F5 BIG-IP Local Traffic Manager (LTM) Reviews

F5 delivers a full range of solutions that simplify service providers’ security architectures while mitigating threats. The full proxy architecture of F5 solutions also allows service providers to attain extensive visibility and control throughout layers 4 through 7. This enables granular control of all connections, more extensive security functionality, and comprehensive end-to-end protection against DDoS and other attacks. F5 solutions protect targeted network elements, the DNS infrastructure, devices, and applications with features that include application health monitoring, a robust web application firewall, web access controls, TCP optimization, web acceleration, L7 DDoS protection, and broad SSL support, including SSL inspection and offload.

I installed F5 on the DMZ zone of the firewall. The traffic will come to the virtual server of the F5. F5 will decrypt the traffic and offload the traffic to the firewall as clear.
This way, we can mitigate many attacks from the F5 and from the firewall.

Protection of published website. When using ASM, we can have a layer 7 protection in order to prevent the website from attacks.

F5 should improve or develop the reporting tools further.
They should improve the management policies on the BOX.

It's a stable product.

They have one box and you can implement many features with it like LTM, ASM, GTM. So it is scalable. And they have a virtual edition and an appliance edition.

Technical support is a seven out of 10. They provide quick solutions and they reply to us very fast.

Straightforward.

It's fair, it's not too expensive. Maybe just a little high.

It's a good product to use. It has many features so can use it to secure your environment. I'm satisfied with the product.

We’re a systems integration company. We propose this solution mostly to our banking customers and large enterprise clients, so that they can load-balance their core banking applications and their main applications.

It also provides proxying, the client cannot directly access the server. BIG-IP is a proxy between the user and the server, so the client cannot make connections directly to servers. They land on F5 BIG-IP and then F5 creates connections on servers on behalf of clients.

We use the solution for smarter, safer, and reliable connectivity.

It has multi-tenancy features, like hardware clustering. It has software partitioning so that you can partition F5. For example, in my recent deployments, I deployed F5 in a bank where they had two load balancers. One was Cisco Ace and the other was Citrix Netscaler.

We created two instances, two vCMP Virtual Clustered Multiprocessing, two hardware partitions in F5, one for Ace and one for Citrix. We migrated all applications which were on Ace to the Ace partition, and we migrated all applications which were on Citrix to the Citrix partition. Further, we created the outgoing internet and software partitions, and it has application visibility, reporting functions.

It has so many features. First of all, it has a full proxy architecture, it has multiple modules. The best feature is the WAF, the web application firewall module. It also has cashing type capabilities. It has all kinds of load-balancing algorithms based on your IT requirements.

So the WAF and load balancing. Both are core features of BIG-IP.

In every environment, you have a Web application firewall, you have internet firewalls. Then, traffic comes into your datacenter so that you have datacenter firewalls. F5 has everything.

It provides first-tier firewalling, for you application. And it provides server load-balancing, it provides optimization, and it provides a proxy feature, where your users cannot directly access your server. It acts as a fully proxy architecture. It has client-side and server-side connections, both, and they're separate.

It also has an AVR feature: application, visibility, and recording. It's good for customers looking for what is actually happening in their network and where the latency is. If I'm using iDirect, the bank branch is connecting to my core banking application, but if the clients are finding that the application is slow, it has TCP  LAN and WAN optimization features. It has has caching.

The room for improvement is that the product is a little costly. I live in the Third World, Pakistan. We have budget constraints, even in big enterprise servers. My team said that this product is too costly, and why don't we go with another product, we should do a comparative analysis with Citrix and F5.

I told them that is costly, but it has rich features, the support is good, the features are reliable, and the technical assistance center, the tech support, is almost perfect.

Still, I would say they need to cut their prices for countries or regions that we live in.

The one gap I saw was that pure LBN integration is a little tricky. The insertion of F5 in LBN is a little tricky. They need to work on something, on products by which they can insert F5 in any sort of cloud environment. These are not really big things. 

They are continuously improving. They are improving day by day, and they are the number-one load balancer.

It is a stable product. It runs on TMOS, traffic management operating system. This is very stable. 

If they see that an upgrade required, they provide you the release and they provide you the release notes, so you can upgrade your TMOS version and at any time. You can also open a case and they can guide you on how to upgrade your TMOS version.

