Try our new research platform with insights from 80,000+ expert users

F5 Advanced WAF vs Wallarm NG WAF comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (14th)
F5 Advanced WAF
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
69
Ranking in other categories
Web Application Firewall (WAF) (2nd)
Wallarm NG WAF
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
5
Ranking in other categories
Web Application Firewall (WAF) (36th), API Security (12th)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Richard Polyak - PeerSpot reviewer
Easy event identification, highly stable, and customizable
Generally, F5 Advanced WAF initial setup is straightforward. However, our environment was more complex and it took us a little more time to customize the solution to where we needed it to be. Additionally, the customization didn't rectify everything. We had to do customization to a certain event to prevent attacks that it wasn't catching, but that might not necessarily be the solutions' fault. It could be more of our setup than the solution's fault and not being able to run the latest version or the newer version could be more of a limitation on our ability to put it in the right place. The whole implementation to have the solution run at the level we wanted it to take approximately five months. Our company's environment is one that we can't put a canned solution in front of. Our environment, cannot have a canned solution that might fit everybody else because of how customized this environment is. It does need a lot of tuning to meet our environment's requirements. I rate the initial setup of F5 Advanced WAF a three out of five.
it_user666765 - PeerSpot reviewer
Deployment is simple. Machine learning techniques lower the false-positives alerts rate.
The use of a WAF becomes especially relevant in the case of concrete vulnerabilities, such as those uncovered via penetration tests or source code reviews. Even if it were possible to fix the vulnerability in the application promptly and with a reasonable amount of effort, the modified version can generally only be deployed at the next maintenance interval; often 2-4 weeks later (a patch dilemma). For a WAF with whitelisting, vulnerabilities can be fixed promptly (hotfix) so that they cannot be exploited before the next scheduled maintenance. WAFs are especially fast in this aspect, meaning they can collaborate with source code analysis tools, so that detected external vulnerabilities can automatically result in a recommended rule set for the WAF. A WAF is particularly important in securing productive web applications which themselves in turn consist of multiple components and which cannot be quickly changed by the operator; e.g., in the case of poorly documented applications or regarding third-party products without sufficient maintenance cycles. A WAF is the only option for promptly closing external vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Even when there is a high load on our servers, Cloudflare is able to cache the data and serve it to users, ensuring they can still access the website."
"When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers."
"The attacker won't have details since my public IP is anonymous. It offers us good privacy."
"The solution offers the flexibility to control configuration rules."
"The tool is user-friendly."
"The solution automatically detects and responds to certain types of traffic based on geolocation."
"Cloudflare consolidates various capabilities into one product, streamlining processes."
"I rate its stability a ten out of ten."
"The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features."
"The best solution for WAF."
"There is no need to worry about updating signatures because WAF will automatically update the signatures for you."
"F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb."
"The web application firewall itself is most valuable. It provides positive security and negative security. In negative security, it blocks a task such as cross-site scripting, code injection, etc. In positive security, it lets you specify and enforce things, such as the parameters allowed in username and password fields and the number of characters allowed in a field."
"The most valuable features of F5 Advanced WAF are the overall capabilities, there is not a comparable solution on the market."
"The most valuable features of this solution are the WAF protection, Data Safe, and the seven-layer DDoS."
"The AOF solution provides numerous security features."
"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."
 

Cons

"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"We're facing challenges due to an upgrade in the machine learning model. The problem arises from some users abusing the APIs, resulting in an influx of suspicious traffic. Cloudflare's learning model mistakenly identifies this traffic as human. Consequently, it assigns it a higher trust score, akin to legitimate human traffic, causing complications in our architecture. Previously, such traffic would have been categorized as suspicious, enabling us to apply appropriate blocking rules. However, we encounter difficulties distinguishing between genuine and suspicious traffic with the new categorization. Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor."
"Support response time could be improved."
"The documentation could improve for Cloudflare DNS."
"Cloudflare's console should be made more user-friendly."
"Technical support is not well developed. While there are good engineers, Cloudflare does not offer hands-on technical support to fix customer problems but rather a self-service model."
"Even if I wanted to, I wouldn't be able to buy Cloudflare in my country."
"Cloudflare should add more documentation and pricing to the cloud version."
"F5 needs to improve API protection with a single F5 solution, without requiring additional modules."
"I would say their graphical interface, the GUI. I don't like the GUI as much as before."
"More legacy protocols should be added to the solution."
"The solution's dashboard could be improved. When you're moving from policy to policy, the logs and the integration of the logs in other systems aren't straightforward."
"We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement."
"I would not expect traffic details to pass through the web application firewall across the length of the whole application. I think that there is a web application where it can let the application function without traffic going in into the WAF."
"They should work on the virtualization of NGINX."
"One area for improvement in the product is its SSO integration, which posed challenges and required significant effort to resolve."
"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."
 

Pricing and Cost Advice

"There are no additional costs beyond the standard licensing fees."
"I believe their performance has improved, but I'd like to refrain from discussing the pricing aspect related to the cloud. The pricing, in my opinion, could be simplified, and I think they should consider reevaluating the pricing for support, as it can be quite high. At times, this cost can make it challenging to choose CARFAGuard or opt for the support."
"When you compare Cloudflare DNS to other solutions, such as Akamai, the price is reasonable."
"The price is reasonable."
"Cloudflare's pricing is not much higher and is good for middle-level organizations."
"We are using the free version."
"I think the pricing is competitive. I think as far as licensing is concerned it's pretty straightforward because it's based on domain. It's just that sometimes domains could be tricky with some customers."
"We don't have any issues with the price."
"Pricing for this solution is higher than average."
"The pricing of F5 Advanced WAF is more expensive than other solutions like Radware and CD18, it is quite high."
"F5 bundles up services and the bundle is what you pay for rather than individual components."
"After buying the program, you just pay for the support every year."
"It is expensive. Its price should be better. Its licensing is on a yearly basis. Its licensing is also based on the model. There are no additional costs."
"I rate F5 Advanced WAF's pricing a three out of ten."
"The pricing is too high."
"F5 Advanced WAF is not a cost-effective solution. Although they are attempting to reduce prices with their VE and cloud options, they are more expensive than other solutions. The solution is more expensive on average."
"​Pricing must be cheaper than the competition and the licensing must be good.​"
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
18%
Computer Software Company
13%
Comms Service Provider
9%
Financial Services Firm
8%
Financial Services Firm
15%
Computer Software Company
13%
Government
8%
Comms Service Provider
6%
Computer Software Company
21%
Real Estate/Law Firm
9%
Comms Service Provider
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What do you like most about F5 Advanced WAF?
It's a fairly easy-to-use and user-friendly tool. My administrators and team also like its ability to customize the r...
What is your experience regarding pricing and costs for F5 Advanced WAF?
Subscription models have competitive pricing, while perpetual licenses involve an upfront higher cost, leading to amb...
What needs improvement with F5 Advanced WAF?
F5 Advanced WAF sells perpetual licenses as perpetual assets during sales without informing me that support ends afte...
Ask a question
Earn 20 points
 

Also Known As

Cloudflare DNS
No data available
Wallarm NG-WAF
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
MAXIMUS, Vivo, American Systems, Bangladesh Post Office, City Bank
Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.
Find out what your peers are saying about F5 Advanced WAF vs. Wallarm NG WAF and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.