F5 Advanced WAF Reviews

F5 Advanced WAF can be deployed on-premise or in the cloud. When it comes to local governmental organizations, it's mostly on-premises solutions they use. However, we recommend using virtual ones.

F5 Advanced WAF is used for protecting applications.

The most valuable features of F5 Advanced WAF are the balancer and you can change policies very easily.

The overall price of F5 Advanced WAF could improve.

I have been familiar with F5 Advanced WAF for approximately one year.

I have not had any customers complaining about the stability.

F5 Advanced WAF is scalable.

The initial setup of F5 Advanced WAF is easy.

I rate the setup of F5 Advanced WAF a four out of five.

The ease of maintenance of F5 Advanced WAF depends from customer to customer. If the company had someone trained or they have an inside person who is reliable for this maintenance, they typically do not have any problems.

The price of F5 Advanced WAF could improve it is expensive.

There can be extra features added at an additional cost.

I rate the price of F5 Advanced WAF a three out of five.

Our clients pick this solution over others because it is one of the leading companies in the category.

I can recommend F5 Advanced WAF to any customer because we have experience, and referrals from customers using it within different models. If it comes to WAF, LTM, or whatever. I'm very happy to sell it because it is one of the leading vendors within its line. Our customers within the financial market, such as banking organizations, are very happy with it.

I rate F5 Advanced WAF a nine out of ten.

I use F5 Advanced WAF to secure web applications and load balance for connectivity.

F5 Advanced WAF secures our connectivity and combines both the main functions of WAF (balancing and web application security).

F5 Advanced WAF's best feature is that it's a combination of LTM and ASM in one license.

It's sometimes difficult to customize APIs with F5 Advanced WAF, which could be made easier.

I've been using F5 Advanced WAF for three-and-a-half years.

F5 Advanced WAF is stable.

I previously used FortiWeb, but after comparison, I preferred F5.

The initial setup was moderate, and I would rate my experience as four out of five. Deployment took a month because we had to put it in learning mode, customize policies, and get the security signature.

We used a third-party team.

A yearly license for F5 Advanced WAF is expensive. I would rate the pricing at two out of five.

I would give F5 Advanced WAF a rating of nine out of ten.

We have several websites that are exposed to external users. We have a website for interaction with supply chain customers. We also have a website that gives access to CRM functionality to allow our customers to open tickets and disputes. F5 WAF is at the front for security and attack mitigation. It ensures that users are able to access only allowed pages.

The web application firewall itself is most valuable. It provides positive security and negative security. In negative security, it blocks a task such as cross-site scripting, code injection, etc. In positive security, it lets you specify and enforce things, such as the parameters allowed in username and password fields and the number of characters allowed in a field.

It also has antivirus and DDoS mitigation capabilities. We have enabled these features. 

It is also quite intuitive and user-friendly. They have several webinars that are actually like labs. You can use these webinars to learn about how to use all features of the product.

Its price should be better. It is expensive.

In general, it is stable and reliable. Over the past few months, several vulnerabilities were found in the product, but which product doesn't have vulnerabilities? The main question is how fast do you get the fix for it, and they provided the fix quite quickly. We had to upgrade it as soon as possible to mitigate the risks.

I didn't try to expand it. We have two staff members who are using F5 Advanced WAF.

In terms of its usage, we are deploying it on all points through which we are exposing services, but we are currently not exposing too many services.

I had only one case for which I had to call tech support. It wasn't a straightforward ticket. It was quite a challenging ticket. Eventually, they found a solution, but it took some time. It was challenging to find the bug in one of the previous versions. They also didn't know about it. We did the troubleshooting together until we found the problem.

We were using another solution before switching to F5 Advanced WAF. We didn't have success with that solution because the integrator failed to deploy it properly. It was more complex and not user-friendly.

It was a little bit complex. If you want to add an additional layer or model like APM with two-factor authentication, then it requires a little bit more integration.

It is expensive. Its price should be better.

Its licensing is on a yearly basis. Its licensing is also based on the model. There are no additional costs.

I would recommend this solution to other users. I will advise others to learn a little bit about how the HTTP protocol works. They should be familiar with the functionality of the product. They should not use it without understanding what they are actually doing.

I would rate F5 Advanced WAF a nine out of ten.

We host public-facing web applications or APIs. There are web applications that are owned by the company that is exposed to the outside. The internal infrastructure is within the premise. We use F5 to protect them. It's an HA model, and we have two sites.

We need to have an extra layer of protection. We were previously exposed to the public API. The deployment and the rate of deploying web-based applications had increased. After we introduced the web application firewall, it increased our ability to expose more of the services to the public. 

My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great.

The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer.

I have been using F5 Advanced WAF for four years, since 2018.

F5 Advanced WAF is a stable solution.

For the initial deployment, from what we were planning to implement, it was scalable. 

We now have other requirements that we need to engage with. They believe we need to increase our license, so we can accommodate more features.

There have been issues in the availability of quick support. For general issues there is no concern. The issue is when you need support right away, but it is not available.

Positive

The solution was deployed using network security. At the time of deployment, the appliance was there, but we did not have any person that was able to accomplish the deployment. It took six months to deploy.

We have definitely seen a ROI by using F5 Advanced WAF.

As far as the pricing of F5 Advanced WAF I would rate it a four out of five depending on what features I am looking for. Imperva is more expensive.

The price has remained consistent at a constant rate. There have not been any increases or any unforeseen increases when we're renewing our license. The price is fixed.

