Try our new research platform with insights from 80,000+ expert users

AWS WAF vs F5 Advanced WAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
71
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (14th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
58
Ranking in other categories
Web Application Firewall (WAF) (1st)
F5 Advanced WAF
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
67
Ranking in other categories
Web Application Firewall (WAF) (2nd)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Rohit Kesharwani - PeerSpot reviewer
A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks
Integrating AWS WAF with other AWS services in our infrastructure is fairly easy. There are different tools through which we can do it. AWS WAF is a fairly easy solution. Users need to build a few rules by themselves based on the vulnerability attack within the application. Overall, I rate the solution a nine out of ten.
Richard Polyak - PeerSpot reviewer
Easy event identification, highly stable, and customizable
Generally, F5 Advanced WAF initial setup is straightforward. However, our environment was more complex and it took us a little more time to customize the solution to where we needed it to be. Additionally, the customization didn't rectify everything. We had to do customization to a certain event to prevent attacks that it wasn't catching, but that might not necessarily be the solutions' fault. It could be more of our setup than the solution's fault and not being able to run the latest version or the newer version could be more of a limitation on our ability to put it in the right place. The whole implementation to have the solution run at the level we wanted it to take approximately five months. Our company's environment is one that we can't put a canned solution in front of. Our environment, cannot have a canned solution that might fit everybody else because of how customized this environment is. It does need a lot of tuning to meet our environment's requirements. I rate the initial setup of F5 Advanced WAF a three out of five.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"The UI is good."
"There are key things that are used for our enterprise customers, such as Lambda and DNS."
"From what I've seen so far, there are no negatives to report as of yet"
"The solution offers the flexibility to control configuration rules."
"Even when there is a high load on our servers, Cloudflare is able to cache the data and serve it to users, ensuring they can still access the website."
"It is a stable solution. I rate the stability a ten out of ten...I rate the scalability a ten out of ten."
"The most valuable feature of Cloudflare DNS is security."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The most valuable feature is the addition of managed tools that help us create customizable rules. In case we want to block a particular request, we can make use of those rules."
"We can host any DB or application on the solution."
"They filter a lot of attacks out."
"The tool’s stability is very good."
"It is Amazon. Everything is scalable. It is beyond what we need."
"It's simple, easy to use."
"The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
"It's scalable and very easy to manage."
"The most valuable feature of F5 Advanced WAF is its extensive set of capabilities for application protection, including DDoS prevention, and its ability to work with Pentesters and external scanners to observe user activity and eliminate false positives."
"The most valuable features of F5 Advanced WAF are SSL uploading, signature, and anomaly detection. It is overall a high-quality solution."
"It is also quite intuitive and user-friendly. They have several webinars that are actually like labs. You can use these webinars to learn about how to use all features of the product."
"The solution's most valuable features include application DDoS protection, bot blocking, and HTTP header verifications."
"The most valuable feature of F5 Advanced WAF is its ability to have a pool of resources that can distribute your traffic, and that is a plus for me. My company tried to look into a competitor, Imperva, but it was lacking that capability, so F5 Advanced WAF outperforms Imperva."
"The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features."
"F5 Advanced WAF helps our engineers to learn the complete configuration, including fundamental and advanced policies."
 

Cons

"Cloudflare could offer a better view or maybe dashboards of the main resources used in the client."
"Areas like how assessment, discovery, and payload are dealt with and how it all comes into your organization can be considered when trying to make suggestions to Cloudflare for improvements."
"It should confirm audit findings of the assigned area with auditees to ensure that the audit conclusions are based on an accurate understanding of the issues."
"The product needs to improve its automation."
"I would like Cloudflare to offer a dedicated account manager for large enterprise clients like us."
"The tool needs to improve caching of servers. The product needs to include PFX certificate as well."
"An integrated SSO feature would be useful for Cloudflare DNS."
"Although I think it's quite good, it doesn't provide me with all the features I would expect to have if I were using Imperva."
"The product could be improved by expanding the weightage units of rules."
"One area that could be improved is the DDoS protection."
"The price could be improved."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"They should make the implementation process faster."
"I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level."
"It's a bit difficult to apply the right rules for the right security."
"The default content policy available in the tool is not very strong compared to the competitors."
"The accuracy of the automatic learning feature needs improvement."
"While F5 Advanced WAF does limit the number of partners in certain regions to ensure successful business transactions, they could also benefit from expanding their partnerships and making it easier for more people to learn about and become experts in F5 Advanced WAF. By doing so, they could increase the reach and exposure of their solution, similar to how Cisco has become widely recognized in the security industry."
"One improvement for AOF could be focusing on enhancing its AI engine to make it more mature."
"The Sandbox integration feature could be improved."
"Scalability could be improved."
"The GUI interface can be confusing due to similar-looking tabs for policy building, traffic learning, and event logs."
"I would like to see additional controls."
"I think the deployment templates can be better."
 

Pricing and Cost Advice

"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"The price is reasonable."
"For Cloudflare, I recommend it heavily for small businesses with revenue under a couple of million dollars. Onboarding is easy, and they even have a free plan. This makes it simple for businesses in the $100,000-$500,000 range to try it out and see its value, allowing them to scale up their infrastructure as needed."
"I believe their performance has improved, but I'd like to refrain from discussing the pricing aspect related to the cloud. The pricing, in my opinion, could be simplified, and I think they should consider reevaluating the pricing for support, as it can be quite high. At times, this cost can make it challenging to choose CARFAGuard or opt for the support."
"The price of the solution is expensive."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"Cloudflare's pricing is not much higher and is good for middle-level organizations."
"It has a variable pricing scheme."
"There are no costs in addition to the standard licensing fees."
"The pricing should be more affordable, especially as it pertains to small clients."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
"AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
"The solution's cost depends on the use cases."
"The price is average."
"The price of the solution is reasonable when compared with other products, such as FortiWeb. I am very satisfied with the price."
"F5 Advanced WAF's pricing is high."
"The pricing is too high."
"I don't have any issue with the pricing of this solution."
"The cost is slightly above average."
"The solution is very expensive so should only be used in the right environment."
"Licensing fees for this solution are paid on a yearly basis."
"It is a little bit costly, but it has all the features that are required."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
831,158 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
13%
Comms Service Provider
8%
Financial Services Firm
7%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
8%
Government
6%
Computer Software Company
15%
Financial Services Firm
15%
Government
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about F5 Advanced WAF?
It's a fairly easy-to-use and user-friendly tool. My administrators and team also like its ability to customize the r...
What is your experience regarding pricing and costs for F5 Advanced WAF?
The setup cost is normal, yet not the best in terms of the commercial aspect. Other competitors like Fortinet are che...
What needs improvement with F5 Advanced WAF?
One improvement for AOF could be focusing on enhancing its AI engine to make it more mature.
 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
MAXIMUS, Vivo, American Systems, Bangladesh Post Office, City Bank
Find out what your peers are saying about AWS WAF vs. F5 Advanced WAF and other solutions. Updated: January 2025.
831,158 professionals have used our research since 2012.