NGINX App Protect Reviews

We use the solution for application firewall purposes. We use both mobile and web applications.

During the NGINX App Protect v1.1 upgrade, we encountered compatibility issues with our existing telecom infrastructure, specifically the load balancer and WAF. These issues manifested as difficulties with the HTTP 1.1 protocol. While attempting to solve the problem through upgrades, we ultimately opted for alternative solutions as the desired effect could not be achieved. This highlights the technical challenges of integrating NGINX App Protect with diverse network components.

I have been using NGINX App Protect for more than five years.

The product is stable.

I rate the solution’s stability an eight-point five out of ten.

The solution is scalable.

The customer service’s response should be faster.

The initial setup is straightforward. For deployment, we configured basic configuration, and after mounting, We observed our application for almost four months. After that, we proceed to enforcement blocking mode. Typically, all our applications are live, so we can't block it on day one. We observed it for a long time, like six months, and then we went into step-by-step blocking mode.

Three people are required for the solution's deployment.

The product is expensive and has a subscription-based licence.

NGINX App Protect's high price and limited support options can be a drawback. While troubleshooting basic issues is manageable, resolving advanced problems through paid support channels can be expensive and experience delays.

I recommend the solution if the client has no financial issues regarding their WAF or LTM solutions. Still, if they are budget constraints, one should think of other options like Fortinet.

Overall, I rate the solution an eight out of ten.

NGINX App Protect can be used as a reverse proxy, internet controller, and for caching.

NGINX App Protect has improved our organization by using the load balancer feature.

The most valuable feature of NGINX App Protect is the reverse proxy.

The price of NGINX App Protect could improve.

I have been using NGINX App Protect for approximately two years.

NGINX App Protect is stable. It is lightweight and fast.

The scalability of NGINX App Protect is good and it is easy to do.

The experience I had with the technical support was good.

We used another solution previously to NGINX App Protect. We switch to testing other solutions.

The initial setup of NGINX App Protect is basic. The full deployment took approximately one day.

We followed the documentation to do the implementation of NGINX App Protect in-house. We have one person that does the deployment and maintenance of the solution.

I have not seen a return on investment, it is too soon. We are only in the testing phase.

There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription.

I rate the price of NGINX App Protect a three out of five.

I would recommend this solution to others because it performs well.

I rate NGINX App Protect a ten out of ten.

The solution has the best traffic management and security management features. In addition, it has good interface and documentation features. Also, it integrates with other solutions.

The solution's technical support could be better.

I have been using the solution for six years.

It is a stable solution.

We plan to increase the solution's usage in our organization.

The solution's technical support team is good. Although, sometimes they ask us to provide the configuration file instead of addressing the current technical issue. Most of the time, the error doesn't need a configuration file to resolve it.

Positive

The solution generates a return on investment.

The solution's price is reasonable. Its license renewal costs around R200,000.

The solution requires essential training to understand the functionality. I rate it a ten out of ten.

I use this solution as a web application firewall.

The most valuable feature is that NGINX uses the command-line interface, making it simple for some users.

Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks.

I've been using this solution for about three years.

App Protect has good stability. 

NGINX is very scalable, which is a great advantage of this product.

The technical support is very good. 

The initial setup was simple and took three to four days.

NGINX is not expensive.

I would rate this solution as eight out of ten.

We are using NGINX App Protect as a web portal and we are planning to use it as an API gateway.

The most valuable feature of NGINX App Protect is its open source.

NGINX App Protect could improve security.

I have been using NGINX App Protect for approximately five years.

NGINX App Protect is stable.

The scalability of NGINX App Protect is good.

Everyone in my company that uses this solution are developers. We have a total of 150 concurrent users.

The support from NGINX App Protect is too expensive. We did not end up receiving support because of the cost.

The initial setup of NGINX App Protect is easy. It took us a couple of days maximum.

NGINX App Protect is low maintenance and we did the implementation in-house with a couple of people.

We have seen a return on investment using NGINX App Protect.

The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner.

I rate NGINX App Protect an eight out of ten.

No solution is perfect, there is always room for improvement.

We use WAF as part of our security solution, protecting applications such as internet banking.

It is used both as a web application firewall and for load balancing. 

The most valuable feature is that I can establish different services from the firewall.

Using the standard configuration, it is very easy to set up.

The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary.

This solution would benefit from having a support portal that can be opened directly from the dashboard.

We have been using the NGINX WAF for five years.

This solution is very much stable. Once it is working, it stays working. We use it on a daily basis.

This solution is not really scalable. Both the virtual appliance and the physical appliance are limited in terms of how much traffic they can handle. If you need to scale up then you need to replace the box with a bigger one.

