Try our new research platform with insights from 80,000+ expert users
reviewer1908099 - PeerSpot reviewer
Territory Manager at a computer software company with 51-200 employees
Reseller
Useful balancer, simple policy changes, and scalable
Pros and Cons
  • "The most valuable features of F5 Advanced WAF are the balancer and you can change policies very easily."
  • "The overall price of F5 Advanced WAF could improve."

What is our primary use case?

F5 Advanced WAF can be deployed on-premise or in the cloud. When it comes to local governmental organizations, it's mostly on-premises solutions they use. However, we recommend using virtual ones.

F5 Advanced WAF is used for protecting applications.

What is most valuable?

The most valuable features of F5 Advanced WAF are the balancer and you can change policies very easily.

What needs improvement?

The overall price of F5 Advanced WAF could improve.

For how long have I used the solution?

I have been familiar with F5 Advanced WAF for approximately one year.

Buyer's Guide
F5 Advanced WAF
March 2025
Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.

What do I think about the stability of the solution?

I have not had any customers complaining about the stability.

What do I think about the scalability of the solution?

F5 Advanced WAF is scalable.

How was the initial setup?

The initial setup of F5 Advanced WAF is easy.

I rate the setup of F5 Advanced WAF a four out of five.

What about the implementation team?

The ease of maintenance of F5 Advanced WAF depends from customer to customer. If the company had someone trained or they have an inside person who is reliable for this maintenance, they typically do not have any problems.

What's my experience with pricing, setup cost, and licensing?

The price of F5 Advanced WAF could improve it is expensive.

There can be extra features added at an additional cost.

I rate the price of F5 Advanced WAF a three out of five.

Which other solutions did I evaluate?

Our clients pick this solution over others because it is one of the leading companies in the category.

What other advice do I have?

I can recommend F5 Advanced WAF to any customer because we have experience, and referrals from customers using it within different models. If it comes to WAF, LTM, or whatever. I'm very happy to sell it because it is one of the leading vendors within its line. Our customers within the financial market, such as banking organizations, are very happy with it.

I rate F5 Advanced WAF a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Bonieber  Orofeo - PeerSpot reviewer
Information Security Manager at Chong Hua Hospital
Real User
Top 10
High availability, many features, and scales well
Pros and Cons
  • "The most valuable features of F5 Advanced WAF are the overall capabilities, there is not a comparable solution on the market."
  • "F5 Advanced WAF could improve the reporting. It's a bit difficult to populate, them. If you're not so familiar with the functions, such as where to find the logs and other settings."

What is our primary use case?

We are using F5 Advanced WAF for the applications that we are publishing mainly for intrusion prevention and proxy features.

What is most valuable?

The most valuable features of F5 Advanced WAF are the overall capabilities, there is not a comparable solution on the market.

What needs improvement?

F5 Advanced WAF could improve the reporting. It's a bit difficult to populate, them. If you're not so familiar with the functions, such as where to find the logs and other settings.

In a future release, it would be beneficial to have a DNS boost feature.

For how long have I used the solution?

I have been using F5 Advanced WAF for approximately five years.

What do I think about the stability of the solution?

I rate the stability of F5 Advanced WAF a ten out of ten.

What do I think about the scalability of the solution?

We have approximately 300 users using this solution in my organization.

I rate the scalability of F5 Advanced WAF a nine out of ten.

Which solution did I use previously and why did I switch?

I was previously using NGINX App Protect and we switched to F5 Advanced WAF because the GUI was better.

How was the initial setup?

The full implementation of the solution took approximately eight hours. There are sections of the configuration at can be difficult.

What about the implementation team?

We used a third party to do the implementation.

What other advice do I have?

I rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
F5 Advanced WAF
March 2025
Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
AhmedIsmael - PeerSpot reviewer
Network & Telecom Manager at a retailer with 1,001-5,000 employees
Real User
Combines LTM and ASM in one license
Pros and Cons
  • "F5 Advanced WAF secures our connectivity and combines both the main functions of WAF (balancing and web application security)."
  • "It's sometimes difficult to customize APIs with F5 Advanced WAF."

What is our primary use case?

I use F5 Advanced WAF to secure web applications and load balance for connectivity.

How has it helped my organization?

F5 Advanced WAF secures our connectivity and combines both the main functions of WAF (balancing and web application security).

What is most valuable?

F5 Advanced WAF's best feature is that it's a combination of LTM and ASM in one license.

What needs improvement?

It's sometimes difficult to customize APIs with F5 Advanced WAF, which could be made easier.

For how long have I used the solution?

I've been using F5 Advanced WAF for three-and-a-half years.

What do I think about the stability of the solution?

F5 Advanced WAF is stable.

Which solution did I use previously and why did I switch?

