F5 BIG-IP Advanced Firewall Manager (AFM) Reviews

The primary use case for F5 BIG-IP Advanced Firewall Manager is in government offices.

The features of F5 BIG-IP Advanced Firewall Manager that have proven most effective in securing the network are significant. The user mentioned that these features are valuable in security management, suggesting that they find the product attractive for their needs.

I have encountered challenges with the price of the solution. Apart from the price, I feel no other areas need improvement.

I have used the solution for two years.

I would rate the stability of F5 at eight out of ten.

I would rate the scalability of F5 as six out of ten. While there is room for improvement, it somewhat meets the scalability requirements.

The initial setup was easy for me.

The price of the solution presents a challenge.

Based on my experience, I recommend F5 BIG-IP Advanced Firewall Manager to other people. 

I would rate this solution overall as eight out of ten.

In the past three years, I implemented Advanced Firewall Manager to safeguard our clients' DNS solutions and protect applications from DDoS and BPOS attacks. This involved securing DNS queries and ensuring resilience against various cyber threats.

The most valuable features of Advanced Firewall Manager are its effectiveness in protecting applications from DDoS attacks, ensuring service availability, and safeguarding against infrastructure and application-level threats. It excels in preventing downtime and maintaining application performance, which is crucial for our clients' security and operational continuity.

There is room for improvement in Advanced Firewall Manager's dashboard statistics, especially during attacks. Enhancements in graphical representation and more detailed reports would be beneficial for a more comprehensive understanding of the security landscape.

I have been using Advanced Firewall Manager for seven years.

In terms of stability, Advanced Firewall Manager performs well. Logging is straightforward, allowing for easy analysis and integration with other solutions. It provides detailed logs during attacks, facilitates in-depth review, and supports integration with SNMP for added insights into security events.

Advanced Firewall Manager scales well with a flexible SKN architecture, allowing easy capacity and high availability expansion. This scalability extends to hybrid setups, enabling consistent policies and configurations across on-premise and cloud environments through the BigIQ solution. It ensures seamless synchronization for efficient management.

Contacting F5 support for issues, especially related to traffic, attacks, or platform bugs, is easy and communication is straightforward. However, there is room for improvement in the support team's accuracy, as sometimes their recommendations may not directly address the reported issues, leading to a need for clearer and more relevant guidance. I would rate the support as a seven out of ten.

Neutral

The installation could be moderately complex, involving the implementation of new traffic flows and applications into the network for protection. Deployment for Advanced Firewall Manager for one application takes approximately one week. However, the technical configuration itself, focused on proactive platform setup and protection, can typically be accomplished in about a day. 
Deploying Advanced Firewall Manager usually involves around five people, covering security, network, application, support, and project teams.

While Advanced Firewall Manager comes with a relatively higher price, it aligns with the platform's benefits, stability, and warranty.

Overall, I would rate F5 BIG-IP Advanced Firewall Manager as an eight out of ten.

We use the solution for load balancing and WAF (web application firewall).

The solution's initial setup is not easy.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for three years.

F5 BIG-IP Advanced Firewall Manager is a stable solution.

I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten for stability.

F5 BIG-IP Advanced Firewall Manager is a scalable solution. Two administrators from IT use the solution for load balancing, and two administrators from security use it for WAF.

We previously used Arbor and Radware.

We implemented the solution through a consultant.

For our services, the solution took nearly three months to deploy.

We need to pay a yearly licensing fee for the solution.

I would recommend F5 BIG-IP Advanced Firewall Manager to other users.

Overall, I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten.

We primarily use the solution as a data center firewall. 

It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.

The protection is very useful. 

The solution is stable. 

Once you understand the logic, it's straightforward to set up. 

We seem to have confusing logic from the solution itself. This needs to be addressed. 

For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.

Technical support could be better.

I've been using the solution for the last three years. 

The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.

Technical support is not that great.

The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.

Negative

The initial setup is illogical, which makes it difficult. 

Basically, as a user, you are expecting something,  it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.

The deployment only takes four days. 

I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM. 

The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.

The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.

It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.

In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.

When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.

The pricing is somewhere in the middle. It was not expensive and not cheap. 

The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.

You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.

Support is also an additional expense. 

We're resellers. We're using the latest version of the solution. 

Chances are, as a standalone product, you can find a better firewall at the same price. 

It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense. 

I'd rate the product five out of ten. 

We primarily use the solution as a firewall. 

We use it to block or allow traffic inside the infrastructure.

Usually, if we want to tie it up to another service, we usually use AFM. The reason we use AFM is due to the fact that we have Anti-DDoS equipment and the components in order to mitigate those attacks, we use a combination of AFM, ATM, and GTM.

