F5 Advanced WAF Reviews

F5 Advanced WAF can be deployed on-premise or in the cloud. When it comes to local governmental organizations, it's mostly on-premises solutions they use. However, we recommend using virtual ones.

F5 Advanced WAF is used for protecting applications.

The most valuable features of F5 Advanced WAF are the balancer and you can change policies very easily.

The overall price of F5 Advanced WAF could improve.

I have been familiar with F5 Advanced WAF for approximately one year.

I have not had any customers complaining about the stability.

F5 Advanced WAF is scalable.

The initial setup of F5 Advanced WAF is easy.

I rate the setup of F5 Advanced WAF a four out of five.

The ease of maintenance of F5 Advanced WAF depends from customer to customer. If the company had someone trained or they have an inside person who is reliable for this maintenance, they typically do not have any problems.

The price of F5 Advanced WAF could improve it is expensive.

There can be extra features added at an additional cost.

I rate the price of F5 Advanced WAF a three out of five.

Our clients pick this solution over others because it is one of the leading companies in the category.

I can recommend F5 Advanced WAF to any customer because we have experience, and referrals from customers using it within different models. If it comes to WAF, LTM, or whatever. I'm very happy to sell it because it is one of the leading vendors within its line. Our customers within the financial market, such as banking organizations, are very happy with it.

I rate F5 Advanced WAF a nine out of ten.

For me, the primary use case is to secure web applications from external threats, including cross-site scripting, SQL injection attacks, file inclusion vulnerabilities, and many more. The tool has simplified protection against web applications and recent threats that might be visible. If your applications are vulnerable, it gets protected by F5.

It is a very flexible solution. iRules is quite appealing when it comes to F5, and they apply it throughout their solution. BIG-IP is a known platform, and it is a part of F5 now. Application delivery or web application firewalls, F5 understands these terms and then suggests better data policies. But you have to do the work on your application's performance first. You have to look in the logs and understand the total attack you should prevent when we put it in the circuit protection mode, which works perfectly well.

iRules truly excites me because it has the ability to prevent the end-user and infrastructure from external threats.

Even if the F5’s default signatures and the default behavior are unable to help you, you can customize iRules to reach the objectives.

I don't like the management control of F5.

Moreover, if you are not an expert, it would be really difficult to set it up.

I have been using the product for fifteen years or more.

It is a stable solution.

It is definitely a scalable solution.

The initial setup is quite straightforward. I didn't experience any complexity. It could be difficult for somebody who is not familiar with application load balancers or web applications. It takes a month to understand the entire architecture. It primarily depends upon how great deployment could be.

It usually takes about five to seven days to configure and deploy the F5 Advanced WAF in production mode. It is essential to ensure that your configuration works properly before putting it into production mode.

When you have already designed it, it takes around five to seven days to set up. But it takes more than a month to understand the entire architecture of the F5.

I would rate it an eight out of ten.

I use F5 Advanced WAF to secure web applications and load balance for connectivity.

F5 Advanced WAF secures our connectivity and combines both the main functions of WAF (balancing and web application security).

F5 Advanced WAF's best feature is that it's a combination of LTM and ASM in one license.

It's sometimes difficult to customize APIs with F5 Advanced WAF, which could be made easier.

I've been using F5 Advanced WAF for three-and-a-half years.

F5 Advanced WAF is stable.

I previously used FortiWeb, but after comparison, I preferred F5.

The initial setup was moderate, and I would rate my experience as four out of five. Deployment took a month because we had to put it in learning mode, customize policies, and get the security signature.

We used a third-party team.

A yearly license for F5 Advanced WAF is expensive. I would rate the pricing at two out of five.

I would give F5 Advanced WAF a rating of nine out of ten.

We are using it to secure a few applications for our customers. 

The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features.

It should be a little bit easy to deploy in terms of the overall deployment session. 

One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device.

F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. 

F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall.

I have been using this solution almost for a year.

It has good stability. Our customers are happy with the implementation. So far, we haven't faced many issues.

Overall, it has been good. We get proper support, and we haven't faced any challenges. However, F5 doesn't provide support during the demo or POC time. Other vendors provide technical support for demo or POC, but F5 does not. We have to reach out to the local AC every now and then, which is a difficult task because most of the time, he is in some other meeting or busy with something else. So, he isn't able to support us. They should give us some kind of technical support for demos and POCs. We should be able to reach out to them for completing a POC. It would be an added advantage.

The implementation was quite smooth. We migrated from CloudFlare to F5 without any major issues. The deployment took almost ten months, and it included the implementation and fine-tuning. The customer had three applications.

Its price is fair. We have done a couple of deals where they were able to give some kind of discount to the customers. The price was initially high for the customers, but after a couple of negotiations, it came within their budget. They were happy with that.

I would recommend this solution because it is overall a very good solution. As a company, they are very established and stable, and they have a long legacy in the industry. They have been there in the industry for a long time. On top of that, they have very good solutions. They can just improve their offerings and marketing in terms of the new rebranding.

I would rate F5 Advanced WAF an eight out of ten.

We host public-facing web applications or APIs. There are web applications that are owned by the company that is exposed to the outside. The internal infrastructure is within the premise. We use F5 to protect them. It's an HA model, and we have two sites.

