We changed our name from IT Central Station: Here's why

F5 BIG-IP Advanced Firewall Manager (AFM) OverviewUNIXBusinessApplication

F5 BIG-IP Advanced Firewall Manager (AFM) is #10 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. PeerSpot users give F5 BIG-IP Advanced Firewall Manager (AFM) an average rating of 10 out of 10. F5 BIG-IP Advanced Firewall Manager (AFM) is most commonly compared to Radware DefensePro: F5 BIG-IP Advanced Firewall Manager (AFM) vs Radware DefensePro. The top industry researching this solution are professionals from a computer software company, accounting for 31% of all views.
What is F5 BIG-IP Advanced Firewall Manager (AFM)?

F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network. Built on F5’s industry-leading BIG-IP hardware and software platforms, BIG-IP AFM provides a scalable platform that delivers the flexible performance and control needed to mitigate aggressive distributed denial-of-service (DDoS) and protocol attacks before they overwhelm and degrade applications and infrastructure availability.

For service providers, BIG-IP AFM IPS does even more, protecting the network edge and performing traffic inspection and protocol adherence for prevalent service provider protocols such as SS7, Diameter, HTTP/2, GTP, SCTP and SIP traffic coming into the network over UDP, TCP, and SCTP.

F5 BIG-IP Advanced Firewall Manager (AFM) was previously known as F5 AFM, F5 Advanced Firewall Manager.

Buyer's Guide

Download the Distributed Denial of Service (DDOS) Protection Buyer's Guide including reviews and more. Updated: January 2022

F5 BIG-IP Advanced Firewall Manager (AFM) Customers

City Bank, Ricacorp Properties, Miele, American Systems, Bangladesh Post Office

F5 BIG-IP Advanced Firewall Manager (AFM) Video

Archived F5 BIG-IP Advanced Firewall Manager (AFM) Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Security Engineer at a tech services company with 201-500 employees
Real User
Offers good IP geolocation, IP intelligence, and DDoS features and good scaling options
Pros and Cons
  • "We use three main features. The first one is access control. The second feature we use is called IP intelligence. Finally, we have a DDoS safety feature."
  • "Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now you will be allow IPs that you previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve."

What is our primary use case?

We use three main features. The first one is access control. Access control would mainly use the IP geolocation feature. This feature in AFM lets you limit access to some countries and allow other countries. Some countries can access your service while others cannot access it. This is one feature which is called IP geolocation. 

The second feature we use is called IP intelligence. It's another feature of F5. It's like a straight feed for all blacklisted IP addresses in the world. They make categories for the blacklisted IP addresses, such as blacklists to a channel, blacklisted proxies, blacklisted malicious malware, and blacklisted spammers. If anyone of these IPs is trying to hurt your service, we are able to just block it with the AFM firewall, which is a separate license in essence. We utilize this license as well. 

Finally, we have a DDoS safety feature. AFM provides protection for the network from a DDoS attack. We use this feature at times too. These are the only three features we utilize: IP geolocation, IP intelligence, and DDoS.

What needs improvement?

Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve.

I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.

For how long have I used the solution?

We've been using this solution for four years now.

What do I think about the stability of the solution?

I would say it's a good, stable solution. We haven't had a major issue with the AFM.

What do I think about the scalability of the solution?

They have many options to scale. They have a very stable, versatile FM, but we rely on the physical units. I can see that it's very scalable. Whatever you want to add, you can add to the same cluster.

How are customer service and technical support?

Sometimes technical support is good and sometimes they are bad, so I can evaluate them around 80%.

What other advice do I have?

It's a good solution only for a published service. If you are publishing services outside the company, it's very good for us, but the biggest lesson is that it cannot be applied internally to replace a data center firewall. Sometimes, a company will introduce F5 to the place as a data center firewall. It's not a replacement for the DC firewall. It cannot replace the data center firewall but can be added to the service.

I would rate this as eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Oluwatosin Omojola
Systems Engineer at Datasure Solutions
Real User
Enables us to configure the product to the client's exact needs with unprecedented flexibility
Pros and Cons
  • "This product excells in every aspect from installation and the interface to providing superior network security."
  • "This would be absolutely the best network security solution if the price were not so high."

What is our primary use case?

I use F5 AFM (Advanced Firewall Manager) for several solutions including firewall, load balancing, and security.

How has it helped my organization?

The F5 product has one thing that is remarkable. I do not have any two deployments for customers that are exactly the same. There are so many opportunities to configure the product to the client's exact needs that it offers unprecedented flexibility.

What is most valuable?

