Try our new research platform with insights from 80,000+ expert users

AWS WAF vs F5 Advanced WAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.0
Cloudflare enhances performance, reduces operational costs, and boosts revenue, with reported benefits of $903,000 over three years.
Sentiment score
7.7
AWS WAF adds security, appreciated despite costs, by integrating with AWS to block attacks and protect investments effectively.
Sentiment score
7.8
F5 Advanced WAF provides high ROI with scalable security, efficient onboarding, regulatory compliance, and strong data protection.
WordPress security can be tricky, and that's where Cloudflare can be absolutely helpful for small businesses.
We have had ROI with the tool's use since it never gave us downtime and made us lose millions.
For the small project I was working on, using the basic tier provided a huge improvement at zero cost.
Subscription models offer clearer ROI due to a more competitive pricing scheme.
 

Customer Service

Sentiment score
7.2
Cloudflare's service is praised for responsiveness, but some users face delays, often relying on extensive documentation for solutions.
Sentiment score
6.8
AWS WAF support is generally well-regarded but faces criticism for slow responses and limited flexibility, especially in lower tiers.
Sentiment score
7.1
F5 Advanced WAF support is professional, helpful, but needs quicker responses; higher SLAs offer faster service and better experience.
This would help us address issues promptly, especially during unforeseen events like DDoS attacks.
Cloudflare does not offer hands-on technical support to fix customer problems but rather a self-service model.
We'd like a dedicated account manager.
Resolving issues can take time because the support personnel may lack product expertise, leading to delays.
If there is a bug, the support is usually understanding and resolves issues.
I have interacted with F5's support, and while I have no major complaints, they could improve.
 

Scalability Issues

Sentiment score
8.2
Cloudflare's scalable architecture is praised for efficient traffic handling, seamless expansion, and meeting diverse enterprise needs globally.
Sentiment score
7.9
AWS WAF is highly scalable, effectively handling diverse needs and traffic load, earning positive feedback across multiple sectors.
Sentiment score
7.6
F5 Advanced WAF excels in scalability and adaptability, supporting diverse applications, ideal for medium to large enterprises.
I would rate the solution's scalability a ten out of ten since I didn't encounter any issues with it.
I rate its scalability a ten out of ten because I had no issues with it.
I rate the scalability a ten out of ten.
 

Stability Issues

Sentiment score
7.7
Users praise Cloudflare for improved reliability, effective DDoS protection, and excellent DNS services despite initial configuration needs.
Sentiment score
8.4
AWS WAF is consistently praised for its stability, reliability, and strong performance, with high ratings for dependable service.
Sentiment score
8.5
F5 Advanced WAF is praised for stability and reliability, scoring highly in sectors like banking and telecom.
For DDoS protection, I would not recommend Cloudflare.
I rate the solution’s stability an eight out of ten.
The service is very stable with no impacts during high-traffic periods.
In terms of reliability, I would rate AWS WAF about six out of ten due to the need for improved signature sets.
 

Room For Improvement

Cloudflare users seek better analytics, integration, support, pricing clarity, and enhanced features like caching and multi-user access.
AWS WAF needs better interface, automation, documentation, pricing, rules management, integration, threat detection, user support, and billing.
F5 Advanced WAF needs easier interfaces, better integration, enhanced support, and improved features for user-friendliness and efficiency.
There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features.
Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor.
the ability to integrate with the on-site active directory instead of just AD through Azure AD
Compared to firewalls, WAFs generally provide limited stateful analysis capabilities.
Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF.
Deployment training for F5 Advanced WAF is lacking and restricts growth by being inaccessible and costly for partners.
 

Setup Cost

Cloudflare offers flexible pricing plans from free to $1,500 monthly, ideal for businesses of different sizes and traffic needs.
AWS WAF's flexible and scalable pay-as-you-go pricing suits diverse needs, offering competitive rates compared to other vendors.
F5 Advanced WAF is costly but valued for its advanced features, comprehensive protection, and flexibility in high-stakes environments.
That's where Cloudflare shines for smaller businesses – it's ten times cheaper than Akamai.
I find it to be cheap.
It's cost-effective, but I think they should have a custom pricing model for enterprise customers based on the features you use.
Due to our status as an AWS shop, AWS WAF is cost-effective for us, and we benefit from discounts due to our extensive use of AWS services.
Subscription models have competitive pricing, while perpetual licenses involve an upfront higher cost.
The price is affordable and satisfactory.
 

Valuable Features

Cloudflare enhances performance and security with CDN, caching, DDoS protection, easy DNS management, analytics, and intuitive interface.
AWS WAF offers scalable, user-friendly protection with advanced AI, DDoS defense, and seamless AWS integration at an affordable price.
F5 Advanced WAF offers comprehensive protection with integration, customization, and features like network intelligence, DDoS prevention, and behavior analysis.
Our scenario consisted of two web servers in different allocations to control access demands, and the load balancer did the job as expected, bringing security and stability to access points.
For me, the valuable feature is DDoS protection.
The most valuable features of the solution are performance and security.
The cloud-native nature of AWS is crucial since most of our workload is in AWS, making AWS WAF native to Amazon Web Services.
AWS WAF is not stateful, it offers a time-saving solution with its custom rulesets that enhance security and simplify management.
The perpetual license, despite an initial higher cost, lacks transparency regarding support expiration.
It contains the logic of both negative and positive security combined.
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (14th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
F5 Advanced WAF
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
69
Ranking in other categories
Web Application Firewall (WAF) (2nd)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Richard Polyak - PeerSpot reviewer
Easy event identification, highly stable, and customizable
Generally, F5 Advanced WAF initial setup is straightforward. However, our environment was more complex and it took us a little more time to customize the solution to where we needed it to be. Additionally, the customization didn't rectify everything. We had to do customization to a certain event to prevent attacks that it wasn't catching, but that might not necessarily be the solutions' fault. It could be more of our setup than the solution's fault and not being able to run the latest version or the newer version could be more of a limitation on our ability to put it in the right place. The whole implementation to have the solution run at the level we wanted it to take approximately five months. Our company's environment is one that we can't put a canned solution in front of. Our environment, cannot have a canned solution that might fit everybody else because of how customized this environment is. It does need a lot of tuning to meet our environment's requirements. I rate the initial setup of F5 Advanced WAF a three out of five.
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
18%
Computer Software Company
14%
Comms Service Provider
9%
Financial Services Firm
8%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
Government
6%
Financial Services Firm
15%
Computer Software Company
13%
Government
8%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about F5 Advanced WAF?
It's a fairly easy-to-use and user-friendly tool. My administrators and team also like its ability to customize the r...
What is your experience regarding pricing and costs for F5 Advanced WAF?
Subscription models have competitive pricing, while perpetual licenses involve an upfront higher cost, leading to amb...
What needs improvement with F5 Advanced WAF?
F5 Advanced WAF sells perpetual licenses as perpetual assets during sales without informing me that support ends afte...
 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
MAXIMUS, Vivo, American Systems, Bangladesh Post Office, City Bank
Find out what your peers are saying about AWS WAF vs. F5 Advanced WAF and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.