We need to have an extra layer of protection. We were previously exposed to the public API. The deployment and the rate of deploying web-based applications had increased. After we introduced the web application firewall, it increased our ability to expose more of the services to the public. 

My favorite feature of F5 is the ability to play around with the ciphers. I also like the ability to have an immediate display of the support IDs when a real blockage occurs. The protection offered is great.

The reporting portion of F5 Advance WAF is not great. They need to work out something better, as it is very basic. You only see the top IPs, I think there is more they can offer.

I have been using F5 Advanced WAF for four years, since 2018.

F5 Advanced WAF is a stable solution.

For the initial deployment, from what we were planning to implement, it was scalable. 

We now have other requirements that we need to engage with. They believe we need to increase our license, so we can accommodate more features.

There have been issues in the availability of quick support. For general issues there is no concern. The issue is when you need support right away, but it is not available.

Positive

The solution was deployed using network security. At the time of deployment, the appliance was there, but we did not have any person that was able to accomplish the deployment. It took six months to deploy.

We have definitely seen a ROI by using F5 Advanced WAF.

As far as the pricing of F5 Advanced WAF I would rate it a four out of five depending on what features I am looking for. Imperva is more expensive.

The price has remained consistent at a constant rate. There have not been any increases or any unforeseen increases when we're renewing our license. The price is fixed.

I reviewed Imperva only to compare pricing.

On the initial engagement, you should try to look on how best you can accommodate the quick support features, as this was a big struggle for us.

Overall, I would rate F5 Advanced WAF an eight out of ten.

We are using F5 Advanced WAF to defend against web application attacks.

The most valuable features of the F5 Advanced WAF are the enhanced ASM and the performance. Additionally, the usability and effectiveness are very good.

F5 Advanced WAF could improve on its funding for WAF features. There is a need to be more advanced WAF features.

I have been using F5 Advanced WAF for several years.

My advice to others is F5 Advanced WAF is a powerful WAF for many years in the market, and it has powerful security features.

F5 Advanced WAF is a stable solution.

I have found that F5 Advanced WAF is scalable but there is a limit.

We have hundreds of people using this solution in my organization.

I have not used the support from F5 Advanced WAF.

The initial setup of F5 Advanced WAF is straightforward, but the process is lengthy.

We did the deployment of F5 Advanced WAF in-house. We have a team that's always ready and aligned with the process of maintaining F5 Advanced WAF.

There are different licenses available to use F5 Advanced WAF, such as BT, ASM, and LPM.

I rate the price of F5 Advanced WAF a four out of five.

I rate F5 Advanced WAF an eight out of ten.

We use F5 Advanced WAF to protect some of our web applications and web services. We use F5 Advanced WAF as a web application firewall in production. 

Our clients are liable for the security of applications on the internet because they are in the banking services sector.

In this case, we used a few long-term models because F5 Advanced WAF is a complete solution. Our customers do not only use this model. 

F5 Advanced WAF is similar to other solutions used for a lot of projects. 

It's feasible for our customers to improve on their protection ability within the applications from secondary attacks, i.e. MySQL injection.

Each company is liable for the security of the customers using the service.

With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform. It was integrated by our company and not the dealer. 

For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use.

F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard.

We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future.

F5 now is the product we use for the web products to have a web application firewall.

We need better integration in the application and more security features in the future.

F5 Advanced WAF is very stable.

The technical support of F5 I didn't use, but I heard people like the feature. I haven't needed it personally.

We have used some other products but they didn't have enough functionality. You can launch media adaptation for variety with F5. That is one of the biggest advantages of this solution.

In the market now there is a lot of information on the setup of F5 Advanced WAF. You can look for it on the company website. I didn't use F5 support directly, just the materials.

F5 Advanced WAF is not a cheap product.

My advice is to recommend F5 Advanced WAF for use. On a scale of 1 to 10, I would rate F5 Advanced WAF a nine.

We are a PPS payment providing services company in banking, so, we are using it for that. We are banking company and we are using it as a web application firewall.

We have an SOC, and for collecting logs we are also using the F5 logs to analyze the securities and events. So having a central log management and F5 really helped us to analyze the security logs. It also helps with blocking the attacks on web applications.

Everything is good about the F5 WAF, except the reporting. It's really difficult to set records from that device, the UI is kind of hard to work with, and the reporting must be improved.

As a suggestion to the F5 company, they have to put in shells to have the next generation WAF. So, instead of buying different modules and different hardware and appliances, they can offer an all-in-one solution for WAF.

The initial setup was was easy to install. Our department wasn't installing it, the infrastructure department installed it, so we gave them the policy that we wanted to use.

Because of the sanctions, we couldn't buy it straight from the US, so we bought it from an Iranian company. They provided us that solution. The company that sold us the device also had some people to consult with us to give us best practices from the previous companies that installed it.

I think it's a good product but the F5 uses shells, so the people who want to work with the device have to be pro in Linux. If they can put everything in the UI so every regular security engineer can work with it, it's fabulous.

I would rate the solution 8 out of 10. We are concerned about the other factors but it's actually not F5 company's fault. The pricing is really high here right now because of the dollar rate but it has nothing to do with the F5, it's because of the sanctions I imagine. At the moment it's a really expensive solution for us, not only F5 but the other appliances. 
If I went to another company, and the other company hired me, I would suggest they use this device. Although we don't have a lot of options to choose from around here.