They also keep an eye on vulnerability. If there is a bug or any sort of vulnerability in their operating system, they will immediately release an update. So the product is so much more stable compared to any load balancers on the planet at the moment.

It has that scalability for adding more F5, N + 1. 

It's scalable, and it has more functions than a service. At the same time, this device can run access policy manager, it has Web application firewall, datacenter switching to DR sites. It has a modular approach actually. It gives you what you want.

They are very professional. They are highly skilled people.

It is neither simple nor complex. It all depends on what kind of situations you are in. My last deployment was a little bit complex but previous deployments were very simple.

We did hardware partitioning and software partitioning for a multi-tenancy concept, where every application owner has its own load balancing instance within F5. So it all depends on how you deploy a device and it depends on your planning.

If you want a simple deployment you can do so. You can create multiple virtual servers on F5 BIG-IP technology, and within multiple virtual servers you can have multiple nodes, where a node equals two application servers.

It can be deployed in a complex manner and it can be deployed in a very simple manner, it all depends on your choice. 

It has a rapid deployment feature to deploy Microsoft Exchange load balancing. It has automation. You can simply click on Microsoft Exchange 2016 Email Server. Tclick on it and tell F5 about server IPs, and it goes automatically. 

 24 x 7 always on applications without any down time. 

Brocade ADX.

F5 is the number-one application delivery controller, plus they are the number-one Web application firewall, together in the market right now. So what else do you want from them? Whenever we go and pitch this solution to our customers, we tell them that we are not selling you just a load balancer. We are selling you application delivery controllers, and Web application firewalls.

I give it 9.5 out of 10. It's a really costly product and smaller organizations cannot afford this solution, so it's hard to sell a plan. But once the customer has it, this product is a 10.

We use F5 for the load balancing of our equipment. We use it for DDoS functionalities in our security solution. 

This solution is the best security platform. We have even attached it to another security platform solution for DDoS.

They need to improve the interface and some of the functionalities.

It is very stable. We have not had many problems.

We don't need additional features to grow out the platform.

The occasion in which we needed technical support, we didn't have problems with them, because they always answered our questions without any trouble.

In Vietnam, F5 provides better services.

When I put F5 into my network, it works better. 

The pricing could be improved.

Scalability seems fine.

Technical support was helpful when we contacted them.

The pricing is inclusive of many features.

We evaluated NetScaler. F5 is the better product for our location.

Primary use case is as our main protection. You can use it for brute force and other kinds of cross-site attacks.

It gives us something like a "story" of our status because we can see a lot of bad traffic and, in the logs, if someone is trying to execute something.

Most important is that it stops very common attacks which can be performed by a simple hacker, and up to the advanced level.

We need best-practice information. They have something called DevCentral and a blog. But we want something from F5 itself regarding how to tackle the false-positive configurations. If you go into detail with so many configurations it will find so many false positives from the moment it is enabled that it will quickly impact your applications, and it will not work.

Overall, it's stable. There are cases which are not so much about stability but, rather, about functionality and false positives.

No issues with scalability.

It has many features compared to other products.

We have around 12 data centers. On average, in every data center, we have 14 to 15 F5 load balancers. We manage everything from a central location, then we deploy policy for use, giving us a place for our control managers.

I have Big-IP change and control manager, which give me the roll back option. Therefore, I can view the last things which happened on the device.

In future, I would like there to be more device security. I would like the tool to support SSL links, along with SSL and TLS. It also needs to disable the old cipher suite, which is a very old. There are ciphers, like D5, still available on the device.

We have faced security stability issues, but we work around it.

It is very scalable.

F5 tech support is helpful. I would rate the technical support with an eight out of 10.

We used to have Cisco, then we have Citrix NetScaler. The Citrix NetScaler is just a load balancer. It did not me the complete ADC features. That is why F5 is the king of load balancing.

The initial setup was pretty straightforward; not complex.

Security should be involved in any base license. When you bring on F5, you only have default license. Then, the ASM product license has to be purchased. It would be great if F5 could include the ASM in the base license. 

The primary use cases are application load balancing and as a web application firewall.

We resell F5 as partners. Our customers have a clear business case to reduce downtime, improving resource utilization.

