No more typing reviews! Try our Samantha, our new voice AI agent.

F5 Rules for AWS WAF vs Prisma Cloud by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 1, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.6
Cloudflare WAF offers quick ROI, crucial protection for e-commerce, saves bandwidth, and balances cost with valuable free features.
Sentiment score
7.2
F5 Rules for AWS WAF enhanced security, reduced manual efforts, decreased malicious traffic, and improved application performance with ROI benefits.
Sentiment score
6.8
Prisma Cloud boosts productivity, enhances security, and delivers high ROI by automating processes and reducing manual testing needs.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
Owner at Hga consulting
I observed around 35 to 45% reduction in malicious application layer traffic reaching the origin, which helped protect the backend systems and reduce risk exposure.
Technical Team Lead - Content Security at Valuepoint Systems
One measurable benefit was a reduction in manual effort required for managing and tuning web application protection policies because the managed rule capabilities and centralized visibility simplified the day-to-day operations.
Senior Technical Consultant
I did see a return on my investment with F5 Rules for AWS WAF because I was able to detect attacks earlier, and because of this, my resources were not scaling continuously, thus saving costs on resources.
Cloud Architect at a outsourcing company with 51-200 employees
It eliminates the need for additional hardware, making it a financially and technically sound investment.
Partner at Quasys
Reputation and data security are the two most important things to a financial institution.
Works at a comms service provider with 1-10 employees
We may have prevented a security breach with remediation of the findings.
Security Solutions Architect - Cloud Security Consultant at a consultancy with 10,001+ employees
 

Customer Service

Sentiment score
6.3
Cloudflare WAF support is mixed; responsive for some, but Indian customers face call availability and administrative issues.
Sentiment score
7.9
F5 Rules for AWS WAF have positive customer service, but users desire quicker solutions and more proactive recommendations.
Sentiment score
7.1
Palo Alto Networks' technical support is praised for responsiveness, though regional inconsistencies and response time improvements are noted.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
Owner at Hga consulting
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
IT Manager at Amla Commerce
They clearly explained what the best options are based on my use case, which helped us shortlist what is required.
Associate Vice President at Hitachi Systems India Private Limited
The support team generally demonstrates strong technical knowledge around application security and traffic management, along with the AWS integrations.
Senior Technical Consultant
For critical issues, the response time is quite good, and the support teams are knowledgeable in handling rule tuning, false positives, and other security-related incidents.
Technical Team Lead - Content Security at Valuepoint Systems
They can respond with technical documentation or pass on the case to the next level because it requires the development of a new feature or changing a feature due to a bug.
Technical Lead at a consultancy with 11-50 employees
Anywhere we raise a tech case, they revert back within an hour.
Cloud Security Engineer at a tech vendor with 201-500 employees
I would give them 10 out of 10.
Sector Manager at a comms service provider with 51-200 employees
 

Scalability Issues

Sentiment score
7.7
Cloudflare Web Application Firewall offers impressive scalability and automated management, but additional features may incur costs for smaller organizations.
Sentiment score
8.4
F5 Rules for AWS WAF provides scalable, cloud-native security, managing traffic spikes efficiently without compromising performance or requiring manual adjustments.
Sentiment score
7.5
Prisma Cloud offers scalable, flexible multi-cloud solutions with easy deployment, strong automation, API support, and high scalability ratings.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
IT Manager at Amla Commerce
In my experience, F5 Rules for AWS WAF handles traffic spikes and high request volumes efficiently, including during attack scenarios such as bot surges or application layer attacks.
Technical Team Lead - Content Security at Valuepoint Systems
Easily handling traffic spikes and high-volume attacks without any manual intervention.
Cloud DevOps Engineer at a tech vendor with 10,001+ employees
It supports scaling without significantly affecting application performance even during high traffic periods or sudden spikes in requests.
Senior Technical Consultant
Scalability-wise, I rate the solution a nine out of ten.
Technology Specialist - Cloud Security at a tech services company with 11-50 employees
We haven't had any issues scaling the solution.
Senior Cloud Security Engineer at impelsys
There aren't any limits to Prisma Cloud's scalability.
Senior Security Consultant at helpag
 

