F5 Advanced WAF Reviews

In general, the web interface is not really catchy. It's very powerful, very customizable, but it doesn't have a very nice GUI interface for a new adopter. For them, they'd have to do a lot of configuring. At least the reporting and monitoring parts, let's say, to be honest, should have a better interface. A few other products have very nice dashboards, out of the box, and F5 is not that friendly to use.

Also, when you buy WAF, you have to buy another module called APM to do authentication. You have to buy another module with an extra license, to have the authentication feature. Other vendors have it interwoven. For example, I don't know if Barracuda has it, but Citrix has it under the same license. So maybe add authentication functionality in the AOS license, and not separate.

I've been using the solutions for 10 years.

The stability is perfect. 10 out of 10. We've not had any trouble with any deployment ever. And they are very big deployments: service providers, TelCos, banking, everywhere. Even on distant parts of the network, we have not had any kind of performance issues. Of course, as long as the sizing is within the appliance performance range. But it never has had a failure in performance or degradation of service or anything like this, as long as the full-time traffic is within the box capability, we've never had an issue.

It's scalable. 

We are a partner for F5, or a system integrator, not the client. So we do the implementation for other companies. I've been working with F5 for more than 10 years, so I know them very well. 

I like them because I like the security solution. They get extra marks compared to other solutions or competitors. There are more features than any other product I can think of. They're always monitoring, and the security features offer more than other, lesser products.

I would rate this solution 10 out of 10.

We use the F5  Web Application firewall to protect our corporate web server. The security of our web is our absolute highest priority.

We've only been using this solution for six months now, so we can't really see any improvement yet.

The most valuable feature is network detection intelligence and the ability to get extra internal access. I don't have knowledge about all the functions but, because it is a fully automatic process, the devices scan a lot of traffic. It is automatically set up to protect our web.

The administrator's user interface and some of the settings can sometimes be very complicated to understand. It would really help if they could be easier and more user-friendly. Perhaps the developers can add a training video that shows users what to do. I am sure it is a good product and you only need some experience to become familiar with it.

Another thing that may need improvement, is upgrading from one version to another. It is good, but it can be faster. 

We've been testing the F5 -BIG-AWF-VE Web Application for six months now and we plan to implement the solution in July.

It is a very stable solution. We currently have three administrators and about 300 users working on it.

The scalability is great because we can change or set this device up for almost everything. We can even extend to other functions and buy new licenses - this product will automatically adapt to these new functions. For example, we can buy a license and F5 will automatically extend to these functions. It is a very simple process to extend functionality to this device. You only need to install the license and configure it.

The technical support is perfect. Our company is a corporate partner, and we can also use services directly from other international support centers.

It was a very difficult decision to find the right solution. We used open source software before to protect our system's open source architecture.
We switched to F5 WAF because, for us, professional services are absolutely necessary. There are other cheaper options on the market, but when you need support, it can sometimes be a problem. 

We've incorporated our partner and he initiated the setup of this device. He used both the manual and the automatic setup options, and then he compared the two options. And now, as we are in production, we choose either automatic setup or manual setup. The automatic setup is quite easy, but the manual setup is complicated. It all depends on what you want from the product.

Our partner was responsible for the initial setup. 

I will rate the product a nine out of ten. 

We use F5 Advanced WAF to protect our web applications.

What I found most valuable in F5 Advanced WAF is its automatic policy feature.

What needs to be improved in this solution is the accuracy of its automatic learning feature, because we frequently have to help it manually, particularly to stop blocking things it isn't supposed to block.

The technical support for F5 Advanced WAF, though fast and accurate, is costly. The cost could be improved.

I find F5 Advanced WAF a very stable solution.

The scalability of F5 Advanced WAF is very good.

The technical support for this tool is fast and accurate, but it's expensive.

The initial setup for F5 Advanced WAF was straightforward.

We are the integrator and reseller, so we deployed the solution in-house.

F5 Advanced WAF technical support comes at a cost, and it's expensive.

I'm using the latest version of F5 Advanced WAF: version 16.0.

We don't only use this solution for ourselves, as we also have some customers we implemented it for, because we are a reseller.

Deployment of F5 Advanced WAF took two to three days.

The advice I'd like to give to people who are looking into implementing this product is for them to read the documentation. It's all there.

I'm rating F5 Advanced WAF eight out of ten.

On-premises

We have many types of service, provided by the company.

We can monitor IP locations, but we have constraints from each country. It has a replication feature. Licenses can be shared, taking turns with each license.

The reporting could be clearer and embedded to include our movement data. The product could improve the interface by reducing the bookmarking more frequently and some other features. Ideally, it could do with a brand new interface. There is sometimes information overload in the logs. It is sometimes difficult to detect attacks on the firewall because it is hidden amongst many other data. The logs are not always helpful in this regard. I was disappointed in the reporting.

We have been using F5 Advanced Web Application Firewall for about one year and the same for Fortinet FortiWeb.

