NGINX App Protect Reviews

We use WAF as part of our security solution, protecting applications such as internet banking.

It is used both as a web application firewall and for load balancing. 

The most valuable feature is that I can establish different services from the firewall.

Using the standard configuration, it is very easy to set up.

The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary.

This solution would benefit from having a support portal that can be opened directly from the dashboard.

We have been using the NGINX WAF for five years.

This solution is very much stable. Once it is working, it stays working. We use it on a daily basis.

This solution is not really scalable. Both the virtual appliance and the physical appliance are limited in terms of how much traffic they can handle. If you need to scale up then you need to replace the box with a bigger one.

In my company, we have about 700 users. One of my customers has about 2,500 concurrent users, and another one has about 4,000. These are all internal users. I cannot tell how many external users are connecting from the internet, but it is an enormous number.

It takes time to deal with technical support because they are pretty busy, but when you get the support it is very good. They know what they're talking about.

Prior to using this solution, we tried open-source pfSense. However, most of my customers went to F5.

The initial installation is very simple. However, there is one issue with security certificates.

Any system that you publish that is a secure system needs to have a certificate implemented, and that is always a struggle. We have plenty of customers with this solution, and every time that we get to the step involving the certificate, extra work is required. It never works smoothly. You always have to go and manipulate the certificate and the system just to set it up. I'm not sure about the latest systems, but in the old models, this could not even be done through the GUI. You had to use the command line, even though the certificate is visible in the GUI. A combination of commands is required just to make it work.

The length of time to deploy a basic system is very short. For more complex scenarios, it can be a long process.

We do have a consultant to assist us with deployment. We do the initial configuration, but when it comes to things that don't work then we speak with F5 directly. 

We have two people in place to maintain this product. One is from IT and the other takes care of the networking aspect.

The licensing fees for this solution are pretty expensive for what it does, but there is no alternative. The only alternative is Imperva, but that is even more expensive.

There is not much variety when it comes to web application firewalls that are also load-balancing solutions. Imperva is an alternative, although it is more expensive.

My advice for anybody who is implementing this solution is to plan well. You have to make sure that you plan ahead and know what it is that you want to achieve, then gather all of the relevant information. Otherwise, if you start to configure it and then find out that you don't have the right application server, or the right policy, or the proper certificate to install and configure it, then the installation will be very long. On the other hand, if the plan is very good and you have all of the details in advance, along with the right people to test it, then it should be straightforward.

I would rate this solution an eight out of ten.

We generally use NGINX with a combination of docker downstream so we have a container running which exposes multiple boards. And in terms on which we are running NGINX directory maps into the ports. So there is a major use case and sometimes we use it for security headers forwarding.

We use it together with AWS, to manage load balancing, topic migration and AV testing.

We use NGINX for security headers, and as a proxy. It is also a very good tool for load balancing.

The contributions I think sometimes take a toll on you like you're going to spend a lot of time on the right contributions. So as a product it is good, but from the development standpoint but if you think about somebody who's not from development background, this won't work. It's not up to speed if you really realize. So the set up process, it's good from a development standpoint. The development was easy to set up because they know that their understanding of the machine that they are going to set it up and take care of everything else.

I have never used techical support.

Yes, it was pretty easy as far as I remember. So this company, everything was previously set up and we had all the predefined user scripts so even though we had come to set it up from scratch.

The solution has the best traffic management and security management features. In addition, it has good interface and documentation features. Also, it integrates with other solutions.

The solution's technical support could be better.

I have been using the solution for six years.

It is a stable solution.

We plan to increase the solution's usage in our organization.

The solution's technical support team is good. Although, sometimes they ask us to provide the configuration file instead of addressing the current technical issue. Most of the time, the error doesn't need a configuration file to resolve it.

Positive

The solution generates a return on investment.

The solution's price is reasonable. Its license renewal costs around R200,000.

The solution requires essential training to understand the functionality. I rate it a ten out of ten.