F5 Advanced WAF Reviews

We primarily use the solution to protect web and API applications. You can choose either web classic or API to protect against different types of attacks.

With Advanced WAF protection, F5 was able to protect multiple kind of Web Application, supporting both HTTP & API protocols access

There are two main features that we love on F5.

The first is the hardware itself. It's extremely stable and reliable. We never face any issues with it and performance is never affected. 

The second is the features on offer. Feature-wise, they are always cutting edge and up-to-date. Many features aren't available via competitors. There's always a lot of enhanced critical features that just aren't available through anyone else, or, if they are, are too lightweight. They're the leaders in the space.

We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement.

The solution still needs some development to handle more traffic, especially in huge environments. In small environments, it's not an issue. 

I've bee using the solution for more than ten years.

The solution is extremely stable and robust. There are no issues with bugs or glitches. It doesn't crash or freeze. It's great. The stability is a huge selling feature.

It's scalable. There's always options to upgrade the hardware. Any hardware you buy from a store, you have the basic model and the upgraded model. For example, if you buy the 4600 appliance, you can upgrade up to 4800. You get double specs for everything, so you can just upgrade the license of the hardware. However, hardware eventually has a limitation. If you buy too small of a size of hardware, eventually there's some development limitations for the hardware. You can, however, do a cluster. You can add multiple hardware devices. This makes it very scalable.

The solution is not user-based. It's more connection-based, so there's no limitation on the number of users. It's more of a limitation on total throughput or total connection. Limitations depend on the application and how much traffic it generates. We've seen it in Telco environment where there's more than millions of users. We've also seen it do well with online banking where there are thousands of users. Small companies can use it too. It can vary, however, we've seen it in millions of users at Telco.

Technical support is great. We always open tickets. They're always very fast and very professional, and they always solve the issues. We're extremely satisfied with the level of support we receive.

If you want to do the basic installation and get the system up and running, then it's pretty straightforward. However, you have the flexibility to go very advanced and you can get into very complicated scenarios. That's what we like about the solution. There's a lot of use cases where you're required to have the ability to create some advanced features or some complicated scenarios. It gives you the capabilities to handle them.

You have the flexibility to go beyond that and have advanced scripting rules and advanced features in order to have more capability to do new things that are not as common. You need to have the space to improvise things if you need to.

While a straightforward deployment may only take a few hours, as it has a pre-defined rough template, there's always tuning to be done. It's a security product. It's not like it's plug-and-play. There's always a learning phase and tuning is necessary. This is common with any security product. That said, to get it up and operational, it's a matter of hours.

For a proper work deployment, to be frank, you need an ether professional because there's an ether configuration change. You also need a security professional to do the rules and policies and everything. Then, you need the involvement of the web application developer, so you can understand the content of the web application. Security people don't know which link is good and which link is bad inside the application. Usually, you need three people from the team - one each from network, security, and application - to have a proper deployment.

We're an integrator.

We have a big customer base, therefore we always have to be up to date with the latest versions. We feed to constantly look at things so that we know the new features.

I highly recommend the solution to other companies. F5 has a huge portfolio of plug-ins. You can add it to the top of the web. On the same appliance, you can have your balancer, you can have your application authentication, and those things that turn on. You can have multiple other features on the same hardware. It is definitely a technology that adapts. I can use the application in different ways beyond just security.

On a scale from one to ten, I'd rate it at a perfect ten.

On-premises

We use this program 24/7 as a firewall to block malicious requests. We update regularly.

The solution speeds up our web application speed. This increases the availability of our services, because of the web base load balancer. It also improves our application security because of the additional features of the web application firewall. So our website works faster and better and it has a lower impact on our servers.

The features I find most valuable is the behavior analysis and the additional subscription for global threats. It's an additional feature, which I haven't seen in another solution. I also like the DDos protection behavior too, because some DDos are quite a problem and we have problems with it.

I am very happy with the interface, the dashboard, and the reports. Whenever I see a malicious request, I can see if I blocked it and then I can decide if I want to accept or decline. I am therefore completely happy with the ability to report and so on. 

This solution is the best out there on the market. One thing that can be improved, is to increase the quantity over predefine policy. I know it's impossible to do it all, but what I would have liked to increase the ready-to-deploy templates with only a few clicks.

I've been using the solution for four months on our premises now.

I have had no issues with the stability. Even my friends with bigger installation systems are satisfied with the stability. I believe it depends on how many features you use. I have also had no issues with clusters or software update signature updates. I believe this program is even more stable than the Windows server.

Whenever I need more performance, I just buy upgrade licenses and additional license keys. So scalability is a question of paying more. It is simple. Everybody who uses the site employs external clients. 

When I asked support for help they answered the same day with the answer. But it was small issues. I haven't had any serious bugs or any troubleshooting.

I have used different products with lower segments in other solutions. Some were magic when it comes to security and availability but they don't provide visibility on how it works, how it secures and so on. And there is no additional protection from both ends to have a behavior analysis. That is why we chose Advanced WAF. We chose it because of its additional features. We need a solution that is stable and that can offer deep analysis.  