Scalability is fine, and we don't have any complaints so far. It's flexible once you want to expand it, but that includes the license upgrade for additional features.

We use a reseller for technical support. Technical support is very good.

We have looked at other options, but they have different solutions to the F5 Advanced Web Application Firewall.

Setup and installation are easy.

We use the reseller to implement it from scratch until it is fully deployed. Implementation does not take long.

There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version. You are only charged by the total data transferred, and there are hourly charges for the protected web application.

We are constantly looking out for features which are not available in the current product. We have set alerts to flag when these features become available.

I would rate this solution as 9 out of 10. They can combine firewall software with other software solutions with this product. It has a good community to see what other ideas for the product are out there.

Public Cloud

Amazon Web Services (AWS)

The anti-bot protection is the solution's most valuable feature. Safe-guard or credential staffing are also useful features.

The templates of the iApps could be better.

The solution's dashboard could be improved. When you're moving from policy to policy, the logs and the integration of the logs in other systems aren't straightforward.

The solution has a lot of training material, but not about integration in a virtual improvement. They should create more documentation around this for users. 

I've been using the solution for four years.

The solution is stable.

Technical support is very good. I only use it four ot five times a year. If I find any bugs I post it to their file. It's very good support. They offer excellent service.

The initial setup was very simple. It was just for the machine: the ASM port and the WAF itself, not the deployment of the appliance, which is why it was easy.

I'm an integrator, so I help implement the solution for clients.

The pricing of the solution is very high.

Before selecting this solution, we looked at Kemp. We were concerned with the WAF, which is why we decided not to go with Kemp.

We're using several versions of the solution; anything between versions 12 to 14.

I would recommend the solution. It's the best option for WAF, at least in the last year or so.

I would rate the solution ten out of ten.

The DCI feature is very valuable. The solution is very robust, and I like the setup.

With this solution, you can set distinct perimeters that you can monitor. You can go very granular, which makes it possible to set up very specific perimeters that you are then able to secure.

The solution is tedious. It takes a lot of discrete settings so one needs to get detailed and granular when they use the solution. It takes you a whole lot of energy and concentration to configure. It needs to be much more straightforward, like other web solutions.

They need to have a way to define attack signatures. It might help improve the user experience.

I've been using the solution for close to four years.

The solution is quite stable. Since 2016, there hasn't been any concern in regards to security.

The solution is highly scalable.

Technical support is excellent. It's top-notch.

The initial setup was very straightforward. The solution is very compact. It takes more than one month for effective deployment.

The solution isn't too expensive. The license allows you to license what you need and leave out what you don't need.

We currently deal with the on-premises deployment model.

I would recommend the solution for use as an efficient firewall. Security is a complex thing, however, and I would advise others to use multiple vendors for different layers.

I would rate the solution ten out of ten.

We use F5 Advanced WAF to protect some of our web applications and web services. We use F5 Advanced WAF as a web application firewall in production. 

Our clients are liable for the security of applications on the internet because they are in the banking services sector.

In this case, we used a few long-term models because F5 Advanced WAF is a complete solution. Our customers do not only use this model. 

F5 Advanced WAF is similar to other solutions used for a lot of projects. 

It's feasible for our customers to improve on their protection ability within the applications from secondary attacks, i.e. MySQL injection.

Each company is liable for the security of the customers using the service.

With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform. It was integrated by our company and not the dealer. 

For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use.

F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard.

We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future.

F5 now is the product we use for the web products to have a web application firewall.

We need better integration in the application and more security features in the future.

We have been using this solution almost one year. It's new.

F5 Advanced WAF is very stable.

The technical support of F5 I didn't use, but I heard people like the feature. I haven't needed it personally.

We have used some other products but they didn't have enough functionality. You can launch media adaptation for variety with F5. That is one of the biggest advantages of this solution.

In the market now there is a lot of information on the setup of F5 Advanced WAF. You can look for it on the company website. I didn't use F5 support directly, just the materials.

F5 Advanced WAF is not a cheap product.

My advice is to recommend F5 Advanced WAF for use. On a scale of 1 to 10, I would rate F5 Advanced WAF a nine.

I work for a bank and our use case of WAF is to protect our applications, including mobile ones. We are users of this solution and I am an IT specialist engineer. 

Protection from attacks is the best feature of this product. 

We sometimes get pages with false positives. The F5 team does its best to deal with this problem. I'd like to see this product compatible with more mobile applications, like protecting something devices from a malicious server or from the mobile application itself.

We've been using this solution for one year. 

The stability is good. 

The version we are using is not very scalable. 

The technical support is generally good although in some cases they take a long time to respond and we then need to escalate the case to get an answer from a higher level. The team is mature and they are able to solve our problems.

Positive

F5 has good documentation available on their website so deployment is relatively straightforward. 

This is a mature solution and a very powerful device for protecting web applications. I rate this solution eight out of 10. 

On-premises