders in the space.

We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement.

The solution still needs some development to handle more traffic, especially in huge environments. In small environments, it's not an issue. 

I've bee using the solution for more than ten years.

The solution is extremely stable and robust. There are no issues with bugs or glitches. It doesn't crash or freeze. It's great. The stability is a huge selling feature.

It's scalable. There's always options to upgrade the hardware. Any hardware you buy from a store, you have the basic model and the upgraded model. For example, if you buy the 4600 appliance, you can upgrade up to 4800. You get double specs for everything, so you can just upgrade the license of the hardware. However, hardware eventually has a limitation. If you buy too small of a size of hardware, eventually there's some development limitations for the hardware. You can, however, do a cluster. You can add multiple hardware devices. This makes it very scalable.

The solution is not user-based. It's more connection-based, so there's no limitation on the number of users. It's more of a limitation on total throughput or total connection. Limitations depend on the application and how much traffic it generates. We've seen it in Telco environment where there's more than millions of users. We've also seen it do well with online banking where there are thousands of users. Small companies can use it too. It can vary, however, we've seen it in millions of users at Telco.

Technical support is great. We always open tickets. They're always very fast and very professional, and they always solve the issues. We're extremely satisfied with the level of support we receive.

If you want to do the basic installation and get the system up and running, then it's pretty straightforward. However, you have the flexibility to go very advanced and you can get into very complicated scenarios. That's what we like about the solution. There's a lot of use cases where you're required to have the ability to create some advanced features or some complicated scenarios. It gives you the capabilities to handle them.

You have the flexibility to go beyond that and have advanced scripting rules and advanced features in order to have more capability to do new things that are not as common. You need to have the space to improvise things if you need to.

While a straightforward deployment may only take a few hours, as it has a pre-defined rough template, there's always tuning to be done. It's a security product. It's not like it's plug-and-play. There's always a learning phase and tuning is necessary. This is common with any security product. That said, to get it up and operational, it's a matter of hours.

For a proper work deployment, to be frank, you need an ether professional because there's an ether configuration change. You also need a security professional to do the rules and policies and everything. Then, you need the involvement of the web application developer, so you can understand the content of the web application. Security people don't know which link is good and which link is bad inside the application. Usually, you need three people from the team - one each from network, security, and application - to have a proper deployment.

We're an integrator.

We have a big customer base, therefore we always have to be up to date with the latest versions. We feed to constantly look at things so that we know the new features.

I highly recommend the solution to other companies. F5 has a huge portfolio of plug-ins. You can add it to the top of the web. On the same appliance, you can have your balancer, you can have your application authentication, and those things that turn on. You can have multiple other features on the same hardware. It is definitely a technology that adapts. I can use the application in different ways beyond just security.

On a scale from one to ten, I'd rate it at a perfect ten.

The anti-bot protection is the solution's most valuable feature. Safe-guard or credential staffing are also useful features.

The templates of the iApps could be better.

The solution's dashboard could be improved. When you're moving from policy to policy, the logs and the integration of the logs in other systems aren't straightforward.

The solution has a lot of training material, but not about integration in a virtual improvement. They should create more documentation around this for users. 

The solution is stable.

Technical support is very good. I only use it four ot five times a year. If I find any bugs I post it to their file. It's very good support. They offer excellent service.

The initial setup was very simple. It was just for the machine: the ASM port and the WAF itself, not the deployment of the appliance, which is why it was easy.

I'm an integrator, so I help implement the solution for clients.

The pricing of the solution is very high.

Before selecting this solution, we looked at Kemp. We were concerned with the WAF, which is why we decided not to go with Kemp.

We're using several versions of the solution; anything between versions 12 to 14.

I would recommend the solution. It's the best option for WAF, at least in the last year or so.

I would rate the solution ten out of ten.

We use F5 Advanced WAF to protect our web applications.

What I found most valuable in F5 Advanced WAF is its automatic policy feature.

What needs to be improved in this solution is the accuracy of its automatic learning feature, because we frequently have to help it manually, particularly to stop blocking things it isn't supposed to block.

The technical support for F5 Advanced WAF, though fast and accurate, is costly. The cost could be improved.

I find F5 Advanced WAF a very stable solution.

The scalability of F5 Advanced WAF is very good.

The technical support for this tool is fast and accurate, but it's expensive.

The initial setup for F5 Advanced WAF was straightforward.

We are the integrator and reseller, so we deployed the solution in-house.

F5 Advanced WAF technical support comes at a cost, and it's expensive.

I'm using the latest version of F5 Advanced WAF: version 16.0.

We don't only use this solution for ourselves, as we also have some customers we implemented it for, because we are a reseller.

Deployment of F5 Advanced WAF took two to three days.

The advice I'd like to give to people who are looking into implementing this product is for them to read the documentation. It's all there.

I'm rating F5 Advanced WAF eight out of ten.

This solution inspects your traffic and based on that, automatically create distinct qualities for you, so you can add this to the policy already created. That's what I like most.

I would not expect traffic details to pass through the web application firewall across the length of the whole application. I think that there is a web application where it can let the application function without traffic going in into the WAF.

I think the solution is already being phased out. They are now going for a more advanced option but I'm referring to the web crawler. The web crawler should be able to allow a web application on its own to create policies, rather than wait for traffic to go to the WAF.

There are templates for creating policies, so the initial setup is very straightforward.

I would want to use ASM, or Area Security Manager, which I would rate as seven of ten. That offers lending passability, where the device should be able to lend or call the application and know the component of an application.

I'm the deputy manager of information security and we are customers of WAF.

We're in a banking environment and the signature update is a good feature. It's also very easy to implement WAF. The product works well for us. 

Although we're getting some reports, we're not getting all the reports we need. There seems to be a gap in report management. 

The solution is stable. 

We haven't really tested scalability; we currently have one network team, two or three people who handle the product and we have multiple applications and servers hosted on the WAF so there's no need to scale for now. 

We're satisfied with the technical support. 

The initial setup was a good experience. We had support from the WAF team and a consultancy team for implementation who also provided good support. 

This is a good solution, it's very useful and offers easy application management, which is good to have at the perimeter level. It provides good security against threats and attacks.

From a security point of view, I rate the solution eight out of 10. 

I use F5 for on-premises infrastructure to provide protection.

The most valuable features of this solution are the WAF protection, Data Safe, and the seven-layer DDoS.

I would like to see the API Protection improved.

I have been using F5 Advanced WAF for two years.

We are using the latest version.

It's a stable product. We have no issues with the stability of the F5 Advanced WAF.

We have not yet tried to scale with this solution. We have increased by 15% to 20%. 

There are approximately 100 people in our company who use this solution.

I have contacted technical support several times. They have support consultants to provide help with your cases. I have received advice from them when I have tried to build new systems.

Overall, the technical support is excellent.

I am using it on my personal account on Google Cloud. It is used with cloud solutions. I use Google, Gmail, and Google Drive.

I was not a part of the initial setup.

The solution does not require any maintenance.

This solution was installed by a third party. It may have been the reseller.

I don't have any issue with the pricing of this solution. I am only involved with the technical portion of it.

I am not sure about recommending solutions.

I would rate F5 Advance WAF a nine out of ten.