Try our new research platform with insights from 80,000+ expert users
Import Comliance Specialist at Silicon21
Real User
Top 20
Empower critical applications with comprehensive protection and enhanced security capabilities
Pros and Cons
  • "F5 Advanced WAF is a comprehensive community platform with a strong commitment, making it valuable for businesses."
  • "I would like to see improved features in the F5 Advanced WAF solution, especially with a focus on enabling Kubernetes fully."

What is our primary use case?

I was in charge of the F5 on-premises solution, where I published several applications for certificate verification and protected various applications. Additionally, I was working with botnets.

What is most valuable?

F5 Advanced WAF is a comprehensive community platform with a strong commitment, making it valuable for businesses. The capabilities on GitHub are highly appreciated, allowing me to count on F5 for reliability.

What needs improvement?

I would like to see improved features in the F5 Advanced WAF solution, especially with a focus on enabling Kubernetes fully. The database needs better service discussions and updates on communication. Additional improvements could also be made in asset management for the data.

For how long have I used the solution?

I've been working with F5 for what seems like a lengthy period.

Buyer's Guide
F5 Advanced WAF
April 2025
Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
849,190 professionals have used our research since 2012.

What do I think about the stability of the solution?

F5 is logistics-oriented, ensuring that the Webpack performs well in making every single case for the Stereo platform.

What do I think about the scalability of the solution?

F5 is scalable, especially for Stellar and virtualization processes. Customers can scale efficiently.

How are customer service and support?

F5's technical support team is commendable. They are professional and take high-priority prompts seriously.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

My experience includes comparing F5 with FortiWeb. F5 provides more security capabilities for applications than FortiWeb.

How was the initial setup?

The initial setup of the F5 Advanced WAF solution involves multiple stages and might require revisiting configurations based on customer needs. The setup can be complex compared to other options.

What about the implementation team?

I am part of the deployment and implementation team, and we follow a strategy that involves providing quality assurance to ensure data integrity and server protection. Collaboration and dialogue with customers are part of the implementation.

What was our ROI?

Customers have shown consistent ROI with F5 solutions, especially when daily requests come in for assistance.

What's my experience with pricing, setup cost, and licensing?

The user interface and sub-management prices can be a concern, however, they generally align with the industry's needs.

What other advice do I have?

I recommend the F5 Advanced WAF solution for everyone with critical applications. Security needs to be embedded within the full visualization pipeline, allowing significant savings. I rate F5 Advanced WAF at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
RoiNahari - PeerSpot reviewer
CEO at CyberApp
Real User
Top 5
Bot protection capabilities enhance application security
Pros and Cons
  • "The whole mechanism of F5 Advanced WAF is effective."

    What is our primary use case?

    I am working with an integration and security company that collaborates with various vendors. I am currently dealing with F5 Advanced WAF.

    What is most valuable?

    The whole mechanism of F5 Advanced WAF is effective. It contains the logic of both negative and positive security combined, providing added value to the company I work with to protect their applications.

    What needs improvement?

    I do not have anything in mind right now that needs improvement. Generally, it works well. If we need any specific feature, we approach F5 directly.

    For how long have I used the solution?

    I have probably used it for ten years or so.

    How are customer service and support?

    I do not need them much because my team is professional. If there is a bug, the support is usually understanding and resolves issues.

    How would you rate customer service and support?

    Neutral

    What's my experience with pricing, setup cost, and licensing?

    The price is affordable and satisfactory.

    What other advice do I have?

    One of the best features is the bot protection capabilities. I rate the product eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    F5 Advanced WAF
    April 2025
    Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
    849,190 professionals have used our research since 2012.
    Saeid Khanipour Ghobani - PeerSpot reviewer
    IT Manager at Technology Evaluation Center
    Real User
    A robust solution for large companies that includes vCMP-like visualization
    Pros and Cons
    • "The solution uses AI to protect against botnet attacks."
    • "The solution should include protection against web page attacks like what is available in FortiWeb."

    What is our primary use case?

    Our company installs the solution for customers who require more features than are available with FortiADC. 