The installment was straightforward and it took us about two hours. Deployment took a week or maybe two to complete. Complete installation for such a complex system is quite fast. 

After buying the program, you just pay for the support every year.

I definitely recommend this solution because of the time you save on analysis. It is a stable program and you get additional features. The more you work on it, the more features you discover. I rate this solution ten out of ten.

We are a system integrator and we design solutions for our customers. We provide all kinds of networking solutions, as well as security, and we are sometimes responsible for the integration as well.

We are partners with F5 and this is one of the solutions that we provide to our clients.

Our customers are organizations, including government departments, who use their firewall for load-balancing purposes. However, for some time now, they have wanted to add an additional layer of security, which is why they implement this solution.

We normally propose the on-premises deployment model to our customers.

This solution is an enterprise-class firewall that provides both load-balancing and security.  Once it's deployed, it works smoothly and without issue.

I would like to see the pricing of this solution improved. There are a lot of other products that are trying to compete with this solution, and there are a few now that are very good. I know that F5 doesn't always worry about the pricing because of the branding, but if they want to capture more of the market then they need to consider that not everybody thinks about the brand. Some are concerned with the price, and some of the competitors offer solutions at a lower cost. While it is true that price is only one of the things that people consider, it is one of the major factors that can cause them to lose the battle to a competitor.

This solution can be made more user-friendly.

We have been proposing this solution to customers for ten years.

This is an enterprise-class product, and as long it is deployed properly it is quite stable. We have not had any issues post-deployment. This is one of the reasons that customers are paying for F5.

This is a very scalable solution.

Technical support for this solution is good. We have had a couple of tickets, and it was pretty good.

The complexity of the initial setup is on a case-by-case basis.

If the customer is primarily interested in load-balancing then it is straightforward and it takes a few days. Once the customer is ready with all of their information, it doesn't take much time. In more advanced scenarios, it can take months to fully set up and configure.

Keep in mind that this is an enterprise-level product, so many of the competitors will take less time in setup. Not every engineer can configure F5 WAF.

We perform the integration for our clients. We have our own deployment team that keeps up to date with the latest features in the market. They have the latest training materials and are aware of technical changes that are happening when it comes to these solutions.

When we have this kind of project, one person will be dedicated to the deployment and they will ensure that the solution has been deployed properly. After this, things will be taken care of by the general engineering team. We have a pool of resources who can handle maintenance such as upgrades.

Licensing fees for this solution are paid on a yearly basis.

My advice to anybody who is considering this solution is to have clarity with respect to their own scenario, or application. They have to know what they are expecting out of this deployment. As the system integrator, I may not be sure about the client's applications or how they work internally, so I have to rely on them.

I would rate this solution a nine out of ten.

In general, the web interface is not really catchy. It's very powerful, very customizable, but it doesn't have a very nice GUI interface for a new adopter. For them, they'd have to do a lot of configuring. At least the reporting and monitoring parts, let's say, to be honest, should have a better interface. A few other products have very nice dashboards, out of the box, and F5 is not that friendly to use.

Also, when you buy WAF, you have to buy another module called APM to do authentication. You have to buy another module with an extra license, to have the authentication feature. Other vendors have it interwoven. For example, I don't know if Barracuda has it, but Citrix has it under the same license. So maybe add authentication functionality in the AOS license, and not separate.

I've been using the solutions for 10 years.

The stability is perfect. 10 out of 10. We've not had any trouble with any deployment ever. And they are very big deployments: service providers, TelCos, banking, everywhere. Even on distant parts of the network, we have not had any kind of performance issues. Of course, as long as the sizing is within the appliance performance range. But it never has had a failure in performance or degradation of service or anything like this, as long as the full-time traffic is within the box capability, we've never had an issue.

It's scalable. 

We are a partner for F5, or a system integrator, not the client. So we do the implementation for other companies. I've been working with F5 for more than 10 years, so I know them very well. 

I like them because I like the security solution. They get extra marks compared to other solutions or competitors. There are more features than any other product I can think of. They're always monitoring, and the security features offer more than other, lesser products.

I would rate this solution 10 out of 10.

We use the F5  Web Application firewall to protect our corporate web server. The security of our web is our absolute highest priority.

We've only been using this solution for six months now, so we can't really see any improvement yet.

The most valuable feature is network detection intelligence and the ability to get extra internal access. I don't have knowledge about all the functions but, because it is a fully automatic process, the devices scan a lot of traffic. It is automatically set up to protect our web.

The administrator's user interface and some of the settings can sometimes be very complicated to understand. It would really help if they could be easier and more user-friendly. Perhaps the developers can add a training video that shows users what to do. I am sure it is a good product and you only need some experience to become familiar with it.

Another thing that may need improvement, is upgrading from one version to another. It is good, but it can be faster. 

We've been testing the F5 -BIG-AWF-VE Web Application for six months now and we plan to implement the solution in July.

