F5 Advanced WAF Reviews

We use this solution because we provide a platform that requires a lot of security.

The solution is deployed on cloud.

We have thousands of external users.

I like the security features, especially against SQL injection.

I would like to see additional controls.

I have been using this solution for a year.

The stability is reasonably good. There haven't been any major issues so far.

It's scalable. We haven't had any major issues so far.

We went through the managed service partner, so they did the deployment. Deployment took about 15 days.

We have a few IT experts for maintenance. 

Implementation was done in-house.

I would rate this solution eight out of ten. 

My advice is to do a thorough testing of the application.

Most of the time, we use it as a load balancer. It's for the client’s applications. They then apply WAF policies, of course, if the customer wants, and also an APM solution, like VPN access or Web Box, like a web and reverse protocol. Customers vary in terms of what they want.

The WAF and APM are very useful. I like the modules.

The solution has been mostly stable and reliable.

It can scale.

The BNS module needs improvement.

I’ve been using the solution for the last four and a half or five years. It’s been a while.

Most of the time, the stability is okay. For the most part, we don’t have issues with bugs or the solution crashing. It’s fine.

The solution can scale as necessary.

We have a lot of telecom and banking clients that use the solution. I’m not sure how much in total each client has in terms of users. Whoever would be using it would be more on the technical side.

We do plan to increase usage and to continue to offer this to our clients.

We help with the support as well as implementation. If a client runs into issues, they can always talk to us.

I’ve contacted the technical support of F5. However, I haven’t used them that much. They have always been okay. I’ve never had issues with them.

Sometimes the setup is straightforward. Other times it’s more complicated. It depends on the client and the project. How long the deployment takes depends on what they want.

You only need one person to handle deployment and maintenance tasks.

We are an integrator and can help customers set up the solution.

While there may be a potential for ROI, I don’t track it.

I’m not sure about the licensing. I don’t handle this aspect of the product.

We’re platinum partners with F5 in Greece. We’re integrators and resellers. We work with different versions.

The solution can be deployed both on the cloud and on-premises.

I’d recommend the solution to others.

I would rate the solution nine out of ten. We’ve been pretty happy with its capabilities.

We primarily use the solution to protect web and API applications. You can choose either web classic or API to protect against different types of attacks.

With Advanced WAF protection, F5 was able to protect multiple kind of Web Application, supporting both HTTP & API protocols access

There are two main features that we love on F5.

The first is the hardware itself. It's extremely stable and reliable. We never face any issues with it and performance is never affected. 

The second is the features on offer. Feature-wise, they are always cutting edge and up-to-date. Many features aren't available via competitors. There's always a lot of enhanced critical features that just aren't available through anyone else, or, if they are, are too lightweight. They're the leaders in the space.

We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement.

The solution still needs some development to handle more traffic, especially in huge environments. In small environments, it's not an issue. 

I've bee using the solution for more than ten years.

The solution is extremely stable and robust. There are no issues with bugs or glitches. It doesn't crash or freeze. It's great. The stability is a huge selling feature.

It's scalable. There's always options to upgrade the hardware. Any hardware you buy from a store, you have the basic model and the upgraded model. For example, if you buy the 4600 appliance, you can upgrade up to 4800. You get double specs for everything, so you can just upgrade the license of the hardware. However, hardware eventually has a limitation. If you buy too small of a size of hardware, eventually there's some development limitations for the hardware. You can, however, do a cluster. You can add multiple hardware devices. This makes it very scalable.

The solution is not user-based. It's more connection-based, so there's no limitation on the number of users. It's more of a limitation on total throughput or total connection. Limitations depend on the application and how much traffic it generates. We've seen it in Telco environment where there's more than millions of users. We've also seen it do well with online banking where there are thousands of users. Small companies can use it too. It can vary, however, we've seen it in millions of users at Telco.

Technical support is great. We always open tickets. They're always very fast and very professional, and they always solve the issues. We're extremely satisfied with the level of support we receive.

If you want to do the basic installation and get the system up and running, then it's pretty straightforward. However, you have the flexibility to go very advanced and you can get into very complicated scenarios. That's what we like about the solution. There's a lot of use cases where you're required to have the ability to create some advanced features or some complicated scenarios. It gives you the capabilities to handle them.

You have the flexibility to go beyond that and have advanced scripting rules and advanced features in order to have more capability to do new things that are not as common. You need to have the space to improvise things if you need to.

While a straightforward deployment may only take a few hours, as it has a pre-defined rough template, there's always tuning to be done. It's a security product. It's not like it's plug-and-play. There's always a learning phase and tuning is necessary. This is common with any security product. That said, to get it up and operational, it's a matter of hours.

For a proper work deployment, to be frank, you need an ether professional because there's an ether configuration change. You also need a security professional to do the rules and policies and everything. Then, you need the involvement of the web application developer, so you can understand the content of the web application. Security people don't know which link is good and which link is bad inside the application. Usually, you need three people from the team - one each from network, security, and application - to have a proper deployment.

We're an integrator.

We have a big customer base, therefore we always have to be up to date with the latest versions. We feed to constantly look at things so that we know the new features.