    One of our customers is a bank that has API for both web and mobile applications. We use the solution to load balance and provide protection for the API requests that come from customers to the application server. With more than 200,000 DNS requests per second, the solution's advanced features are the best fit to the customer's needs. 

    What is most valuable?

    The solution uses AI to protect against botnet attacks. 

    The solution has a vCMP-like feature that allows you to visualize more than two  TMOS at the same time on your hardware. This feature is not available with other solutions. 

    What needs improvement?

    The solution should include protection against web page attacks like what is available in FortiWeb. 

    The solution should integrate with Kubernetes. I believe there is a new ADC planned for the end of 2022 that will accomplish this goal. 

    For how long have I used the solution?

    I have been using the solution for six years. 

    What do I think about the stability of the solution?

    The solution is super stable with extra chassis space. 

    We sometimes use solution to its maximum capacity and it is still stable with no crashes. 

    What do I think about the scalability of the solution?

    The solution is super scalable. 

    FortiADC is a good solution for small or mid-sized companies but F5 can handle the largest companies. 

    Across all of our customers, we have more than a million users at the same time with no issues.

    How are customer service and support?

    I have not needed technical support. 

    How was the initial setup?

    The initial setup is more complex than FortiADC and takes about twice the amount of time. 

    What about the implementation team?

    Our company provides setup and deployment for our customers. 

    What's my experience with pricing, setup cost, and licensing?

    The solution is very expensive so should only be used in the right environment. I believe each device costs around $20,000 and includes a three-year license. 

    I rate the cost a ten out of ten. 

    Which other solutions did I evaluate?

    We do not consider other options for large companies but do install FortiADC for small to mid-sized companies. 

    What other advice do I have?

    It is important to know your network and assess your needs such as dust protection, VAT, and load balancing before deciding if FortiADC or F5 are the best solution.  

    F5 is expensive so is only appropriate for large companies with high-level use. 

    I rate the solution a nine out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Muhammad Salahuddin - PeerSpot reviewer
    Unit Head - Network and Security Solutions at FPM Solutions
    Real User
    Their support engineers are experts who always provide the right solution,
    Pros and Cons
    • "F5 technical support is excellent. They are experts who always provide the right solution, and they understand the problem. Their response and resolution times are good."
    • "Nevertheless, F5 products are generally considered to be hard to deploy."

    What is our primary use case?

    In Pakistan, the banking and financial sector requires F5 WAF solutions. I worked with other companies that had more clients, but my current company is a start-up. We have Palo Alto business, but we're trying to get F5 business.

    What is most valuable?

    F5 products are highly stable, top-notch solutions, and we have also the expertise to deploy and design the F5 and Palo Alto product lines. I have more than 10 years of experience with F5 and Palo Alto. I have deployed around F5 products for around seven or eight customers of F5.

    What needs improvement?

    F5 should consider adding network detection and response.

    For how long have I used the solution?

    We have been using F5 solutions for two years, including load balancers and Advanced WAF.

    What do I think about the stability of the solution?

    Advanced WAF is highly stable.

    What do I think about the scalability of the solution?

    F5 products are scalable, and they have an excellent R&D department. Their product is constantly maturing.

    How are customer service and support?

    F5 technical support is excellent. They are experts who always provide the right solution, and they understand the problem. Their response and resolution times are good.

    How was the initial setup?

    Advanced WAF is a difficult product for new users, but it's not too challenging if you have experience. Nevertheless, F5 products are generally considered to be hard to deploy. 

    What's my experience with pricing, setup cost, and licensing?

    F5's hardware product line is called BIG-IP, and they have many software licenses for IP DNS, Advanced WAF, APM, anti-spam, etc. We have around 10 licenses.

    What other advice do I have?

    I rate F5 Advanced WAF 10 out of 10. I would highly recommend the entire F5 product line.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Richard Polyak - PeerSpot reviewer
    Sr. Architect at NBC Universal
    Real User
    Top 20
    Protects our environment and is easy to use and scalable for our needs
    Pros and Cons
    • "Identification, ease of use, and ease of modifying it to most of our needs are valuable."
    • "There should be more ability to rate limit certain scenarios. The majority of the time, it is either on or off. For certain types of use cases, there should be the ability to rate limit, not just enable or disable."