Stability Issues

Sentiment score
8.2
Cloudflare Web Application Firewall is praised for stability, high performance, effective protection, daily use, and minimal downtime.
Sentiment score
8.6
F5 Rules for AWS WAF offers reliable performance, seamless integration, and minimal intervention, outperforming native AWS rules in effectiveness and coverage.
Sentiment score
7.9
Prisma Cloud is praised for its high stability, reliability, and effective troubleshooting, with minor well-managed issues.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
IT Manager at Amla Commerce
F5 Rules for AWS WAF is consistently updated and applied without impacting application availability, and it handles high traffic volumes effectively, even during attack scenarios.
Technical Team Lead - Content Security at Valuepoint Systems
Especially in terms of policy enforcement, traffic inspection, and integration with AWS environments.
Senior Technical Consultant
Providing comprehensive managed rules coverage and reducing operational overhead compared to the AWS native managed rules.
DGM at Airtel Digital
I would rate it a ten out of ten for stability.
Cloud Security Engineer (Team lead) at a tech services company with 201-500 employees
Most of the time, when the client requires data, it is not available.
Technology Specialist - Cloud Security at a tech services company with 11-50 employees
The cloud environment is dynamic, so the tool must be dynamic.
Cloud Security Delivery Associate Manager at Accenture
 

Room For Improvement

Cloudflare WAF needs feature enhancements, better usability, improved support, advanced DDoS protection, and solutions for latency and alerts.
Users want simpler tuning, AI-driven optimization, better documentation, cloud integration, reduced costs, and improved reporting for AWS WAF.
Prisma Cloud struggles with integration, UI, automation, cloud coverage, reporting, support, and pricing, hindering broader adoption and usability.
The product can improve by having more multitenancy capability, which is currently not available.
Network Architect at a computer software company with 11-50 employees
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
Owner at Hga consulting
And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network.
CTO at PlayNirvana
To stay safer from a security perspective, continuous improvisation in these security rules is required to ensure we are always up to date with new attacks.
Associate Vice President at Hitachi Systems India Private Limited
The most useful change for F5 Rules for AWS WAF would be rule-level allow listing and exception management.
Senior Technical Lead QA at a computer software company with 501-1,000 employees
Fine-tuning it to match specific application behavior can sometimes be complex and time-consuming, especially for teams without deep WAF expertise.
Technical Team Lead - Content Security at Valuepoint Systems
Prisma Cloud is an excellent tool.
Technical Engineer at a tech services company with 1,001-5,000 employees
We could have deployed the runtime monitoring with Prisma Cloud by Palo Alto Networks, but within our organization at our company, it was very difficult to find who would be the owner for the alerts.
Cyber Security Architect at a comms service provider with 10,001+ employees
Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side.
Technical Architect at a tech services company with 1,001-5,000 employees
 

Setup Cost

Cloudflare Web Application Firewall offers affordable, flexible pricing with no upfront costs, noted for competitiveness and included support services.
F5 Rules for AWS WAF offers cost-effective advanced protection and easy integration, justifying its premium over basic sets.
Prisma Cloud's complex pricing is offset by comprehensive features, offering cost efficiency with strategic planning despite hidden costs.
It has competitive pricing.
Associate Vice President at Hitachi Systems India Private Limited
There is no significant setup cost involved, as it is a managed service that can be quickly integrated into the existing AWS WAF configuration without additional infrastructure.
Technical Team Lead - Content Security at Valuepoint Systems
F5 Rules for AWS WAF is not very costly and is reasonable, with enterprises being able to afford the cost.
Cloud DevOps Engineer at a tech vendor with 10,001+ employees
The cost was not on the higher side.
Technical Architect at a tech services company with 1,001-5,000 employees
If you are using a single tool like Prisma Cloud, with a single license, you can monitor all environments, such as Google Cloud, Azure, AWS, and Oracle Cloud.
Cloud Security Delivery Associate Manager at Accenture
The pricing for what we are using is pretty good.
Works at a pharma/biotech company with 10,001+ employees
 

