We changed our name from IT Central Station: Here's why
Get our free report covering Microsoft, Microsoft, Amazon, and other competitors of Cloudflare Web Application Firewall. Updated: January 2022.
564,997 professionals have used our research since 2012.

Read reviews of Cloudflare Web Application Firewall alternatives and competitors

Guillermo Correa
Cybersecurity Architect at a financial services firm with 201-500 employees
Real User
Top 5
Stable with high availability and good dashboards
Pros and Cons
  • "The product offers high availability."
  • "You need to have pretty good internal knowledge of the solution."

What is our primary use case?

At this moment we have the home web page at the enterprise with an application firewall. We have 21 applications that we need to upload to the cloud. At this moment we have only one, and we working in the next three months to upload at least five more applications.

How has it helped my organization?

At this moment we can tell from the dashboard how our application is receiving traffic. You can look at how many transactions have occurred, for example. We can prevent issues from occurring which helps keep us safe.

What is most valuable?

At this moment we have only used the web application firewall. We have the bot manager too. The bot manager is useful due to the fact that your service is working in preventing the botnet and doing a lot of transactions. 

We get some firewall reviews on the dashboard and it is useful for looking for alerts or attacks. It can tell you what the users do in the application and how they're using the application.

The initial setup is pretty easy.

The product offers high availability.

The stability of the solution is very good.

You can scale the solution if you need to.

What needs improvement?

With a good configuration and a good understanding of the application, you can have very good integration with the web application firewall and Radware application. However, it isn't easy. We need to do a trial and try a bunch of settings. The integration process could be a little bit easier and smoother. They need to improve the processes surrounding it. We need to be able to integrate more effectively with the perimeter firewall due to the fact that, if you have many transactions that try to attack the web application, you might have a drop in transactions in the firewall.

We've tried to do some configurations with WebSocket and have had a lot of issues. 

You need to have pretty good internal knowledge of the solution.

For how long have I used the solution?

I've been using the solution for about six months at this point.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's good.

What do I think about the scalability of the solution?

The solution can scale well. You can integrate with other solutions or configure it to assist in the process. If have more than one application, you can get a contract to upload more.

In my area, there are five people who work directly with the product.

I do not have any information about expanding this solution in the future. I can't say that's on the horizon for us.

How are customer service and technical support?

Technical support is very good. They respond rather quickly. We are happy with the amount of service they provide. They are knowledgeable and responsive.

There is also information online and within the control panel that can assist users in understanding the product.

Which solution did I use previously and why did I switch?

We did not use a different solution. We've only ever used Radware.

How was the initial setup?

The initial setup is not complex. It is easy. You have access on your personal dashboard and you can upload the application. After that, you need to change the DNS settings in order to make a point with the DNS portion of the hardware. It's very easy.

The initial setup took about a week due to the fact that the provider needed to make an area where we could upload the configuration. After that, you have one day to make the configuration in the web application firewall. This is the part that takes a bit of time, however, it is crucial for the upload.

You only really need two to ten people to manage the deployment of the process, although there may be other teams involved. You only need one person to handle maintenance.

What about the implementation team?

We had a local partner that assisted us. We had very good meetings and regular contact with them. They provided very easy communication.

What's my experience with pricing, setup cost, and licensing?

We have four licenses for 21 applications. The pricing isn't too bad.

Which other solutions did I evaluate?

We did evaluate Cloudflare and Akamai before ultimately settling on Radware.

The three options are varied. However, Radware had some extras. For example, the Bot Manager in Radware was included, however, in Akamai, it is on a different part. Cloudflare was more expensive than Radware. There were a few other differences as well.

What other advice do I have?

I'm working with Radware, and we have Forcepoint for a proxy on DLP service.

I'm not sure which version of the solution we're using. It's the latest version, however, I don't recall the version number offhand. 

I would advise other users that the solution is not the best if you need to improve the security in other areas too, however, it helps you to maintain the security of your homepage or your service.

Overall, I would rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Priyesh MP
Solution Architect at a computer software company with 201-500 employees
Real User
Top 20
Good stability, valuable features, and fair price
Pros and Cons
  • "The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features."
  • "It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."

What is our primary use case?

We are using it to secure a few applications for our customers. 

What is most valuable?

The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features.

What needs improvement?

It should be a little bit easy to deploy in terms of the overall deployment session. 

One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device.

F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. 

F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall.

For how long have I used the solution?

I have been using this solution almost for a year.

What do I think about the stability of the solution?

It has good stability. Our customers are happy with the implementation. So far, we haven't faced many issues.

How are customer service and technical support?

Overall, it has been good. We get proper support, and we haven't faced any challenges. However, F5 doesn't provide support during the demo or POC time. Other vendors provide technical support for demo or POC, but F5 does not. We have to reach out to the local AC every now and then, which is a difficult task because most of the time, he is in some other meeting or busy with something else. So, he isn't able to support us. They should give us some kind of technical support for demos and POCs. We should be able to reach out to them for completing a POC. It would be an added advantage.

How was the initial setup?

The implementation was quite smooth. We migrated from CloudFlare to F5 without any major issues. The deployment took almost ten months, and it included the implementation and fine-tuning. The customer had three applications.

What's my experience with pricing, setup cost, and licensing?

Its price is fair. We have done a couple of deals where they were able to give some kind of discount to the customers. The price was initially high for the customers, but after a couple of negotiations, it came within their budget. They were happy with that.

What other advice do I have?

I would recommend this solution because it is overall a very good solution. As a company, they are very established and stable, and they have a long legacy in the industry. They have been there in the industry for a long time. On top of that, they have very good solutions. They can just improve their offerings and marketing in terms of the new rebranding.

I would rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Presales Engineer at a comms service provider with 51-200 employees
Real User
Easy to deploy and has very good technical support
Pros and Cons
  • "Some of the most valuable features are the ease of deployment, the Barracuda support, the easy-to-use console, and the granularity of the reports."
  • "Barracuda Web Application Firewall's load balancing feature could be improved."

What is our primary use case?

Our primary use case of this solution is protection of applications. If you have applications, for instance, in Azure, and you want to protect them, you can use Barracuda Web Application Firewall, and you have any input data available. This is one of the best use cases. 

For this solution, we have both cloud-based and VM for Azure. 

What is most valuable?

Some of the most valuable features are the ease of deployment, the Barracuda support, the easy-to-use console, and the granularity of the reports. 

What needs improvement?

Barracuda Web Application Firewall's load balancing feature could be improved.

For how long have I used the solution?

I have been using Barracuda Web Application Firewall for four years. 

What do I think about the scalability of the solution?

In our organization, there are around 1,200 to 1,800 users of this solution. 

How are customer service and support?

I would rate Barracuda's technical support a nine and a half out of ten. The technical support is very good. 

How was the initial setup?

The installation is straightforward. There are no hidden challenges or anything. Anybody can do it with the installation guide. 

One engineer is more than enough to handle maintenance. 

What about the implementation team?

We implemented this solution through an in-house team. 

What's my experience with pricing, setup cost, and licensing?

They only offer a yearly licensing plan. 

Which other solutions did I evaluate?

There are dedicated web application firewalls like Imperva that allow for enterprise level firewall web apps. The main competitors are FortiWeb and Cloudflare. 

What other advice do I have?

I rate Barracuda Web Application Firewall an eight out of ten. Everything—support, efficiency, the tax rate—comes into the picture. I would recommend this solution to others who want to start using it. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Get our free report covering Microsoft, Microsoft, Amazon, and other competitors of Cloudflare Web Application Firewall. Updated: January 2022.
564,997 professionals have used our research since 2012.