"Stable and scalable web application firewall. Setting it up is straightforward."
"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"Their technical support has been quite good."
"This is not a product that you need to install. You just use it."
"The solution is stable."
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"The most valuable features are the geo-restriction denials and the web ACL."
"AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."
"F5 Advanced WAF has very good stability and scalability. Its initial setup was straightforward."
"It also has antivirus and DDoS mitigation capabilities. We have enabled these features."
"F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb."
"Identification, ease of use, and ease of modifying it to most of our needs are valuable."
"The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good."
"Feature-wise, they are always cutting edge and up-to-date. Many features aren't available via competitors. There's always a lot of enhanced critical features that just aren't available through anyone else, or, if they are, are too lightweight."
"The solution is stable."
"It's scalable and very easy to manage."
"We haven't faced any problems with the solution."
"I would like to see it more tightly integrated with other AWS services."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"The setup is complicated."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"The pricing model is complicated."
"We don't have much control over blocking, because the WAF is managed by AWS."
"The pricing could be more flexible."
"It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."
"The deployment side is quite complex."
"F5 Advanced needs to improve its bot protection. The solution needs to have machine learning to learn the behavior of the customer to recognize the human versus the bot. This is a difficult feature to explain to our customers. I would like documentation about the bot feature to make it easier for the customer to understand."
"The BNS module needs improvement."
"The accuracy of the automatic learning feature needs improvement."
"We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement."
"F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features."
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
F5's Advanced WAF is built on proven F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF redefines application security to address the most prevalent threats organizations face today.
Advanced WAF is offered as an appliance, virtual edition, and as a managed service—providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern applications and data from existing and emerging threats while maintaining compliance with key regulatory mandates.
Advanced WAF redefines application security to address the most prevalent threats organizations face today:
•Web attacks that steal credentials and gain unauthorized access across user accounts.
•Application layer attacks that evade static security based on reputation and manual signatures.
•New attack surfaces and threats due to the rapid adoption of APIs.
•OWASP Top 10 vulnerabilities
AWS WAF is ranked 6th in Web Application Firewall (WAF) with 12 reviews while F5 Advanced WAF is ranked 4th in Web Application Firewall (WAF) with 25 reviews. AWS WAF is rated 7.6, while F5 Advanced WAF is rated 8.2. The top reviewer of AWS WAF writes "Does what it is supposed to do, probably not in the best way and not in the best UI". On the other hand, the top reviewer of F5 Advanced WAF writes "Time and patience in customizing this solution are rewarded in creating a solid line of defense". AWS WAF is most compared with Microsoft Azure Application Gateway, Imperva Web Application Firewall, Cloudflare Web Application Firewall, Azure Web Application Firewall and F5 Silverline Managed Services, whereas F5 Advanced WAF is most compared with Fortinet FortiWeb, Microsoft Azure Application Gateway, Imperva Web Application Firewall, NGINX App Protect and Radware AppWall. See our AWS WAF vs. F5 Advanced WAF report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.