It's deployed in order to allow or deny traffic for us. It controls the flow and acts as a layer of security. It also is able to handle routing. 

The security is quite good. It allows us to block certain addresses. 

It is stable. 

Support is quite helpful.

We have witnessed an ROI. 

Some spam can go by the firewall. The processing is a bit slow, and spam can get by. 

We'd like to be able to do a deep packet inspection. We haven't enabled that. Hopefully, the next-generation firewalls will be able to do that for us.

The solution is a bit pricey. 

I've used the solution for around four years. It's been a while. 

The stability is okay. I'd rate it seven out of ten overall. 

The scalability would be based more on the hardware aspect. I'd rate its ability to scale at a six or seven out of ten, since it is rather fixed. It's still hardware and not fully virtualized, which makes scaling limited. 

Technical support is pretty good. I do find them to be mostly helpful and responsive. 

Positive

I have also used Check Point in the past. I've also used a few other firewalls as well. 

I wasn't directly involved in the initial setup. When I arrived at the company, I was more on the operations side of things. 

We have witnessed an ROI while using the product. 

The solution is a bit expensive. I'd rate pricing four out of ten in terms of affordability. 

Companies should implement the solution if they have the budget. If you're going to deploy a security firewall device, this is a helpful solution.

I'd rate the solution seven out of ten. 

F5 BIG-IP AFM is deployed on-premise and in the cloud.

We are using F5 BIG-IP AFM mostly for financial services.

F5 BIG-IP AFM has improved the way our organization functions.

The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.

F5 BIG-IP AFM is very good.

The scalability of F5 BIG-IP AFM has been very good.

We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.

The support that we receive from the F5 BIG-IP AFM has been very valuable.

Positive

I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.

The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.

We did the implementation of F5 BIG-IP AFM in-house.

We have seven people that are maintaining F5 BIG-IP AFM.

F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.

I rate F5 BIG-IP AFM a ten out of ten.

I am using F5 BIG-IP Advanced Firewall Manager (AFM) for load balancing and an IP gateway.

The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available.

The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM).

In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately five years.

F5 BIG-IP Advanced Firewall Manager (AFM) is a stable solution. I have not had many issues.

The solution is scalable, but there are costs involved.

We have approximately 10,000 users using the solution. The solution is being used daily.

I rate the technical support of F5 BIG-IP Advanced Firewall Manager (AFM) a four out of five.

They're responsive and have always have pointed helped out when we had issues.

The initial setup of the F5 BIG-IP Advanced Firewall Manager (AFM) is of a medium level of difficulty. There are technical elements that are required to set it up.

We used the vendor to help us do the implementation.

F5 BIG-IP Advanced Firewall Manager (AFM) is an expensive solution. They are one of the best in the market, but the price could be cheaper.

I rate the price of F5 BIG-IP Advanced Firewall Manager (AFM) a three out of five.

There are competing solutions in the market. In terms of what F5 BIG-IP Advanced Firewall Manager (AFM) offers, from the load balancing point of view, I think they are one of the best. When it comes to firewalls and other solutions, there are better ones, such as FortiGate, Cisco, or Huawei. As a firewall, they are not the best. However, for load balancing, they're the best.

F5 BIG-IP Advanced Firewall Manager (AFM) is a popular big brand name behind it. However, it is expensive. Everything that is being used by large corporations is going to have a high cost.

I rate F5 BIG-IP Advanced Firewall Manager (AFM) a seven out of ten.

I use F5 AFM (Advanced Firewall Manager) for several solutions including firewall, load balancing, and security.

The F5 product has one thing that is remarkable. I do not have any two deployments for customers that are exactly the same. There are so many opportunities to configure the product to the client's exact needs that it offers unprecedented flexibility.

I would have to say that F5 excels in all aspects of network protection. There are five modules and I have yet to use them all. I use the LTM that's Local Traffic Manager, then I've worked with APM or Access Policy Manager, and I've worked with AFM which is Advanced Firewall Manager.

 If I were a CPO of an organization, I would just get F5 in my infrastructure to perform all the network security activities. I could just do that if I have the budget rather than bringing in separate solutions like Barracuda from one vendor and then bringing one other solution from another vendor. This is a unified solution that is already integrated and optimizes performance.

F5 will do load balancing, security, act as the firewall and F5 excels in executing all of them. How it gets deployed depends on the customer and on what particular features the customers want. From a deployment perspective, F5 is excellent in all of them.

I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.

I can vouch for the stability of F5. The product has been around for a while now. In fact, there is a particular claim that they use in their marketing and we have experienced. We have had some customers where we find that in the environment they have very old, end of life cycle, machines that are still running their F5 instance. 