I reviewed Imperva only to compare pricing.

On the initial engagement, you should try to look on how best you can accommodate the quick support features, as this was a big struggle for us.

Overall, I would rate F5 Advanced WAF an eight out of ten.

For me, the primary use case is to secure web applications from external threats, including cross-site scripting, SQL injection attacks, file inclusion vulnerabilities, and many more. The tool has simplified protection against web applications and recent threats that might be visible. If your applications are vulnerable, it gets protected by F5.

It is a very flexible solution. iRules is quite appealing when it comes to F5, and they apply it throughout their solution. BIG-IP is a known platform, and it is a part of F5 now. Application delivery or web application firewalls, F5 understands these terms and then suggests better data policies. But you have to do the work on your application's performance first. You have to look in the logs and understand the total attack you should prevent when we put it in the circuit protection mode, which works perfectly well.

iRules truly excites me because it has the ability to prevent the end-user and infrastructure from external threats.

Even if the F5’s default signatures and the default behavior are unable to help you, you can customize iRules to reach the objectives.

I don't like the management control of F5.

Moreover, if you are not an expert, it would be really difficult to set it up.

I have been using the product for fifteen years or more.

It is a stable solution.

It is definitely a scalable solution.

The initial setup is quite straightforward. I didn't experience any complexity. It could be difficult for somebody who is not familiar with application load balancers or web applications. It takes a month to understand the entire architecture. It primarily depends upon how great deployment could be.

It usually takes about five to seven days to configure and deploy the F5 Advanced WAF in production mode. It is essential to ensure that your configuration works properly before putting it into production mode.

When you have already designed it, it takes around five to seven days to set up. But it takes more than a month to understand the entire architecture of the F5.

I would rate it an eight out of ten.

We are using F5 Advanced WAF to defend against web application attacks.

The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good.

F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features.

I have been using F5 Advanced WAF for several years.

My advice to others is F5 Advanced WAF is a powerful WAF for many years in the market, and it has powerful security features.

F5 Advanced WAF is a stable solution.

I have found that F5 Advanced WAF is scalable but there is a limit.

We have hundreds of people using this solution in my organization.

I have not used the support from F5 Advanced WAF.

The initial setup of F5 Advanced WAF is straightforward, but the process is lengthy.

We did the deployment of F5 Advanced WAF in-house. We have a team that's always ready and aligned with the process of maintaining F5 Advanced WAF.

There are different licenses available to use F5 Advanced WAF, such as BT, ASM, and LPM.

I rate the price of F5 Advanced WAF a four out of five.

I rate F5 Advanced WAF an eight out of ten.

The most valuable features of F5 Advanced WAF are SSL uploading, signature, and anomaly detection. It is overall a high-quality solution.

The solution could improve by having an independent capture module. It has a built feature that you can deploy the capture on your published website. However, it's not very user-friendly. When you compare this feature to Google Capture or other enterprise captures, they are very simple. It needs a good connection to the F5 Advanced WAF sandbox. When you implement this feature in the data center, you may suffer some complications with connecting to the F5 Advanced WAF sandbox. This should be improved in the future.

I have been using F5 Advanced WAF for approximately 10 years. This includes my experience when the solution was  formerly named Advanced Security Module(ASM).

F5 Advanced WAF is an extremely stable solution.

I have found F5 Advanced WAF scalable.

Technical support is handy and useful when you have your contract available. Once you lose it, you are all alone and there is a penalty to extend your subscription.

I have used FortiWeb previously.

These products are not meant to be compared, because they are serving in different areas of expertise. When you are low on budget, it's better to use the FortiWeb. When you have a budget and want quality, it's most recommended to use the F5 Advanced WAF. We are talking about different classes of quality.

When you are using the F5 Advanced WAF for any reason, you have to employ an expert. It's not the same as other solutions, such as FortiWeb, it is not easy to use. It's an advanced device, and you have to have an advanced person to operate it. This is the biggest problem that F5 Advanced WAF.

The price of the solution is reasonable when compared with other products, such as FortiWeb. I am very satisfied with the price.

My advice to those wanting to implement F5 Advanced WAF is they will need to have an expert on any stage of operation. Then once they decide to use the F5 Advanced WAF they have to have very good expert advisors for choosing the product because there are a variety of license options, and you may spend more than what you need. 

In the implementation stage, you have to have experts. At least three experts for the implementation phase. When it comes to the operation, you can't have a temporary expert that comes and goes, you have to have the F5 Advanced WAF expert in your company. It's an advanced device. It's completely different from the FortiWeb and the other devices. It gives you lots of options but it's complicated to implement. You have to have an expert to support you.

I rate F5 Advanced WAF an eight out of ten.

We use the solution to secure web applications running in the organization.

F5 is one of the best products. We use it for multiple segments within our organization and applications. It is a central point of all the applications being scrubbed and checked.

The customer service could be improved.

I have been using F5 Advanced WAF for more than ten years.

The product is stable.

I rate the solution’s stability a seven out of ten.

The solution is scalable.

Our entire organization and clients use the solution.

The initial setup is easy since I have used the technology for almost 20 years. Some applications require more attention depending on what you are doing and trying to achieve with the particular module. You need some assistance from the team in configuring the different components within the application through the web.

The solution is worth the money that you spend.

The solution is expensive.

Whatever you are looking for can be done on the platform. Some features may not be available with IO components. A few features give you the flexibility that no other product can.

Overall, I rate the solution an eight out of ten.