F5 BIG-IP Advanced Firewall Manager (AFM) Reviews

We use the solution to establish a clientless VPN and the client VPN. We also use the solution to monitor traffic, block traffic, and filter traffic between the external and internal fixed environments.

The solution is easily deployable and has great functionality.

The solution's UI could be improved. The solution takes a high CPU computing power.

I have been using the F5 BIG-IP Advanced Firewall Manager for two years.

F5 BIG-IP Advanced Firewall Manager is a stable solution.

More than 1,000 users use the solution in our organization.

The solution's initial setup is straightforward.

If the environment is correctly set up to be fully functional, deploying the solution takes less than an hour. We implemented the solution through an in-house team.

You have to deploy the solution on some virtual machines. After we have deployed, we have to configure the interface. Once it is deployed and the virtual interface is completed, we apply the security policy and security profile.

F5 BIG-IP Advanced Firewall Manager is not an expensive solution.

The solution has great functionality and many capabilities. I recommend the solution for businesses because you get all the needed functionality in one place.

Overall, I rate this solution a nine out of ten.

We primarily use the solution as a data center firewall. 

It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.

The protection is very useful. 

The solution is stable. 

Once you understand the logic, it's straightforward to set up. 

We seem to have confusing logic from the solution itself. This needs to be addressed. 

For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.

Technical support could be better.

I've been using the solution for the last three years. 

The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.

Technical support is not that great.

The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.

Negative

The initial setup is illogical, which makes it difficult. 

Basically, as a user, you are expecting something,  it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.

The deployment only takes four days. 

I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM. 

The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.

The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.

It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.

In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.

When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.

The pricing is somewhere in the middle. It was not expensive and not cheap. 

The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.

You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.

Support is also an additional expense. 

We're resellers. We're using the latest version of the solution. 

Chances are, as a standalone product, you can find a better firewall at the same price. 

It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense. 

I'd rate the product five out of ten. 

We use the solution for load balancing and WAF (web application firewall).

The solution's initial setup is not easy.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for three years.

F5 BIG-IP Advanced Firewall Manager is a stable solution.

I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten for stability.

F5 BIG-IP Advanced Firewall Manager is a scalable solution. Two administrators from IT use the solution for load balancing, and two administrators from security use it for WAF.

We previously used Arbor and Radware.

We implemented the solution through a consultant.

For our services, the solution took nearly three months to deploy.

We need to pay a yearly licensing fee for the solution.

I would recommend F5 BIG-IP Advanced Firewall Manager to other users.

Overall, I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten.

We primarily use the solution as a firewall. 

We use it to block or allow traffic inside the infrastructure.

Usually, if we want to tie it up to another service, we usually use AFM. The reason we use AFM is due to the fact that we have Anti-DDoS equipment and the components in order to mitigate those attacks, we use a combination of AFM, ATM, and GTM.

It's deployed in order to allow or deny traffic for us. It controls the flow and acts as a layer of security. It also is able to handle routing. 

The security is quite good. It allows us to block certain addresses. 

It is stable. 

Support is quite helpful.

We have witnessed an ROI. 

Some spam can go by the firewall. The processing is a bit slow, and spam can get by. 

We'd like to be able to do a deep packet inspection. We haven't enabled that. Hopefully, the next-generation firewalls will be able to do that for us.

The solution is a bit pricey. 

I've used the solution for around four years. It's been a while. 

The stability is okay. I'd rate it seven out of ten overall. 

The scalability would be based more on the hardware aspect. I'd rate its ability to scale at a six or seven out of ten, since it is rather fixed. It's still hardware and not fully virtualized, which makes scaling limited. 

Technical support is pretty good. I do find them to be mostly helpful and responsive. 

Positive

I have also used Check Point in the past. I've also used a few other firewalls as well. 

I wasn't directly involved in the initial setup. When I arrived at the company, I was more on the operations side of things. 

We have witnessed an ROI while using the product. 

The solution is a bit expensive. I'd rate pricing four out of ten in terms of affordability. 

Companies should implement the solution if they have the budget. If you're going to deploy a security firewall device, this is a helpful solution.

I'd rate the solution seven out of ten. 

We use these as our data center firewalls. At the time of our analysis of the systems, they were the ones able to process the large load of traffic that we needed over any other systems out there. So, capacity-wise, these were able to address our needs.

