F5 Advanced WAF Reviews

F5 is a web application firewall and load balancer. 

The primary use case of this solution is for data protection and security.

I like all of the features, but the main one is the attack signatures.

If they could separate the control plane from the data plane, it would give us more flexibility, especially with the Hyper Cloud. This could be the reason they purchased NGINX.

They have released the first production release but they are not there yet. It would be good to have this separation in the near future.

Also, automation on the cloud is not easy. It's a bit of a job, and it doesn't auto-scale very well.

They need to work on the BIG-IQ, which is centralized management. There are too many devices. Managing them individually is inconvenient. Essentially, BIG-IQ is supposed to centralize the management for all of the boxes but it's not very effective.

I have been using this solution for more than five years.

The stability is very good.

There is no solution that is bug-free, but when comparing it with other vendors, I would say that F5 is less buggy than the others.

The scalability is an issue at the moment, which is the reason they need to separate the control plane from the data plane.

We are using this solution daily. It runs 24/7.

The technical support is very good. They are knowledgeable and helpful.

The initial setup was simple and it took an hour to deploy.

This solution does not require a lot of maintenance but we need to do the patching regularly.

We do the implementation but at times we get consultations from F5.

It's more expensive than other solutions and depending on the modules, there can be additional fees.

If I would compare F5 with other solutions, the main differences are the support and the stability of the code, it has fewer bugs.

For on-premises deployments I would recommend F5, but for the cloud, it would be questionable.

I would rate this solution a seven of ten.

We use F5 Advanced WAF to protect some of our web applications and web services. We use F5 Advanced WAF as a web application firewall in production. 

Our clients are liable for the security of applications on the internet because they are in the banking services sector.

In this case, we used a few long-term models because F5 Advanced WAF is a complete solution. Our customers do not only use this model. 

F5 Advanced WAF is similar to other solutions used for a lot of projects. 

It's feasible for our customers to improve on their protection ability within the applications from secondary attacks, i.e. MySQL injection.

Each company is liable for the security of the customers using the service.

With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform. It was integrated by our company and not the dealer. 

For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use.

F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard.

We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future.

F5 now is the product we use for the web products to have a web application firewall.

We need better integration in the application and more security features in the future.

F5 Advanced WAF is very stable.

The technical support of F5 I didn't use, but I heard people like the feature. I haven't needed it personally.

We have used some other products but they didn't have enough functionality. You can launch media adaptation for variety with F5. That is one of the biggest advantages of this solution.

In the market now there is a lot of information on the setup of F5 Advanced WAF. You can look for it on the company website. I didn't use F5 support directly, just the materials.

F5 Advanced WAF is not a cheap product.

My advice is to recommend F5 Advanced WAF for use. On a scale of 1 to 10, I would rate F5 Advanced WAF a nine.

We are a PPS payment providing services company in banking, so, we are using it for that. We are banking company and we are using it as a web application firewall.

We have an SOC, and for collecting logs we are also using the F5 logs to analyze the securities and events. So having a central log management and F5 really helped us to analyze the security logs. It also helps with blocking the attacks on web applications.

Everything is good about the F5 WAF, except the reporting. It's really difficult to set records from that device, the UI is kind of hard to work with, and the reporting must be improved.

As a suggestion to the F5 company, they have to put in shells to have the next generation WAF. So, instead of buying different modules and different hardware and appliances, they can offer an all-in-one solution for WAF.

The initial setup was was easy to install. Our department wasn't installing it, the infrastructure department installed it, so we gave them the policy that we wanted to use.

Because of the sanctions, we couldn't buy it straight from the US, so we bought it from an Iranian company. They provided us that solution. The company that sold us the device also had some people to consult with us to give us best practices from the previous companies that installed it.

I think it's a good product but the F5 uses shells, so the people who want to work with the device have to be pro in Linux. If they can put everything in the UI so every regular security engineer can work with it, it's fabulous.

I would rate the solution 8 out of 10. We are concerned about the other factors but it's actually not F5 company's fault. The pricing is really high here right now because of the dollar rate but it has nothing to do with the F5, it's because of the sanctions I imagine. At the moment it's a really expensive solution for us, not only F5 but the other appliances. 
If I went to another company, and the other company hired me, I would suggest they use this device. Although we don't have a lot of options to choose from around here.

