IT Central Station is now PeerSpot: Here's why

AWS WAF vs F5 Advanced WAF comparison

You must select at least 2 products to compare!
Amazon Logo
17,628 views|14,675 comparisons
F5 Logo
9,749 views|7,729 comparisons
Featured Review
Buyer's Guide
AWS WAF vs. F5 Advanced WAF
July 2022
Find out what your peers are saying about AWS WAF vs. F5 Advanced WAF and other solutions. Updated: July 2022.
621,703 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Stable and scalable web application firewall. Setting it up is straightforward.""As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good.""Their technical support has been quite good.""This is not a product that you need to install. You just use it.""The solution is stable.""The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications.""The most valuable features are the geo-restriction denials and the web ACL.""AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."

More AWS WAF Pros →

"F5 Advanced WAF has very good stability and scalability. Its initial setup was straightforward.""It also has antivirus and DDoS mitigation capabilities. We have enabled these features.""F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb.""Identification, ease of use, and ease of modifying it to most of our needs are valuable.""The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good.""Feature-wise, they are always cutting edge and up-to-date. Many features aren't available via competitors. There's always a lot of enhanced critical features that just aren't available through anyone else, or, if they are, are too lightweight.""The solution is stable.""It's scalable and very easy to manage."

More F5 Advanced WAF Pros →

"We haven't faced any problems with the solution.""I would like to see it more tightly integrated with other AWS services.""It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.""The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.""The setup is complicated.""While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex.""The pricing model is complicated.""We don't have much control over blocking, because the WAF is managed by AWS."

More AWS WAF Cons →

"The pricing could be more flexible.""It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall.""The deployment side is quite complex.""F5 Advanced needs to improve its bot protection. The solution needs to have machine learning to learn the behavior of the customer to recognize the human versus the bot. This is a difficult feature to explain to our customers. I would like documentation about the bot feature to make it easier for the customer to understand.""The BNS module needs improvement.""The accuracy of the automatic learning feature needs improvement.""We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement.""F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features."

More F5 Advanced WAF Cons →

Pricing and Cost Advice
  • "It has a variable pricing scheme."
  • "We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise."
  • "It's quite affordable. It's in the middle."
  • "The pricing should be more affordable, especially as it pertains to small clients."
  • "It's cheap."
  • "AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
  • "You need an additional AWS subscription for this product if you are buying a managed tool."
  • "The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
  • More AWS WAF Pricing and Cost Advice →

  • "F5 bundles up services and the bundle is what you pay for rather than individual components."
  • "Its price is fair. We have done a couple of deals where they were able to give some kind of discount to the customers. The price was initially high for the customers, but after a couple of negotiations, it came within their budget. They were happy with that."
  • "There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version."
  • "It is expensive. Its price should be better. Its licensing is on a yearly basis. Its licensing is also based on the model. There are no additional costs."
  • "I don't have any issue with the pricing of this solution."
  • "There is an annual subscription for this solution."
  • "The price of the solution is reasonable when compared with other products, such as FortiWeb. I am very satisfied with the price."
  • "Pricing for this solution is higher than average."
  • More F5 Advanced WAF Pricing and Cost Advice →

    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    621,703 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud… more »
    Top Answer:Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit for… more »
    Top Answer:Their technical support has been quite good.
    Top Answer:The most valuable features of F5 Advanced WAF are the security features and the protection.
    Top Answer:The pricing of F5 Advanced WAF is more expensive than other solutions like Radware and CD18, it is quite high. I rate the product a one out of five for price, with one being expensive.
    Top Answer:F5 Advanced needs to improve its bot protection. The solution needs to have machine learning to learn the behavior of the customer to recognize the human versus the bot. This is a difficult feature to… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    AWS Web Application Firewall
    Learn More

    AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

    F5's Advanced WAF is built on proven F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF redefines application security to address the most prevalent threats organizations face today.

    Advanced WAF is offered as an appliance, virtual edition, and as a managed service—providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern applications and data from existing and emerging threats while maintaining compliance with key regulatory mandates.

    Advanced WAF redefines application security to address the most prevalent threats organizations face today:

    •Web attacks that steal credentials and gain unauthorized access across user accounts.
    •Application layer attacks that evade static security based on reputation and manual signatures.
    •New attack surfaces and threats due to the rapid adoption of APIs.
    •OWASP Top 10 vulnerabilities

    Learn more about AWS WAF
    Learn more about F5 Advanced WAF
    Sample Customers
    eVitamins, 9Splay, Senao International
    MAXIMUS, Vivo, American Systems, Bangladesh Post Office, City Bank
    Top Industries
    Media Company27%
    Energy/Utilities Company18%
    Transportation Company9%
    Manufacturing Company9%
    Computer Software Company24%
    Comms Service Provider18%
    Financial Services Firm9%
    Media Company8%
    Financial Services Firm39%
    Computer Software Company22%
    Non Tech Company9%
    Media Company9%
    Comms Service Provider24%
    Computer Software Company22%
    Financial Services Firm10%
    Company Size
    Small Business22%
    Midsize Enterprise22%
    Large Enterprise56%
    Small Business18%
    Midsize Enterprise16%
    Large Enterprise66%
    Small Business26%
    Midsize Enterprise26%
    Large Enterprise49%
    Small Business19%
    Midsize Enterprise20%
    Large Enterprise60%
    Buyer's Guide
    AWS WAF vs. F5 Advanced WAF
    July 2022
    Find out what your peers are saying about AWS WAF vs. F5 Advanced WAF and other solutions. Updated: July 2022.
    621,703 professionals have used our research since 2012.

    AWS WAF is ranked 6th in Web Application Firewall (WAF) with 12 reviews while F5 Advanced WAF is ranked 4th in Web Application Firewall (WAF) with 25 reviews. AWS WAF is rated 7.6, while F5 Advanced WAF is rated 8.2. The top reviewer of AWS WAF writes "Does what it is supposed to do, probably not in the best way and not in the best UI". On the other hand, the top reviewer of F5 Advanced WAF writes "Time and patience in customizing this solution are rewarded in creating a solid line of defense". AWS WAF is most compared with Microsoft Azure Application Gateway, Imperva Web Application Firewall, Cloudflare Web Application Firewall, Azure Web Application Firewall and F5 Silverline Managed Services, whereas F5 Advanced WAF is most compared with Fortinet FortiWeb, Microsoft Azure Application Gateway, Imperva Web Application Firewall, NGINX App Protect and Radware AppWall. See our AWS WAF vs. F5 Advanced WAF report.

    See our list of best Web Application Firewall (WAF) vendors.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.