The major applications that front-end core banking for most banks and Microsoft Exchange were experiencing performance challenges without F5. After front-ending these applications through an application delivery controller with F5, most of the performance issues went away.

It is very intuitive, easy to deploy, and manage.

The solution's capabilities has been most instrumental in supporting our customers. I find it reliable. Once it is configured, and up and running, then there usually is no downtime.

In terms of performance, we have seen a drastic difference without F5, then with it. If you run the same application from users to the server when there wasn't F5, there were delays. With F5, users can see a remarkable performance difference from a qualitative sense.

Implementing whitepapers with a lot more applications could easily be added.

This project is missing some relevant features: 

1. We set up the customer through the load balancer.
2. Then once it is there and functional, then the next step is to add the web application firewall on the same boxes. 

Not with the GA versions. Obviously, the betas are not that stable.

When you enable the web application firewall on the same platform, it requires more resources. If the use case is only for load balancing, but the customers using both load balancing as well as web application firewall, the sizing has to be done correctly.

The technical support is good and up to mark. 

There is a challenge in Pakistan. This is when there is a hardware failure. Sometimes, it takes more time to get a replacement because it is sent out from the U.S. or some other regional outpost. Thus, it takes two to three days to receive a replacement.

A few of our customers were using Brocade, Citrix NetScaler, or A10. We moved them to F5, because there were more customer references available for F5 in our country and the support structure was better.

The initial setup was very straightforward in GUI. It was not complex.

It is the best solution, but that comes with an increased price.

Try to negotiate all the software features that you require upfront. E.g., if you need three different software features and a web application firewall, then try to log the prices initially when you are buying the initial solution, even if you are not buying some of the software but at least log the prices for features.

Our customers normally evaluate others too and shortlist F5 based on ease of use.

It is best of the breed, or best in class. Our experience has been very good, in terms of performance, and securing our application infrastructure.

I strongly recommend the product, but through an experienced partner.

With these type of application delivery controller projects, the application teams have a significant role. It is networking team plus the application team. With better coordination between all the different teams who are engaged, project execution will go more smoothly.

There is more than one use case. The most important is the Local Traffic Manager (LTM). We are using it to load balance our web applications, SSL decryption and application adjusting, along with some TCP features. We are also load balancing traffic between appropriate back-ends for risk. 

We can use it for load balancing purposes on an HA proxy software. However, hardware load balancing is the best way due to some hardware flaws for incoming traffic. We are not using CPU resources for a load balancing SSL decryption and adjusting some parameters for incoming and outgoing traffic. F-5 has a lot of appliances, which can be used for appropriate tasks, e.g., for big tasks, we can use Vipiron devices. As well, we have a lot of software blades, which can be divided into virtual clusters, multi-purposes, etc.

We are using the Big-IP, LTM, ASM, and GTM modules.

• The Local Traffic Manager (LTM) provides a simple low balance and SSL decryption, in addition to some TCP parameters, for incoming and outgoing traffic to redirect appropriate traffic patterns to appropriate servers. 
• We are using Application Security Manager (ASM) as a web application firewall, where there is a security signature to avoid a web level breach. 
• We are using global traffic manager (GTM). Its main use cases is for application firewall modules, therefore we are not using it yet, but we are going to implement it for DDoS protection on some of our web services.

I would like to see F-5 implement a regular routing like in other Linux-based devices. We know the F-5 is not a router, but can be used for traffic forwarding, so it's not the same as other devices if we compare it with Citrix-based devices. It is a simple Linux-based routing software. I don't have any problems with it. However, in F-5, when we try and integrate in some complex networks, we have to use some additional routing scenarios from a Layer 3 perspective, then we have some problems. It would be great if this were fixed somehow.

We have to keep in mind features when we deploy an F-5 solution. Designing the same approach in Citrix can often be simpler. I have written syntax in F-5 which were complicated; not straightforward. For example, in a Citrix device, we have a lot of predefined patterns, and it's much simpler to implement.

We have not had issues with the stability, though we have experienced issues with the flexibility.

The support of F-5 is fine. In comparison with Citrix, F-5 technical support is much better.

We previously used Citrix NetScaler: 

• Citrix NetScaler SDX, which can be divided in multiple instances.
• Citrix VPX.

The licensing strategy for F5 is good.