Try our new research platform with insights from 80,000+ expert users
John Bayangos - PeerSpot reviewer
Lead Infrastructure Engineer at a educational organization with 1,001-5,000 employees
Real User
Top 5
Good support and security but is a bit expensive
Pros and Cons
  • "It is stable."
  • "Some spam can go by the firewall."

What is our primary use case?

We primarily use the solution as a firewall. 

We use it to block or allow traffic inside the infrastructure.

Usually, if we want to tie it up to another service, we usually use AFM. The reason we use AFM is due to the fact that we have Anti-DDoS equipment and the components in order to mitigate those attacks, we use a combination of AFM, ATM, and GTM.

How has it helped my organization?

It's deployed in order to allow or deny traffic for us. It controls the flow and acts as a layer of security. It also is able to handle routing. 

What is most valuable?

The security is quite good. It allows us to block certain addresses. 

It is stable. 

Support is quite helpful.

We have witnessed an ROI. 

What needs improvement?

Some spam can go by the firewall. The processing is a bit slow, and spam can get by. 

We'd like to be able to do a deep packet inspection. We haven't enabled that. Hopefully, the next-generation firewalls will be able to do that for us.

The solution is a bit pricey. 

Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
November 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for around four years. It's been a while. 

What do I think about the stability of the solution?

The stability is okay. I'd rate it seven out of ten overall. 

What do I think about the scalability of the solution?

The scalability would be based more on the hardware aspect. I'd rate its ability to scale at a six or seven out of ten, since it is rather fixed. It's still hardware and not fully virtualized, which makes scaling limited. 

How are customer service and support?

Technical support is pretty good. I do find them to be mostly helpful and responsive. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have also used Check Point in the past. I've also used a few other firewalls as well. 

How was the initial setup?

I wasn't directly involved in the initial setup. When I arrived at the company, I was more on the operations side of things. 

What was our ROI?

We have witnessed an ROI while using the product. 

What's my experience with pricing, setup cost, and licensing?

The solution is a bit expensive. I'd rate pricing four out of ten in terms of affordability. 

What other advice do I have?

Companies should implement the solution if they have the budget. If you're going to deploy a security firewall device, this is a helpful solution.

I'd rate the solution seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
DejanBlagojevic - PeerSpot reviewer
Presales Engineer at Exclusive-networks
Reseller
Top 5Leaderboard
Reliable and straightforward to set up but has confusing logic
Pros and Cons
  • "The protection is very useful."
  • "For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior."

What is our primary use case?

We primarily use the solution as a data center firewall. 

How has it helped my organization?

It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.

What is most valuable?

The protection is very useful. 

The solution is stable. 

Once you understand the logic, it's straightforward to set up. 

What needs improvement?

We seem to have confusing logic from the solution itself. This needs to be addressed. 

For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.

Technical support could be better.

For how long have I used the solution?

I've been using the solution for the last three years. 

What do I think about the stability of the solution?

The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.

How are customer service and support?

Technical support is not that great.

The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.

How would you rate customer service and support?

Negative

How was the initial setup?

The initial setup is illogical, which makes it difficult. 

Basically, as a user, you are expecting something,  it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.

The deployment only takes four days. 

I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM. 

The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.

The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.

It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.

In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.

What was our ROI?

When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.

What's my experience with pricing, setup cost, and licensing?

The pricing is somewhere in the middle. It was not expensive and not cheap. 

The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.

You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.

Support is also an additional expense. 

What other advice do I have?

We're resellers. We're using the latest version of the solution. 

Chances are, as a standalone product, you can find a better firewall at the same price. 

It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense. 

I'd rate the product five out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
November 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Head: Cyber and Information Research Centre at Council for Scientific and Industrial Research
Real User
Responsive support, beneficial load balancing, but web gateway could improve
Pros and Cons
  • "The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available."
  • "The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM)."

What is our primary use case?

I am using F5 BIG-IP Advanced Firewall Manager (AFM) for load balancing and an IP gateway.

What is most valuable?

The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available.

What needs improvement?

The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM).

In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.

For how long have I used the solution?

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately five years.

What do I think about the stability of the solution?

F5 BIG-IP Advanced Firewall Manager (AFM) is a stable solution. I have not had many issues.

What do I think about the scalability of the solution?

The solution is scalable, but there are costs involved.

We have approximately 10,000 users using the solution. The solution is being used daily.

How are customer service and support?

I rate the technical support of F5 BIG-IP Advanced Firewall Manager (AFM) a four out of five.

They're responsive and have always have pointed helped out when we had issues.

How was the initial setup?

The initial setup of the F5 BIG-IP Advanced Firewall Manager (AFM) is of a medium level of difficulty. There are technical elements that are required to set it up.

What about the implementation team?

We used the vendor to help us do the implementation.

What's my experience with pricing, setup cost, and licensing?

F5 BIG-IP Advanced Firewall Manager (AFM) is an expensive solution. They are one of the best in the market, but the price could be cheaper.

I rate the price of F5 BIG-IP Advanced Firewall Manager (AFM) a three out of five.

Which other solutions did I evaluate?

There are competing solutions in the market. In terms of what F5 BIG-IP Advanced Firewall Manager (AFM) offers, from the load balancing point of view, I think they are one of the best. When it comes to firewalls and other solutions, there are better ones, such as FortiGate, Cisco, or Huawei. As a firewall, they are not the best. However, for load balancing, they're the best.

What other advice do I have?

F5 BIG-IP Advanced Firewall Manager (AFM) is a popular big brand name behind it. However, it is expensive. Everything that is being used by large corporations is going to have a high cost.