I would have to say that F5 excels in all aspects of network protection. There are five modules and I have yet to use them all. I use the LTM that's Local Traffic Manager, then I've worked with APM or Access Policy Manager, and I've worked with AFM which is Advanced Firewall Manager.

 If I were a CPO of an organization, I would just get F5 in my infrastructure to perform all the network security activities. I could just do that if I have the budget rather than bringing in separate solutions like Barracuda from one vendor and then bringing one other solution from another vendor. This is a unified solution that is already integrated and optimizes performance.

F5 will do load balancing, security, act as the firewall and F5 excels in executing all of them. How it gets deployed depends on the customer and on what particular features the customers want. From a deployment perspective, F5 is excellent in all of them.

What needs improvement?

I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.

For how long have I used the solution?

We have been using the solution for more than four years.

What do I think about the stability of the solution?

I can vouch for the stability of F5. The product has been around for a while now. In fact, there is a particular claim that they use in their marketing and we have experienced. We have had some customers where we find that in the environment they have very old, end of life cycle, machines that are still running their F5 instance. 

Even though the product is 'end of life' F5 company is very committed to supporting it. So the improvements keep coming out. It is technically not 'end of life' because they still support it. We have not had any customer that complained that "Oh they are billing me for the F5 system because of one upgrade." It's very, very stable, it's reliable once it is deployed. It's just there once it is deployed and there is nothing to worry about.

What do I think about the scalability of the solution?

F5 is also highly scalable. You can easily upgrade from one version to the next or even upgrade the machine. The hardware is scalable. We can and have easily upgraded a deployment either by turning on or applying a license. As for the machine, you can upgrade the physical hardware or you can use a virtual machine because they have a Virtual Machine Edition. The scalability is versatile and straightforward.

How are customer service and technical support?

I find the technical support to be top-notch. I rarely have to contact technical support. The only time I do is if I think I don't have time to do research on my own by taking the time to look things up by reading community posts. If I can just quickly contact technical support, sometimes it makes more sense. Whenever I have contacted technical support, they call back within the hour. It also depends on the severity of the issue that you're reporting. When you submit a ticket, you have severity level 1, 2, 3, 4. So, the response time depends but whatever the case is. But the technical support are always responsive. They call you and they stay with you till the situation is resolved.

There was only one case I reported that they did not resolve immediately. The engineer could not find a solution to the issue. They had to do something to actually change the OS. They have a special way to address this kind of problem. They call it the engineering hot seat. That engineering hot seat solution had to come out as an update in the next version. So, that's how professional and resourceful technical support is. They're fantastic.

How was the initial setup?

The product is easy to install. It's straightforward. In fact, the first time I deployed F5, it was my very first experience doing an installation of the product. It was my very first experience using F5 and I deployed it for an Enterprise customer and it was successful. That was my first time using it and it was successful. If you follow the guidelines that they give you, it says "do this, do that," and it is very very easy. 

There have been applications that I have installed with terrible navigation. You can't move from point A to point B, C, and D. Or by the time you get to D you can't get back to A. F5 just works. It is easy to navigate and install.

What about the implementation team?

We deploy this product ourselves for clients, and as I mentioned it is easy to do even for the first time.

What's my experience with pricing, setup cost, and licensing?

The product is a little expensive but it is such a good solution and unified that the cost is worth the price.

Which other solutions did I evaluate?

We have evaluated and also recommend other solutions when the client does not have the budget to go with F5. For example, we used some Cisco solutions which are also expensive but they are not as versatile and easy to deploy and manage.

What other advice do I have?

I have not had any deployments that are exactly the same. For example, if I deployed everything as a solution for customer A and for customer B I do deployments with the same set of applications, and even then there are differences in the deployment. In all the experiences I have had, they have never been the same in my entire four-year experience installing the product. That shows how broad F5 is in its ability to manage situations and customize the experience for specific organizations.

It is usually the case that customers tell us what they want to achieve. They tell us what the need is in their network or in their infrastructure, or they tell us the solution that they expect as a result and then we make a recommendation. If we make the recommendation and they are impressed with the capabilities that the solution can achieve, then they go for it if they have the budget. If they do not have the budget or they don't like what we propose we can give them a different plan.

In most cases, our customers have taken the time and have done their research very well. They just say, "okay, we need this product or solution and I want this product deployed." In most cases, we don't even get to do a recommendation because they have done their research. They have come to a conclusion as to what product meets their needs whether it is because of the name or the advertising. In my opinion, it may not always be the best solution, but they are the client so we give them what they ask for.