We have version 12, version 13, version 14, and version 15.

We're a media company, and it provides security around very sensitive content. It provides security for content before being released.

Its performance and ease of use are valuable.

There should be simplified and better integration with BIG-IQ. There should also be a more modular approach. I believe they are working on it, and it is just a matter of deployment.

I have been using this solution for eight years.

It is stable.

It is scalable. There are 20,000 to 30,000 people who use it on a daily basis. Their roles vary from content editors to content viewers at different levels of the organization. Its usage might increase.

I would rate them a four out of five.

We have got different products. We have got different vendors for firewalls. We have Palo Alto, Juniper, Cisco, etc.

It is pretty straightforward. The duration depends on our typical deployment scenarios. Usually, it takes about three months from the time our projects are fully approved and all the way down to deployment. So, from initial installation to releasing the production, our deployment scenarios take three months.

Its maintenance is easy and simple. For maintenance, we need a staff of one.

It was implemented in-house. For deployment, we have different teams and levels, and they could be a team of five. We have another team for the day-to-day operations, and they could be anywhere from ten people.

For our requirements, we have seen an ROI.

We did look at different options. At the time we were looking at it, this was the only one that was able to perform at the level of performance required.

I would advise doing your homework. Do your research, and make sure you understand what the product is for so that you do not deploy it where it will not fit your needs. This is not a next-gen firewall. It is not meant to compete against next-gen firewalls. It is meant primarily for DNS type of things. That doesn't mean it can't do next-gen tasks, but the way I see it and the way I understand it, it is more for data centers.

I would rate it an eight out of ten.

I am using F5 BIG-IP Advanced Firewall Manager (AFM) for load balancing and an IP gateway.

The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available.

The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM).

In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately five years.

F5 BIG-IP Advanced Firewall Manager (AFM) is a stable solution. I have not had many issues.

The solution is scalable, but there are costs involved.

We have approximately 10,000 users using the solution. The solution is being used daily.

I rate the technical support of F5 BIG-IP Advanced Firewall Manager (AFM) a four out of five.

They're responsive and have always have pointed helped out when we had issues.

The initial setup of the F5 BIG-IP Advanced Firewall Manager (AFM) is of a medium level of difficulty. There are technical elements that are required to set it up.

We used the vendor to help us do the implementation.

F5 BIG-IP Advanced Firewall Manager (AFM) is an expensive solution. They are one of the best in the market, but the price could be cheaper.

I rate the price of F5 BIG-IP Advanced Firewall Manager (AFM) a three out of five.

There are competing solutions in the market. In terms of what F5 BIG-IP Advanced Firewall Manager (AFM) offers, from the load balancing point of view, I think they are one of the best. When it comes to firewalls and other solutions, there are better ones, such as FortiGate, Cisco, or Huawei. As a firewall, they are not the best. However, for load balancing, they're the best.

F5 BIG-IP Advanced Firewall Manager (AFM) is a popular big brand name behind it. However, it is expensive. Everything that is being used by large corporations is going to have a high cost.

I rate F5 BIG-IP Advanced Firewall Manager (AFM) a seven out of ten.

F5 BIG-IP AFM is deployed on-premise and in the cloud.

We are using F5 BIG-IP AFM mostly for financial services.

F5 BIG-IP AFM has improved the way our organization functions.

The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.

F5 BIG-IP AFM is very good.

The scalability of F5 BIG-IP AFM has been very good.

We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.

The support that we receive from the F5 BIG-IP AFM has been very valuable.

Positive

I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.

The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.

We did the implementation of F5 BIG-IP AFM in-house.

We have seven people that are maintaining F5 BIG-IP AFM.

F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.

I rate F5 BIG-IP AFM a ten out of ten.

CGNAT is one of its strong areas. 

If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.

I have experience with F5 BIG-IP Advanced Firewall Manager (AFM).

It is a highly stable solution. 

It is a scalable solution. 

I think com configuration of (AFM) is comparatively little better than LTM because one is that Sentry is not very feature rich. And because of that reasons, configurations are comparatively easier because when you deploy it as a plain, when you need a firewall or firewall or IPS. So it's it's not very difficult as such.

As per pricing, I would not say cheap, but little higher than cheap, but not very expensive. So you can say kind of value for money solutions.

Overall, i would rate the solution a seven out of ten.