    What is our primary use case?

    It protects our public entities. Its use case is very directed at a resolution of security.

    How has it helped my organization?

    It protects our environment. It protects our entities.

    What is most valuable?

    Identification, ease of use, and ease of modifying it to most of our needs are valuable.

    What needs improvement?

    There should be more ability to rate limit certain scenarios. The majority of the time, it is either on or off. For certain types of use cases, there should be the ability to rate limit, not just enable or disable.

    It is a very CPU-intensive application. I understand why, but I'm hoping that they could optimize the CPU utilization a little bit better.

    For how long have I used the solution?

    I have been using this solution for eight years.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It is very scalable for what we need. It is a public-facing service. So, everybody on the internet would be able to utilize this type of service.

    We are exploring areas to increase its usage.

    How are customer service and support?

    I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We used other public entities for similar use cases.

    How was the initial setup?

    It is pretty straightforward. A typical setup for these types of projects takes three months.

    What about the implementation team?

    It is all done in-house. We do everything in-house. 

    In its maintenance, I and other people are involved. The daily operations, which include modifying policies, are up to the individual application owners because they understand their applications a lot better than I or our standard operating team would. So, their usage might go higher than mine.

    What was our ROI?

    We have very much seen an ROI. It protects our revenue stream.

    What's my experience with pricing, setup cost, and licensing?

    The way we deployed it, I would rate it a four out of five in terms of pricing.

    What other advice do I have?

    I would advise doing your homework. It could be very simplified, or it could be very complex, but definitely, do your homework with the owners of the application because they understand the application more than certain people.

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer2586870 - PeerSpot reviewer
    Senior Network Engineer at a comms service provider with 11-50 employees
    Real User
    Top 10
    Harness comprehensive security to protect web applications from modern threats
    Pros and Cons
    • "The most valuable feature of F5 Advanced WAF is its extensive set of capabilities for application protection, including DDoS prevention, and its ability to work with Pentesters and external scanners to observe user activity and eliminate false positives."
    • "It's a powerful tool yet can be complex for new users."

    What is our primary use case?

    F5 Advanced WAF is used for the protection of applications from current web threats, including DDoS attacks. It provides a comprehensive security solution that incorporates different protection levels.

    What is most valuable?

    The most valuable feature of F5 Advanced WAF is its extensive set of capabilities for application protection, including DDoS prevention, and its ability to work with Pentesters and external scanners to observe user activity and eliminate false positives. This comprehensive approach to application security enables an organization to protect its web applications from diverse web threats effectively.

    What needs improvement?

    All features of Advanced WAF offer numerous functions, which means tuning configuration is not simple. It's a powerful tool yet can be complex for new users. Future updates should ensure not to break the current state, as users are concerned the new version may not meet current standards.

    For how long have I used the solution?

    I have been using F5 Advanced WAF for more than ten years.

    What do I think about the stability of the solution?

    F5 Advanced WAF is considered a stable product, and I would rate it as ten out of ten in terms of stability.

    What do I think about the scalability of the solution?

    The solution's scalability is solid, with the option to increase capabilities through licensing and adding modules in the virtual edition. However, it requires additional expenses, so I would rate it as a seven or eight out of ten.

    How are customer service and support?

    F5 provides one of the best technical supports, though there have been a few cases where customers were dissatisfied due to response speed. However, in general, their support is highly efficient and knowledgeable.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In the past, Imperva was the leading solution, however, now F5 is preferred as it offers a superior solution according to customer feedback.

    How was the initial setup?

    Deploying the solution, including initial configuration, licensing, addressing, and enabling WAF, could take one to three hours. However, for a comprehensive setup, considering external factors and optimizations, the process could take up to a month.

    What about the implementation team?

    I handle installations and other related aspects by myself, without any additional help.

    What was our ROI?

    There are numerous benefits for end customers, as a secure application helps prevent potential breaches and ensures the safety of customers' data, especially in sensitive sectors like banking.

    What's my experience with pricing, setup cost, and licensing?

    F5 Advanced WAF is not cheap. That said, it offers numerous features and is known as one of the best solutions in its segment. It provides significant value by offering comprehensive protection for high-stakes environments.