It is a very stable solution. We currently have three administrators and about 300 users working on it.

The scalability is great because we can change or set this device up for almost everything. We can even extend to other functions and buy new licenses - this product will automatically adapt to these new functions. For example, we can buy a license and F5 will automatically extend to these functions. It is a very simple process to extend functionality to this device. You only need to install the license and configure it.

The technical support is perfect. Our company is a corporate partner, and we can also use services directly from other international support centers.

It was a very difficult decision to find the right solution. We used open source software before to protect our system's open source architecture.
We switched to F5 WAF because, for us, professional services are absolutely necessary. There are other cheaper options on the market, but when you need support, it can sometimes be a problem. 

We've incorporated our partner and he initiated the setup of this device. He used both the manual and the automatic setup options, and then he compared the two options. And now, as we are in production, we choose either automatic setup or manual setup. The automatic setup is quite easy, but the manual setup is complicated. It all depends on what you want from the product.

Our partner was responsible for the initial setup. 

I will rate the product a nine out of ten. 

Most of the time, we use it as a load balancer. It's for the client’s applications. They then apply WAF policies, of course, if the customer wants, and also an APM solution, like VPN access or Web Box, like a web and reverse protocol. Customers vary in terms of what they want.

The WAF and APM are very useful. I like the modules.

The solution has been mostly stable and reliable.

It can scale.

The BNS module needs improvement.

I’ve been using the solution for the last four and a half or five years. It’s been a while.

Most of the time, the stability is okay. For the most part, we don’t have issues with bugs or the solution crashing. It’s fine.

The solution can scale as necessary.

We have a lot of telecom and banking clients that use the solution. I’m not sure how much in total each client has in terms of users. Whoever would be using it would be more on the technical side.

We do plan to increase usage and to continue to offer this to our clients.

We help with the support as well as implementation. If a client runs into issues, they can always talk to us.

I’ve contacted the technical support of F5. However, I haven’t used them that much. They have always been okay. I’ve never had issues with them.

Sometimes the setup is straightforward. Other times it’s more complicated. It depends on the client and the project. How long the deployment takes depends on what they want.

You only need one person to handle deployment and maintenance tasks.

We are an integrator and can help customers set up the solution.

While there may be a potential for ROI, I don’t track it.

I’m not sure about the licensing. I don’t handle this aspect of the product.

We’re platinum partners with F5 in Greece. We’re integrators and resellers. We work with different versions.

The solution can be deployed both on the cloud and on-premises.

I’d recommend the solution to others.

I would rate the solution nine out of ten. We’ve been pretty happy with its capabilities.

Public Cloud

Microsoft Azure

We have many types of service, provided by the company.

We can monitor IP locations, but we have constraints from each country. It has a replication feature. Licenses can be shared, taking turns with each license.

The reporting could be clearer and embedded to include our movement data. The product could improve the interface by reducing the bookmarking more frequently and some other features. Ideally, it could do with a brand new interface. There is sometimes information overload in the logs. It is sometimes difficult to detect attacks on the firewall because it is hidden amongst many other data. The logs are not always helpful in this regard. I was disappointed in the reporting.

We have been using F5 Advanced Web Application Firewall for about one year and the same for Fortinet FortiWeb.

Scalability is fine, and we don't have any complaints so far. It's flexible once you want to expand it, but that includes the license upgrade for additional features.

We use a reseller for technical support. Technical support is very good.

We have looked at other options, but they have different solutions to the F5 Advanced Web Application Firewall.

Setup and installation are easy.

We use the reseller to implement it from scratch until it is fully deployed. Implementation does not take long.

There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version. You are only charged by the total data transferred, and there are hourly charges for the protected web application.

We are constantly looking out for features which are not available in the current product. We have set alerts to flag when these features become available.

I would rate this solution as 9 out of 10. They can combine firewall software with other software solutions with this product. It has a good community to see what other ideas for the product are out there.

Public Cloud

Amazon Web Services (AWS)

The DCI feature is very valuable. The solution is very robust, and I like the setup.

With this solution, you can set distinct perimeters that you can monitor. You can go very granular, which makes it possible to set up very specific perimeters that you are then able to secure.

The solution is tedious. It takes a lot of discrete settings so one needs to get detailed and granular when they use the solution. It takes you a whole lot of energy and concentration to configure. It needs to be much more straightforward, like other web solutions.

They need to have a way to define attack signatures. It might help improve the user experience.

I've been using the solution for close to four years.

The solution is quite stable. Since 2016, there hasn't been any concern in regards to security.

The solution is highly scalable.

Technical support is excellent. It's top-notch.

The initial setup was very straightforward. The solution is very compact. It takes more than one month for effective deployment.

The solution isn't too expensive. The license allows you to license what you need and leave out what you don't need.

We currently deal with the on-premises deployment model.

I would recommend the solution for use as an efficient firewall. Security is a complex thing, however, and I would advise others to use multiple vendors for different layers.

I would rate the solution ten out of ten.