Valuable Features

Cloudflare Web Application Firewall provides comprehensive security features, easy setup, scalability, and competitive pricing with praised performance and stability.
F5 Rules for AWS WAF offers advanced threat mitigation, customizable security, and seamless AWS integration for enhanced protection and efficiency.
Prisma Cloud offers advanced cloud security with continuous monitoring, automation, and centralized management, enhancing operational efficiency across industries.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
Network Architect at a computer software company with 11-50 employees
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
IT Manager at Amla Commerce
Cloudflare Web Application Firewall's advanced reporting and analytics tools add a layer that we're able to visualize and see before it actually hits the local firewall.
Owner at Hga consulting
Now, looking at these rule sets, they ensure that our origin or our application content and code, as well as the application itself or its API, are secure enough, always.
Associate Vice President at Hitachi Systems India Private Limited
F5 Rules for AWS WAF rule sets are highly effective in detecting and mitigating OWASP Top 10 attacks such as SQL injection, XSS, and command injection, which significantly strengthens application security.
Technical Team Lead - Content Security at Valuepoint Systems
Using F5 Rules for AWS WAF has positively impacted my organization by making our AI-integrated application more secure from bot attacks, restricted size bodies, automated rate blocking for DDoS, and managed rules, especially as security has become a common concern across the industry.
Cloud DevOps Engineer at a tech vendor with 10,001+ employees
The solution offers very good configuration capabilities. It can show you how to resolve and remediate issues, and you can pull reports that will show you everything you need to know.
Senior Cloud Security Engineer at impelsys
Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage or reconcile disparate security and compliance reports.
Works at a pharma/biotech company with 10,001+ employees
Prisma Cloud's real-time detection and monitoring of our entire system is the most useful.
Full Stack Developer at Dobby Ads
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
F5 Rules for AWS WAF
Ranking in Web Application Firewall (WAF)
15th
Average Rating
8.4
Reviews Sentiment
7.8
Number of Reviews
10
Ranking in other categories
Business Rules Management (3rd)
Prisma Cloud by Palo Alto N...
Ranking in Web Application Firewall (WAF)
8th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
114
Ranking in other categories
Container Security (2nd), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd)
 

Mindshare comparison

As of July 2026, in the Web Application Firewall (WAF) category, the mindshare of Cloudflare Web Application Firewall is 4.0%, down from 5.8% compared to the previous year. The mindshare of F5 Rules for AWS WAF is 0.4%, up from 0.0% compared to the previous year. The mindshare of Prisma Cloud by Palo Alto Networks is 1.9%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF) Mindshare Distribution
ProductMindshare (%)
Cloudflare Web Application Firewall4.0%
Prisma Cloud by Palo Alto Networks1.9%
F5 Rules for AWS WAF0.4%
Other93.7%
Web Application Firewall (WAF)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
Vibin Thomas - PeerSpot reviewer
Technical Team Lead - Content Security at Valuepoint Systems
Advanced protection has reduced web attacks and improves application performance and operations
One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process. While F5 Rules for AWS WAF is powerful, fine-tuning it to match specific application behavior can sometimes be complex and time-consuming, especially for teams without deep WAF expertise. Another improvement could be enhanced visibility and reporting. Although AWS WAF provides logs, having more intuitive and built-in dashboards or clearer categorization of rule triggers would make it easier to quickly identify and analyze attack patterns. Additionally, expanding the capabilities around bot management and behavior analysis would be beneficial compared to some dedicated bot management solutions. More advanced detection techniques could further strengthen the protection against sophisticated automated traffic. Finally, providing more predefined templates or best practice recommendations for different application types would help speed up the deployment and reduce the initial configuration effort.
reviewer2776578 - PeerSpot reviewer
Cyber Security Architect at a comms service provider with 10,001+ employees
Image scanning has supported consistent security practices during cloud deployment
On a scale of ten, we would say people are happy with Prisma Cloud by Palo Alto Networks for the part we use. People are okay with it. We probably would give an eight. We don't give ten because if we don't use the other parts of Prisma Cloud by Palo Alto Networks, it's because it was difficult to implement from an operational point of view. We could have deployed the runtime monitoring with Prisma Cloud by Palo Alto Networks, but within our organization at our company, it was very difficult to find who would be the owner for the alerts. People have other tools and in the end, we don't use the full capabilities of a product that we pay for. It's partially related to the difficulty to integrate Prisma Cloud by Palo Alto Networks runtime in our company's support process. We don't use the real-time monitoring part of Prisma Cloud by Palo Alto Networks. We don't know about the automated remediation feature of Prisma Cloud by Palo Alto Networks.
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Construction Company
33%
Comms Service Provider
16%
Computer Software Company
6%
Energy/Utilities Company
5%
Financial Services Firm
14%
Computer Software Company
9%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise6
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise21
Large Enterprise58
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What is your experience regarding pricing and costs for F5 Rules for AWS WAF?
My experience with the pricing, setup cost, and licensing for F5 Rules for AWS WAF was good with purchasing and the s...
What needs improvement with F5 Rules for AWS WAF?
From an improvement standpoint, one area where F5 Rules for AWS WAF could improve is in simplifying policy management...
What is your primary use case for F5 Rules for AWS WAF?
My main use case for F5 Rules for AWS WAF is strengthening web application security for internet-facing applications ...
What is your primary use case for Prisma Cloud by Palo Alto Networks?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
 

Also Known As

Cloudflare WAF
No data available
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Information Not Available
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Find out what your peers are saying about F5 Rules for AWS WAF vs. Prisma Cloud by Palo Alto Networks and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.