We use the solution to secure web applications running in the organization.

F5 is one of the best products. We use it for multiple segments within our organization and applications. It is a central point of all the applications being scrubbed and checked.

The customer service could be improved.

I have been using F5 Advanced WAF for more than ten years.

The product is stable.

I rate the solution’s stability a seven out of ten.

The solution is scalable.

Our entire organization and clients use the solution.

The initial setup is easy since I have used the technology for almost 20 years. Some applications require more attention depending on what you are doing and trying to achieve with the particular module. You need some assistance from the team in configuring the different components within the application through the web.

The solution is worth the money that you spend.

The solution is expensive.

Whatever you are looking for can be done on the platform. Some features may not be available with IO components. A few features give you the flexibility that no other product can.

Overall, I rate the solution an eight out of ten.

I work for a bank and our use case of WAF is to protect our applications, including mobile ones. We are users of this solution and I am an IT specialist engineer. 

Protection from attacks is the best feature of this product. 

We sometimes get pages with false positives. The F5 team does its best to deal with this problem. I'd like to see this product compatible with more mobile applications, like protecting something devices from a malicious server or from the mobile application itself.

We've been using this solution for one year. 

The stability is good. 

The version we are using is not very scalable. 

The technical support is generally good although in some cases they take a long time to respond and we then need to escalate the case to get an answer from a higher level. The team is mature and they are able to solve our problems.

Positive

F5 has good documentation available on their website so deployment is relatively straightforward. 

This is a mature solution and a very powerful device for protecting web applications. I rate this solution eight out of 10. 

We use this solution because we provide a platform that requires a lot of security.

The solution is deployed on cloud.

We have thousands of external users.

I like the security features, especially against SQL injection.

I would like to see additional controls.

I have been using this solution for a year.

The stability is reasonably good. There haven't been any major issues so far.

It's scalable. We haven't had any major issues so far.

We went through the managed service partner, so they did the deployment. Deployment took about 15 days.

We have a few IT experts for maintenance. 

Implementation was done in-house.

I would rate this solution eight out of ten. 

My advice is to do a thorough testing of the application.

F5 Advanced WAF could improve the precision of the scanning. There are many false positives. They should improve their threat database.

I have been using F5 Advanced WAF for three years.

F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb.

I have found F5 Advanced WAF to be scalable.

The local support is good and they have been helpful. However, if we raise an issue to the global support they take a lot of time to return our inquiry.

The price of the enterprise solution is reasonable. However, if you are a small to medium-sized business the price could be difficult to afford.

F5 Advanced WAF pricing structure should be adjusted to meet the need of small to medium-sized companies.

I rate F5 Advanced WAF an eight out of ten.

We have many types of service, provided by the company.

We can monitor IP locations, but we have constraints from each country. It has a replication feature. Licenses can be shared, taking turns with each license.

The reporting could be clearer and embedded to include our movement data. The product could improve the interface by reducing the bookmarking more frequently and some other features. Ideally, it could do with a brand new interface. There is sometimes information overload in the logs. It is sometimes difficult to detect attacks on the firewall because it is hidden amongst many other data. The logs are not always helpful in this regard. I was disappointed in the reporting.

We have been using F5 Advanced Web Application Firewall for about one year and the same for Fortinet FortiWeb.

Scalability is fine, and we don't have any complaints so far. It's flexible once you want to expand it, but that includes the license upgrade for additional features.

We use a reseller for technical support. Technical support is very good.

We have looked at other options, but they have different solutions to the F5 Advanced Web Application Firewall.

Setup and installation are easy.

We use the reseller to implement it from scratch until it is fully deployed. Implementation does not take long.

There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version. You are only charged by the total data transferred, and there are hourly charges for the protected web application.

We are constantly looking out for features which are not available in the current product. We have set alerts to flag when these features become available.

I would rate this solution as 9 out of 10. They can combine firewall software with other software solutions with this product. It has a good community to see what other ideas for the product are out there.