I rate F5 BIG-IP Advanced Firewall Manager (AFM) a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Presales Consultant at Innovative Solutions
Vendor
Top 20
A readily available solution with load balancing feature
Pros and Cons
  • "F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated."
  • "The product is expensive."

What is most valuable?

F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated. 

What needs improvement?

The product is expensive. 

What do I think about the stability of the solution?

F5 BIG-IP Advanced Firewall Manager is stable. 

What do I think about the scalability of the solution?

The solution is scalable. 

How are customer service and support?

The tool has a good support center in Saudi Arabia. 

What was our ROI?

You can expect ROi with the tool's use. 

What other advice do I have?

I rate the product a ten out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Executive of the Telecommunications Area at a financial services firm with 501-1,000 employees
Real User
Top level support, scalable, and reliable
Pros and Cons
  • "The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it."
  • "The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year."

What is our primary use case?

F5 BIG-IP AFM is deployed on-premise and in the cloud.

We are using F5 BIG-IP AFM mostly for financial services.

How has it helped my organization?

F5 BIG-IP AFM has improved the way our organization functions.

What is most valuable?

The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.

For how long have I used the solution?

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.

What do I think about the stability of the solution?

F5 BIG-IP AFM is very good.

What do I think about the scalability of the solution?

The scalability of F5 BIG-IP AFM has been very good.

We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.

How are customer service and support?

The support that we receive from the F5 BIG-IP AFM has been very valuable.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.

How was the initial setup?

The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.

What about the implementation team?

We did the implementation of F5 BIG-IP AFM in-house.

We have seven people that are maintaining F5 BIG-IP AFM.

What's my experience with pricing, setup cost, and licensing?

F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.

What other advice do I have?

I rate F5 BIG-IP AFM a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Ritesh-Bakhru - PeerSpot reviewer
Major Account Manager at Check Point Software
Real User
Top 10
CGNAT is one of its strong areas but it doesn't compare to next generation firewalls
Pros and Cons
  • "CGNAT is one of its strong areas."
  • "It doesn't compare to next generation firewalls"

What is our primary use case?


What is most valuable?

CGNAT is one of its strong areas. 

What needs improvement?

If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.

For how long have I used the solution?

I have experience with F5 BIG-IP Advanced Firewall Manager (AFM).

What do I think about the stability of the solution?

It is a highly stable solution. 

What do I think about the scalability of the solution?

It is a scalable solution. 

How was the initial setup?

I think com configuration of (AFM) is comparatively little better than LTM because one is that Sentry is not very feature rich. And because of that reasons, configurations are comparatively easier because when you deploy it as a plain, when you need a firewall or firewall or IPS. So it's it's not very difficult as such.

What's my experience with pricing, setup cost, and licensing?

As per pricing, I would not say cheap, but little higher than cheap, but not very expensive. So you can say kind of value for money solutions.

What other advice do I have?

Overall, i would rate the solution a seven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
PeerSpot user
IT Service Delivery Manager at Consys.it
Real User
Blocks various attacks and mitigates disasters from occurring
Pros and Cons
  • "It blocks various attacks and mitigates disasters from occurring."
  • "We needed to protect the database but the solution didn't offer a certain feature to do so."

What is our primary use case?

We use the on-prem model of this solution. Our primary use case is to protect our software with a firewall.

How has it helped my organization?

This solution has improved security. We also use it to protect various customer's software. 

They offer good video material to implement this solution. It's a mature product. Imperva is a competitor but this solution is the market leader.

It blocks various attacks and mitigates disasters from occurring. 

What is most valuable?

The most valuable feature is that you can implement it in a positive or negative model. Most customers implement the protection with a negative model because implementing with a positive model is not simple. We need help from the development team.

What needs improvement?

It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. 

The database is not simple. It's not easy to understand. 

We needed to protect the database but the solution doesn't offer certain features to do so.

Customers have requested container features. 

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

It's very stable. 

How are customer service and technical support?

The technical support depends on who is helping you. Global support is good. Sometimes the representative is not so knowledgable about this product. 

Which solution did I use previously and why did I switch?

I was previously using Imperva but my company wanted to switch to F5. 

How was the initial setup?

The initial setup was very easy. 

What other advice do I have?

This is a good product. I would recommend this solution to anybody evaluating it. 

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Computer & Network Security Professional at a financial services firm with 10,001+ employees
Real User
Helps improve the security of my environment and has a straightforward setup
Pros and Cons
  • "I find the signature base is very helpful to see traffic"
  • "We would have preferred to have support when we first started"

What is our primary use case?

I am using this solution to protect my web services.

How has it helped my organization?

It helps improve the security of my environment.

What is most valuable?

I find the signature base is very helpful to see traffic, to see the increase in web traffic.

What needs improvement?

The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.

For how long have I used the solution?

I have been using the solution for 1 year.

How are customer service and technical support?

You don't necessarily call for technical support that gets deployed like Cisco does. With this, you have to go and look for all the support separately for the deployment and stuff like that. It makes work a little tiring. Otherwise, support is fine. It's just a question of how they are going to help you on the deployment when something is broken.

How was the initial setup?

The initial setup was straightforward. It's not too complex. We were very careful to not cause an outage. The implementation strategy was to keep it in transference mode to observe it for a while before we pushed it through to preventive mode.

What about the implementation team?

I used a software team and had a little help from Google. We would have preferred to have support when we first started, instead of having to hire an engineer which charged us a little.

Which other solutions did I evaluate?

We didn't really evaluate other options. They were the top one at the time, so we decided to go for that.

What other advice do I have?

There should be more qualified support, like training videos or how to install features. 

I would rate the solution 8 out of 10. If the user interface was more user-friendly, I'd rate it higher.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros sharing their opinions.