Even though the product is 'end of life' F5 company is very committed to supporting it. So the improvements keep coming out. It is technically not 'end of life' because they still support it. We have not had any customer that complained that "Oh they are billing me for the F5 system because of one upgrade." It's very, very stable, it's reliable once it is deployed. It's just there once it is deployed and there is nothing to worry about.

F5 is also highly scalable. You can easily upgrade from one version to the next or even upgrade the machine. The hardware is scalable. We can and have easily upgraded a deployment either by turning on or applying a license. As for the machine, you can upgrade the physical hardware or you can use a virtual machine because they have a Virtual Machine Edition. The scalability is versatile and straightforward.

I find the technical support to be top-notch. I rarely have to contact technical support. The only time I do is if I think I don't have time to do research on my own by taking the time to look things up by reading community posts. If I can just quickly contact technical support, sometimes it makes more sense. Whenever I have contacted technical support, they call back within the hour. It also depends on the severity of the issue that you're reporting. When you submit a ticket, you have severity level 1, 2, 3, 4. So, the response time depends but whatever the case is. But the technical support are always responsive. They call you and they stay with you till the situation is resolved.

There was only one case I reported that they did not resolve immediately. The engineer could not find a solution to the issue. They had to do something to actually change the OS. They have a special way to address this kind of problem. They call it the engineering hot seat. That engineering hot seat solution had to come out as an update in the next version. So, that's how professional and resourceful technical support is. They're fantastic.

The product is easy to install. It's straightforward. In fact, the first time I deployed F5, it was my very first experience doing an installation of the product. It was my very first experience using F5 and I deployed it for an Enterprise customer and it was successful. That was my first time using it and it was successful. If you follow the guidelines that they give you, it says "do this, do that," and it is very very easy. 

There have been applications that I have installed with terrible navigation. You can't move from point A to point B, C, and D. Or by the time you get to D you can't get back to A. F5 just works. It is easy to navigate and install.

We deploy this product ourselves for clients, and as I mentioned it is easy to do even for the first time.

The product is a little expensive but it is such a good solution and unified that the cost is worth the price.

We have evaluated and also recommend other solutions when the client does not have the budget to go with F5. For example, we used some Cisco solutions which are also expensive but they are not as versatile and easy to deploy and manage.

I have not had any deployments that are exactly the same. For example, if I deployed everything as a solution for customer A and for customer B I do deployments with the same set of applications, and even then there are differences in the deployment. In all the experiences I have had, they have never been the same in my entire four-year experience installing the product. That shows how broad F5 is in its ability to manage situations and customize the experience for specific organizations.

It is usually the case that customers tell us what they want to achieve. They tell us what the need is in their network or in their infrastructure, or they tell us the solution that they expect as a result and then we make a recommendation. If we make the recommendation and they are impressed with the capabilities that the solution can achieve, then they go for it if they have the budget. If they do not have the budget or they don't like what we propose we can give them a different plan.

In most cases, our customers have taken the time and have done their research very well. They just say, "okay, we need this product or solution and I want this product deployed." In most cases, we don't even get to do a recommendation because they have done their research. They have come to a conclusion as to what product meets their needs whether it is because of the name or the advertising. In my opinion, it may not always be the best solution, but they are the client so we give them what they ask for.

The dashboard and the interface for F5 are fantastic. That is really something that is remarkable. It is unlike any other solutions that I've worked with. For example with Cisco, many of the things that you want to do you have to take care of on the command line. It is not very convenient. With F5 you find everything in the interface. There is hardly anything that you want to do with F5 that you can't do from the GUI.

In terms of analytic reporting, the product has very good detailed analytics that comes with the product that you can access on the dashboard. There is also analytics and analysis with visibility reporting. The module that is dedicated for that gives you a fine grain access into everything that you want to see and report on immediately. With everything I want to do for the client in F5, the GUI allows me and maybe this makes a big difference for me in the evaluation of the product because of its ease of use. The dashboard is fantastic and the GUI is excellent.

What I find most impressive about F5 is that, as long as you know what you want to do, as long as we know what you want to achieve, you find the solution there. Let me restrict this example to the LTM (local traffic manager). Let's say, for instance, you want to deploy your application and then there is a feature you want to add or you want to introduce some kind of logic you want to introduce that you cannot find in GUI or it doesn't even come packaged with the box. If you have an idea of what you want to do, you can program it in.

There is a feature you can use to introduce some programmability into the box. It really just comes down to you knowing what exactly you want to achieve. If it doesn't come already pre-programmed as part of the package, this feature will allow you to program it in yourself. There is hardly anything you would want to do that F5 cannot do for you.

On a scale from one to ten, where one is the worst and ten being the best, I would rate this product as a nine. The only reason I will not give them a ten is because of the cost. But based on functionality and ease of deployment, scalability, reliability, overall security and functionality, I give them nine.