I previously used FortiWeb, but after comparison, I preferred F5.

How was the initial setup?

The initial setup was moderate, and I would rate my experience as four out of five. Deployment took a month because we had to put it in learning mode, customize policies, and get the security signature.

What about the implementation team?

We used a third-party team.

What's my experience with pricing, setup cost, and licensing?

A yearly license for F5 Advanced WAF is expensive. I would rate the pricing at two out of five.

What other advice do I have?

I would give F5 Advanced WAF a rating of nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Solution Architect at Softcell Technologies Limited
Real User
Good stability, valuable features, and fair price
Pros and Cons
  • "The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features."
  • "It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."

What is our primary use case?

We are using it to secure a few applications for our customers. 

What is most valuable?

The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features.

What needs improvement?

It should be a little bit easy to deploy in terms of the overall deployment session. 

One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device.

F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. 

F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall.

For how long have I used the solution?

I have been using this solution almost for a year.

What do I think about the stability of the solution?

It has good stability. Our customers are happy with the implementation. So far, we haven't faced many issues.

How are customer service and technical support?

Overall, it has been good. We get proper support, and we haven't faced any challenges. However, F5 doesn't provide support during the demo or POC time. Other vendors provide technical support for demo or POC, but F5 does not. We have to reach out to the local AC every now and then, which is a difficult task because most of the time, he is in some other meeting or busy with something else. So, he isn't able to support us. They should give us some kind of technical support for demos and POCs. We should be able to reach out to them for completing a POC. It would be an added advantage.

How was the initial setup?

The implementation was quite smooth. We migrated from CloudFlare to F5 without any major issues. The deployment took almost ten months, and it included the implementation and fine-tuning. The customer had three applications.

What's my experience with pricing, setup cost, and licensing?

Its price is fair. We have done a couple of deals where they were able to give some kind of discount to the customers. The price was initially high for the customers, but after a couple of negotiations, it came within their budget. They were happy with that.

What other advice do I have?

I would recommend this solution because it is overall a very good solution. As a company, they are very established and stable, and they have a long legacy in the industry. They have been there in the industry for a long time. On top of that, they have very good solutions. They can just improve their offerings and marketing in terms of the new rebranding.

I would rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
SOC Analyst at a financial services firm with 1,001-5,000 employees
Real User
Gives the ability to play around with the ciphers and has a immediate display of the support IDs when a real blockage occurs
Pros and Cons
  • "My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great."
  • "The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer."

What is our primary use case?

We host public-facing web applications or APIs. There are web applications that are owned by the company that is exposed to the outside. The internal infrastructure is within the premise. We use F5 to protect them. It's an HA model, and we have two sites.

How has it helped my organization?

We need to have an extra layer of protection. We were previously exposed to the public API. The deployment and the rate of deploying web-based applications had increased. After we introduced the web application firewall, it increased our ability to expose more of the services to the public. 

What is most valuable?

My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great.

What needs improvement?

The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer.

For how long have I used the solution?

I have been using F5 Advanced WAF for four years, since 2018.

What do I think about the stability of the solution?

F5 Advanced WAF is a stable solution.

What do I think about the scalability of the solution?

For the initial deployment, from what we were planning to implement, it was scalable. 

We now have other requirements that we need to engage with. They believe we need to increase our license, so we can accommodate more features.

How are customer service and support?

There have been issues in the availability of quick support. For general issues there is no concern. The issue is when you need support right away, but it is not available.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution was deployed using network security. At the time of deployment, the appliance was there, but we did not have any person that was able to accomplish the deployment. It took six months to deploy.

What was our ROI?

We have definitely seen a ROI by using F5 Advanced WAF.

What's my experience with pricing, setup cost, and licensing?

As far as the pricing of F5 Advanced WAF I would rate it a four out of five depending on what features I am looking for. Imperva is more expensive.

The price has remained consistent at a constant rate. There have not been any increases or any unforeseen increases when we're renewing our license. The price is fixed.

Which other solutions did I evaluate?

I reviewed Imperva only to compare pricing.

What other advice do I have?

On the initial engagement, you should try to look on how best you can accommodate the quick support features, as this was a big struggle for us.

Overall, I would rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1877577 - PeerSpot reviewer
Information Security Officer at a computer software company with 11-50 employees
Real User
Top 20
Beneficial enhanced features, performs well, and reliable
Pros and Cons
  • "The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good."
  • "F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features."

What is our primary use case?

We are using F5 Advanced WAF to defend against web application attacks.

What is most valuable?

The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good.

What needs improvement?

F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features.

For how long have I used the solution?

I have been using F5 Advanced WAF for several years.

What do I think about the stability of the solution?

My advice to others is F5 Advanced WAF is a powerful WAF for many years in the market, and it has powerful security features.

