Try our new research platform with insights from 80,000+ expert users

F5 Advanced WAF vs Imperva Web Application Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

F5 Advanced WAF
Ranking in Web Application Firewall (WAF)
2nd
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
69
Ranking in other categories
No ranking in other categories
Imperva Web Application Fir...
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2025, in the Web Application Firewall (WAF) category, the mindshare of F5 Advanced WAF is 11.1%, up from 10.8% compared to the previous year. The mindshare of Imperva Web Application Firewall is 5.8%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
 

Featured Reviews

Ahmed Moamen - PeerSpot reviewer
Protects applications with versatile authentication features
F5 offers a versatile solution that can be integrated with APM in cases where integration with an external IDB is needed. It is useful for authentication backup if the on-prem directory service is unavailable. Additionally, its WAF functionality is valuable for protecting applications from attacks. It is a versatile and strong solution that's easy to understand and deploy.
Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution uses AI to protect against botnet attacks."
"The most valuable features of F5 Advanced WAF are the security features and the protection."
"Identification, ease of use, and ease of modifying it to most of our needs are valuable."
"Very easy to implement and works well."
"I definitely recommend this solution because of the time you save on analysis."
"The most valuable feature is that it is secure."
"The product has valuable features for load balancing, monitoring tools, and HPXpress services."
"Good dashboard and reporting."
"Imperva Web Application Firewall is a highly stable solution and is very mature."
"It has fewer false positives"
"Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
"We can prevent attacks or issues even before they happen."
"The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications."
"The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications."
"There is a quick switch between any of the the nodes if something goes wrong, where there's a there's an attack against a specific area. The security setup is reasonably easy. It's not a problem to do setups and rules and integrations. And, yeah, just the the back end team is also very willing to insist if there's questions that that we cannot answer or with these questions that we do have"
 

Cons

"I think the deployment templates can be better."
"The contextual-based component needs a lot of help to catch up with the next-gen products."
"For me, an area for improvement in F5 Advanced WAF is the reporting as it isn't so clear. The vendor needs to work on the reporting capability of the solution. What I'd like to see in the next release of F5 Advanced WAF is threat intelligence to protect your web application, particularly having that capability out-of-the-box, and not needing to pay extra for it, similar to what's offered in FortiWeb, for example, any request that originates from a malicious IP will be blocked automatically by FortiWeb. F5 Advanced WAF should have the intelligence for blocking malicious IPs, or automatically blocking threats included in the license, instead of making it an add-on feature that users have to pay for apart from the standard licensing fees."
"The overall price of F5 Advanced WAF could improve."
"F5 Advanced needs to improve its bot protection. The solution needs to have machine learning to learn the behavior of the customer to recognize the human versus the bot. This is a difficult feature to explain to our customers. I would like documentation about the bot feature to make it easier for the customer to understand."
"It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."
"The user interface (UI) seems a bit outdated. Making it more user-friendly would be beneficial."
"I would say their graphical interface, the GUI. I don't like the GUI as much as before."
"The support for the on-premises version needs improvement."
"One potential improvement for Imperva is enhancing its alert system."
"An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics."
"The Imperva Web Application Firewall automations are good, but there is still room for improvement with them."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."
"Imperva Web Application Firewall can improve by providing better features, such as improved prevention of zero-day attacks. Additionally, it should include a VR meta-analysis."
"Their portal is very limited and needs improvement."
 

Pricing and Cost Advice

"It is a little bit costly, but it has all the features that are required."
"F5 Advanced WAF is not a cost-effective solution. Although they are attempting to reduce prices with their VE and cloud options, they are more expensive than other solutions. The solution is more expensive on average."
"The solution is very expensive so should only be used in the right environment."
"There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version."
"The pricing is too high."
"The way we deployed it, I would rate it a four out of five in terms of pricing."
"It is expensive. Its price should be better. Its licensing is on a yearly basis. Its licensing is also based on the model. There are no additional costs."
"F5 Advanced WAF technical support comes at a cost, and it's expensive."
"There is a license for this solution and we purchase the license annually with no additional fees."
"Imperva Web Application Firewall's pricing is expensive."
"The cost of this solution depends on the platform."
"Imperva Web Application Firewall is expensive."
"There are a couple of different licensing models."
"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
"The price of Imperva Web Application Firewalls is expensive compared to others."
"The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
858,038 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
8%
Comms Service Provider
6%
Financial Services Firm
16%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about F5 Advanced WAF?
It's a fairly easy-to-use and user-friendly tool. My administrators and team also like its ability to customize the rules per the requirements.
What needs improvement with F5 Advanced WAF?
I do not have anything in mind right now that needs improvement. Generally, it works well. If we need any specific feature, we approach F5 directly.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...
 

Overview

 

Sample Customers

MAXIMUS, Vivo, American Systems, Bangladesh Post Office, City Bank
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about F5 Advanced WAF vs. Imperva Web Application Firewall and other solutions. Updated: June 2025.
858,038 professionals have used our research since 2012.