    Which other solutions did I evaluate?

    I work with other vendors, such as Broadcom, Qualys, BeyondTrust, and Trend Micro, depending on the customer's needs and the vision of my company.

    What other advice do I have?

    I would fully recommend F5 Advanced WAF for its feature-rich offerings and high detection rate of threats. I rate it a ten out of ten as it is one of the best solutions available.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Security Specialist at Saman Electronic Payment (SEP)
    Real User
    Scalable and very easy to manage
    Pros and Cons
    • "It's scalable and very easy to manage."
    • "I would like to see a better interface and better documentation compatibility with other products. It's more complicated with OWASP."

    What is our primary use case?

    We use it for ASM and ATF. I am working at the PCI company, and I am a manager of F5. I work with F5 WAF and ASF.

    Currently, I use version 50.1.4, and I'm going to update to the new version, 50.144.1.

    What is most valuable?

    I like the solution for ASM. There is an online update certification, but access is locked so we couldn't use it.

    What needs improvement?

    I would like to see a better interface and better documentation compatibility with other products. It's more complicated with OWASP.

    F5 has a learning university, but it's very complex. I teach other people, and it can be confusing with the different versions of software. It's very hard to support that.

    For how long have I used the solution?

    I've been working with this solution for four years.

    What do I think about the stability of the solution?

    The product is very stable. It is a PCI company, so there are 10,000-12,000 people using the solution. 

    My TLS connection is unlimited, so I have a lot of clients because of internet payments. All of the internet payments are behind the ASM for the F5.

    What do I think about the scalability of the solution?

    It's scalable and very easy to manage.

    Which solution did I use previously and why did I switch?

    I worked with FortiWeb for a few years. It's a good product, but it's not very good for a big company. So we decided to migrate to F5.

    How was the initial setup?

    The initial setup is from a configuration utility.

    What other advice do I have?

    I would rate this solution 9 out of 10.

    In APM or IT intelligence, it's the best. But in the ASM model, it's not as good as a 40G for Palo Alto.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Systems Engineer at Sify Technologies
    Real User
    Top 20
    Securing web applications with API and bot protection while enhancing IP intelligence
    Pros and Cons
    • "The product is used to secure web applications and has the ability to use API templates and bot protection features, such as blocking requests or presenting CAPTCHA pages to end users."
    • "Users would like to have an additional IP intelligence license to handle this within WAF itself without needing to engage with the SOC team."

    What is our primary use case?

    The primary use case is to secure the organization's applications from web-based attacks, securing both web applications and APIs.

    What is most valuable?

    The product is used to secure web applications and has the ability to use API templates and bot protection features, such as blocking requests or presenting CAPTCHA pages to end users. We also implement Swagger files for API security and use custom profiles for device ID threshold management.

    What needs improvement?

    The main improvement needed is related to IP intelligence. Once we start receiving traffic from repetitive IP addresses, we have to report it to the SOC team to block it at the layer four level. Users would like to have an additional IP intelligence license to handle this within WAF itself without needing to engage with the SOC team.

    For how long have I used the solution?

    The solution has been used for three years.

    How are customer service and support?

    Customer service and support depend on the level of support subscribed to, such as silver or platinum support, which determines the response time.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    Deploying the solution involves an application learning and blocking phase. The process includes collecting application data, creating policies, and applying them to lower testing environments like QA or dev before moving to UAT and production. The learning phase is used to handle false positives and fine-tune the policies before going live.

    What about the implementation team?

    The in-house team manages and supports the WAF, handling incidents reported by end users when legitimate traffic is blocked. They update the policies to prevent the recurrence of similar blocks.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and support service levels affect response times from customer service, depending on whether the support level is silver, platinum, etc.

    Which other solutions did I evaluate?

    We are exploring cloud-based solutions like Azure WAF and AWS WAF.

    What other advice do I have?

    I rate F5 Advanced WAF an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free F5 Advanced WAF Report and get advice and tips from experienced pros sharing their opinions.
    Updated: April 2025
    Buyer's Guide
    Download our free F5 Advanced WAF Report and get advice and tips from experienced pros sharing their opinions.