I highly recommend the solution to other companies. F5 has a huge portfolio of plug-ins. You can add it to the top of the web. On the same appliance, you can have your balancer, you can have your application authentication, and those things that turn on. You can have multiple other features on the same hardware. It is definitely a technology that adapts. I can use the application in different ways beyond just security.

On a scale from one to ten, I'd rate it at a perfect ten.

F5 Advanced WAF could improve the precision of the scanning. There are many false positives. They should improve their threat database.

I have been using F5 Advanced WAF for three years.

F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb.

I have found F5 Advanced WAF to be scalable.

The local support is good and they have been helpful. However, if we raise an issue to the global support they take a lot of time to return our inquiry.

The price of the enterprise solution is reasonable. However, if you are a small to medium-sized business the price could be difficult to afford.

F5 Advanced WAF pricing structure should be adjusted to meet the need of small to medium-sized companies.

I rate F5 Advanced WAF an eight out of ten.

I'm the deputy manager of information security and we are customers of WAF.

We're in a banking environment and the signature update is a good feature. It's also very easy to implement WAF. The product works well for us. 

Although we're getting some reports, we're not getting all the reports we need. There seems to be a gap in report management. 

The solution is stable. 

We haven't really tested scalability; we currently have one network team, two or three people who handle the product and we have multiple applications and servers hosted on the WAF so there's no need to scale for now. 

We're satisfied with the technical support. 

The initial setup was a good experience. We had support from the WAF team and a consultancy team for implementation who also provided good support. 

This is a good solution, it's very useful and offers easy application management, which is good to have at the perimeter level. It provides good security against threats and attacks.

From a security point of view, I rate the solution eight out of 10. 

I use F5 for on-premises infrastructure to provide protection.

The most valuable features of this solution are the WAF protection, Data Safe, and the seven-layer DDoS.

I would like to see the API Protection improved.

I have been using F5 Advanced WAF for two years.

We are using the latest version.

It's a stable product. We have no issues with the stability of the F5 Advanced WAF.

We have not yet tried to scale with this solution. We have increased by 15% to 20%. 

There are approximately 100 people in our company who use this solution.

I have contacted technical support several times. They have support consultants to provide help with your cases. I have received advice from them when I have tried to build new systems.

Overall, the technical support is excellent.

I am using it on my personal account on Google Cloud. It is used with cloud solutions. I use Google, Gmail, and Google Drive.

I was not a part of the initial setup.

The solution does not require any maintenance.

This solution was installed by a third party. It may have been the reseller.

I don't have any issue with the pricing of this solution. I am only involved with the technical portion of it.

I am not sure about recommending solutions.

I would rate F5 Advance WAF a nine out of ten.

We have many types of service, provided by the company.

We can monitor IP locations, but we have constraints from each country. It has a replication feature. Licenses can be shared, taking turns with each license.

The reporting could be clearer and embedded to include our movement data. The product could improve the interface by reducing the bookmarking more frequently and some other features. Ideally, it could do with a brand new interface. There is sometimes information overload in the logs. It is sometimes difficult to detect attacks on the firewall because it is hidden amongst many other data. The logs are not always helpful in this regard. I was disappointed in the reporting.

We have been using F5 Advanced Web Application Firewall for about one year and the same for Fortinet FortiWeb.

Scalability is fine, and we don't have any complaints so far. It's flexible once you want to expand it, but that includes the license upgrade for additional features.

We use a reseller for technical support. Technical support is very good.

We have looked at other options, but they have different solutions to the F5 Advanced Web Application Firewall.

Setup and installation are easy.

We use the reseller to implement it from scratch until it is fully deployed. Implementation does not take long.

There are various plans available for Fortinet FortiWeb Cloud WAF as a Service, including a trial version. You are only charged by the total data transferred, and there are hourly charges for the protected web application.

We are constantly looking out for features which are not available in the current product. We have set alerts to flag when these features become available.

I would rate this solution as 9 out of 10. They can combine firewall software with other software solutions with this product. It has a good community to see what other ideas for the product are out there.

I was working in sales. We would provide more corporate products. I am not implementing or deploying this solution. I would sell it for projects in the enterprise direction, but it was mostly for financial institutions and some government companies.

It usually used for e-commerce and financial services. Products that banks provide to their customers. It also offers protection of the services.

It is easy to use, and it's also easy to configure. 

The most valuable feature is that it is secure.

The interface is old-looking, it's not modern, which is why it's not always comfortable to use.

I would hope that they provide some updates sooner rather than later.

I have used F5 Advanced WAF for three months in the last year.

We were using the latest version and we update on a regular basis.

It's a very stable solution.

This is a scalable product.

Our customers are in the banking system and we have approximately 200 to a few thousand customers.

We have official support from the distribution channel. One of our distributors is in Ukraine.

They have their own support definition provided with some certifications who are responsible for providing support at the vendor level.

We usually ask for their support and they provide it to us.

Previously, we used BIG-IP and we used Web Application Firewall.

I was not involved in the installation.

I am currently working on a B2C channel, which is more for retail companies.

I have also been working with Apple company for a little bit more than a month.

I am working with all-in-one products with all services included.

I would recommend this solution to others who are interested in using it. It's not popular in our country but it's unique in itself. There are some segments that became more important on a regular basis, especially for large companies and enterprise segments.

It's a secure product. I would rate F5 Advanced WAF an eight out of ten.