F5 Advanced WAF is a stable solution.

What do I think about the scalability of the solution?

I have found that F5 Advanced WAF is scalable but there is a limit.

We have hundreds of people using this solution in my organization.

How are customer service and support?

I have not used the support from F5 Advanced WAF.

How was the initial setup?

The initial setup of F5 Advanced WAF is straightforward, but the process is lengthy.

What about the implementation team?

We did the deployment of F5 Advanced WAF in-house. We have a team that's always ready and aligned with the process of maintaining F5 Advanced WAF.

What's my experience with pricing, setup cost, and licensing?

There are different licenses available to use F5 Advanced WAF, such as BT, ASM, and LPM.

I rate the price of F5 Advanced WAF a four out of five.

What other advice do I have?

I rate F5 Advanced WAF an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1057971 - PeerSpot reviewer
Senior Engineer at a tech services company with 51-200 employees
Real User
Improves the protection for web applications in production from MySQL injection attacks
Pros and Cons
  • "With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform."
  • "F5 Advanced WAF needs better integration within the application, like remote dashboards."

What is our primary use case?

We use F5 Advanced WAF to protect some of our web applications and web services. We use F5 Advanced WAF as a web application firewall in production. 

Our clients are liable for the security of applications on the internet because they are in the banking services sector.

How has it helped my organization?

In this case, we used a few long-term models because F5 Advanced WAF is a complete solution. Our customers do not only use this model. 

F5 Advanced WAF is similar to other solutions used for a lot of projects. 

It's feasible for our customers to improve on their protection ability within the applications from secondary attacks, i.e. MySQL injection.

Each company is liable for the security of the customers using the service.

What is most valuable?

With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform. It was integrated by our company and not the dealer. 

What needs improvement?

For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use.

F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard.

We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future.

F5 now is the product we use for the web products to have a web application firewall.

We need better integration in the application and more security features in the future.

For how long have I used the solution?

We have been using this solution almost one year. It's new.

What do I think about the stability of the solution?

F5 Advanced WAF is very stable.

How are customer service and technical support?

The technical support of F5 I didn't use, but I heard people like the feature. I haven't needed it personally.

Which solution did I use previously and why did I switch?

We have used some other products but they didn't have enough functionality. You can launch media adaptation for variety with F5. That is one of the biggest advantages of this solution.

How was the initial setup?

In the market now there is a lot of information on the setup of F5 Advanced WAF. You can look for it on the company website. I didn't use F5 support directly, just the materials.

What's my experience with pricing, setup cost, and licensing?

F5 Advanced WAF is not a cheap product.

What other advice do I have?

My advice is to recommend F5 Advanced WAF for use. On a scale of 1 to 10, I would rate F5 Advanced WAF a nine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at PECCO
Real User
Helps with blocking attacks on web applications
Pros and Cons
  • "The initial setup was was easy to install."
  • "People who want to work with the device have to be pro in Linux"

What is our primary use case?

We are a PPS payment providing services company in banking, so, we are using it for that. We are banking company and we are using it as a web application firewall.

How has it helped my organization?

We have an SOC, and for collecting logs we are also using the F5 logs to analyze the securities and events. So having a central log management and F5 really helped us to analyze the security logs. It also helps with blocking the attacks on web applications.

What needs improvement?

Everything is good about the F5 WAF, except the reporting. It's really difficult to set records from that device, the UI is kind of hard to work with, and the reporting must be improved.

As a suggestion to the F5 company, they have to put in shells to have the next generation WAF. So, instead of buying different modules and different hardware and appliances, they can offer an all-in-one solution for WAF.

How was the initial setup?

The initial setup was was easy to install. Our department wasn't installing it, the infrastructure department installed it, so we gave them the policy that we wanted to use.

What about the implementation team?

Because of the sanctions, we couldn't buy it straight from the US, so we bought it from an Iranian company. They provided us that solution. The company that sold us the device also had some people to consult with us to give us best practices from the previous companies that installed it.

What's my experience with pricing, setup cost, and licensing?

I think it's a good product but the F5 uses shells, so the people who want to work with the device have to be pro in Linux. If they can put everything in the UI so every regular security engineer can work with it, it's fabulous.

What other advice do I have?

I would rate the solution 8 out of 10. We are concerned about the other factors but it's actually not F5 company's fault. The pricing is really high here right now because of the dollar rate but it has nothing to do with the F5, it's because of the sanctions I imagine. At the moment it's a really expensive solution for us, not only F5 but the other appliances. 
If I went to another company, and the other company hired me, I would suggest they use this device. Although we don't have a lot of options to choose from around here.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free F5 Advanced WAF Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free F5 Advanced WAF Report and get advice and tips from experienced pros sharing their opinions.