In my company, we have about 700 users. One of my customers has about 2,500 concurrent users, and another one has about 4,000. These are all internal users. I cannot tell how many external users are connecting from the internet, but it is an enormous number.

It takes time to deal with technical support because they are pretty busy, but when you get the support it is very good. They know what they're talking about.

Prior to using this solution, we tried open-source pfSense. However, most of my customers went to F5.

The initial installation is very simple. However, there is one issue with security certificates.

Any system that you publish that is a secure system needs to have a certificate implemented, and that is always a struggle. We have plenty of customers with this solution, and every time that we get to the step involving the certificate, extra work is required. It never works smoothly. You always have to go and manipulate the certificate and the system just to set it up. I'm not sure about the latest systems, but in the old models, this could not even be done through the GUI. You had to use the command line, even though the certificate is visible in the GUI. A combination of commands is required just to make it work.

The length of time to deploy a basic system is very short. For more complex scenarios, it can be a long process.

We do have a consultant to assist us with deployment. We do the initial configuration, but when it comes to things that don't work then we speak with F5 directly. 

We have two people in place to maintain this product. One is from IT and the other takes care of the networking aspect.

The licensing fees for this solution are pretty expensive for what it does, but there is no alternative. The only alternative is Imperva, but that is even more expensive.

There is not much variety when it comes to web application firewalls that are also load-balancing solutions. Imperva is an alternative, although it is more expensive.

My advice for anybody who is implementing this solution is to plan well. You have to make sure that you plan ahead and know what it is that you want to achieve, then gather all of the relevant information. Otherwise, if you start to configure it and then find out that you don't have the right application server, or the right policy, or the proper certificate to install and configure it, then the installation will be very long. On the other hand, if the plan is very good and you have all of the details in advance, along with the right people to test it, then it should be straightforward.

I would rate this solution an eight out of ten.

We use this solution for protecting published services including website applications, mobile applications, and web applications.

The policies are flexible based on the technologies you use. 

The dashboard could provide a more comprehensive view of the status of the connections.

I have been using the solution for the past two years.

The solution is stable.

The solution is scalable with many licensing options according to client requirements. We have about 800 employees who use NGINX App protect.

Customer support is helpful, and they respond fast.

Initial setup was easy. For the implementation, it takes no time, but it takes some time to learn, understand the traffic, and to build the policies according to the traffic of the applications already implemented.

We have two employees for maintenance. 

We had a partner implement the solution and they were able to do so easily.

There are no additional fees.

This solution provides perfect protection for the published services against all application attacks.

I would rate this a 9 out of 10.

I work with containers. I do the architecting, but there are times when I also do the implementation. So I'm familiar with the products, particularly NGINX.

NGINX App Protect is used in Kubernetes and OpenShift environments.

NGINX App Protect has complete control over the HTTP session. I can experiment with whatever I want. I can start with URLs and cookies. I can work with parameters and everything that I need. I can work with signatures also. I can inspect the traffic whenever I want.

As I see it now, there are some things to improve, but the F5's WAF is, more enhanced when compared to NGINX's. However, they have done a good job adapting it.

It should be automated in some way. 

Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment.

It would be good if some kind of automation was included.

I have worked with NGINX App Protect for at least three or four years.

NGINX App Protect is a stable product. Because it's an additional module, we use it in conjunction with the Ingress Controller, but it can also be run anywhere, as a VM or whatever you need. 

They did an excellent job porting the VSM code to NGINX.

NGINX App Protect is scalable, but, handling the configuration is still time-consuming. It doesn't have a centralized option. They have the NGINX controller and some APIs to do it, but it isn't fully scalable in my opinion.

I've known them for a long time because I began working with F5 more than ten years ago. Even though my primary experience is with F5, and I don't have many tickets open in NGINX in general, the service is quick. But, in my opinion, it's pretty solid.

I began with F5 products such as ASM. It performs the functions of the various firewalls. When NGINX was acquired by F5, they adapted the module for NGINX, which was dubbed App Protect. When this became public, I began to work with NGINX in this case as well.

The implementation process is not simple. If you have more than one, the policy must be created from scratch in YAML files, which is not automated and takes time.

The pricing is reasonable because NGINX operates on an instance basis. There are differences. There is some leeway in how much the instance can cost, depending on the customer and other actions, but it's reasonable in my opinion.

I work as a consultant for a company and am currently evaluating some products.

We are a partner with F5. I am currently evaluating Prisma Cloud because they have a WAF option on Palo Alto and I'm looking into it. But, aside from Prisma, I've never seen the WAF. So I'm attempting to make some comparisons in order to learn the Prisma side and see how it works with NGINX. I downloaded a document to get a head start on it and to form an idea for now.

I would rate NGINX App Protect a seven out of ten.