The dashboard and the interface for F5 are fantastic. That is really something that is remarkable. It is unlike any other solutions that I've worked with. For example with Cisco, many of the things that you want to do you have to take care of on the command line. It is not very convenient. With F5 you find everything in the interface. There is hardly anything that you want to do with F5 that you can't do from the GUI.

In terms of analytic reporting, the product has very good detailed analytics that comes with the product that you can access on the dashboard. There is also analytics and analysis with visibility reporting. The module that is dedicated for that gives you a fine grain access into everything that you want to see and report on immediately. With everything I want to do for the client in F5, the GUI allows me and maybe this makes a big difference for me in the evaluation of the product because of its ease of use. The dashboard is fantastic and the GUI is excellent.

What I find most impressive about F5 is that, as long as you know what you want to do, as long as we know what you want to achieve, you find the solution there. Let me restrict this example to the LTM (local traffic manager). Let's say, for instance, you want to deploy your application and then there is a feature you want to add or you want to introduce some kind of logic you want to introduce that you cannot find in GUI or it doesn't even come packaged with the box. If you have an idea of what you want to do, you can program it in.

There is a feature you can use to introduce some programmability into the box. It really just comes down to you knowing what exactly you want to achieve. If it doesn't come already pre-programmed as part of the package, this feature will allow you to program it in yourself. There is hardly anything you would want to do that F5 cannot do for you.

On a scale from one to ten, where one is the worst and ten being the best, I would rate this product as a nine. The only reason I will not give them a ten is because of the cost. But based on functionality and ease of deployment, scalability, reliability, overall security and functionality, I give them nine. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about F5, Radware, NETSCOUT and others in Distributed Denial of Service (DDOS) Protection. Updated: January 2022.
564,322 professionals have used our research since 2012.
Diego Gullo
IT Service Delivery Manager at Consys.it
Real User
Blocks various attacks and mitigates disasters from occurring
Pros and Cons
  • "It blocks various attacks and mitigates disasters from occurring."
  • "We needed to protect the database but the solution didn't offer a certain feature to do so."

What is our primary use case?

We use the on-prem model of this solution. Our primary use case is to protect our software with a firewall.

How has it helped my organization?

This solution has improved security. We also use it to protect various customer's software. 

They offer good video material to implement this solution. It's a mature product. Imperva is a competitor but this solution is the market leader.

It blocks various attacks and mitigates disasters from occurring. 

What is most valuable?

The most valuable feature is that you can implement it in a positive or negative model. Most customers implement the protection with a negative model because implementing with a positive model is not simple. We need help from the development team.

What needs improvement?

It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. 

The database is not simple. It's not easy to understand. 

We needed to protect the database but the solution doesn't offer certain features to do so.

Customers have requested container features. 

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

It's very stable. 

How are customer service and technical support?

The technical support depends on who is helping you. Global support is good. Sometimes the representative is not so knowledgable about this product. 

Which solution did I use previously and why did I switch?

I was previously using Imperva but my company wanted to switch to F5. 

How was the initial setup?

The initial setup was very easy. 

What other advice do I have?

This is a good product. I would recommend this solution to anybody evaluating it. 

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Computer & Network Security Professional at a financial services firm with 10,001+ employees
Real User
Helps improve the security of my environment and has a straightforward setup
Pros and Cons
  • "I find the signature base is very helpful to see traffic"
  • "We would have preferred to have support when we first started"

What is our primary use case?

I am using this solution to protect my web services.

How has it helped my organization?

It helps improve the security of my environment.

What is most valuable?

I find the signature base is very helpful to see traffic, to see the increase in web traffic.

What needs improvement?

The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.

For how long have I used the solution?

I have been using the solution for 1 year.

How are customer service and technical support?

You don't necessarily call for technical support that gets deployed like Cisco does. With this, you have to go and look for all the support separately for the deployment and stuff like that. It makes work a little tiring. Otherwise, support is fine. It's just a question of how they are going to help you on the deployment when something is broken.

How was the initial setup?

The initial setup was straightforward. It's not too complex. We were very careful to not cause an outage. The implementation strategy was to keep it in transference mode to observe it for a while before we pushed it through to preventive mode.

What about the implementation team?

I used a software team and had a little help from Google. We would have preferred to have support when we first started, instead of having to hire an engineer which charged us a little.

Which other solutions did I evaluate?

We didn't really evaluate other options. They were the top one at the time, so we decided to go for that.

What other advice do I have?

There should be more qualified support, like training videos or how to install features. 

I would rate the solution 8 out of 10. If the user interface was more user-friendly, I'd rate it higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.