F5 BIG-IP Advanced Firewall Manager (AFM) Reviews

We primarily use the solution as a firewall. 

We use it to block or allow traffic inside the infrastructure.

Usually, if we want to tie it up to another service, we usually use AFM. The reason we use AFM is due to the fact that we have Anti-DDoS equipment and the components in order to mitigate those attacks, we use a combination of AFM, ATM, and GTM.

It's deployed in order to allow or deny traffic for us. It controls the flow and acts as a layer of security. It also is able to handle routing. 

The security is quite good. It allows us to block certain addresses. 

It is stable. 

Support is quite helpful.

We have witnessed an ROI. 

Some spam can go by the firewall. The processing is a bit slow, and spam can get by. 

We'd like to be able to do a deep packet inspection. We haven't enabled that. Hopefully, the next-generation firewalls will be able to do that for us.

The solution is a bit pricey. 

I've used the solution for around four years. It's been a while. 

The stability is okay. I'd rate it seven out of ten overall. 

The scalability would be based more on the hardware aspect. I'd rate its ability to scale at a six or seven out of ten, since it is rather fixed. It's still hardware and not fully virtualized, which makes scaling limited. 

Technical support is pretty good. I do find them to be mostly helpful and responsive. 

Positive

I have also used Check Point in the past. I've also used a few other firewalls as well. 

I wasn't directly involved in the initial setup. When I arrived at the company, I was more on the operations side of things. 

We have witnessed an ROI while using the product. 

The solution is a bit expensive. I'd rate pricing four out of ten in terms of affordability. 

Companies should implement the solution if they have the budget. If you're going to deploy a security firewall device, this is a helpful solution.

I'd rate the solution seven out of ten. 

We primarily use the solution as a data center firewall. 

It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.

The protection is very useful. 

The solution is stable. 

Once you understand the logic, it's straightforward to set up. 

We seem to have confusing logic from the solution itself. This needs to be addressed. 

For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.

Technical support could be better.

I've been using the solution for the last three years. 

The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.

Technical support is not that great.

The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.

Negative

The initial setup is illogical, which makes it difficult. 

Basically, as a user, you are expecting something,  it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.

The deployment only takes four days. 

I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM. 

The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.

The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.

It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.

In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.

When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.

The pricing is somewhere in the middle. It was not expensive and not cheap. 

The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.

You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.

Support is also an additional expense. 

We're resellers. We're using the latest version of the solution. 

Chances are, as a standalone product, you can find a better firewall at the same price. 

It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense. 

I'd rate the product five out of ten. 

I am using F5 BIG-IP Advanced Firewall Manager (AFM) for load balancing and an IP gateway.

The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available.

The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM).

In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately five years.

F5 BIG-IP Advanced Firewall Manager (AFM) is a stable solution. I have not had many issues.

The solution is scalable, but there are costs involved.

We have approximately 10,000 users using the solution. The solution is being used daily.

I rate the technical support of F5 BIG-IP Advanced Firewall Manager (AFM) a four out of five.

They're responsive and have always have pointed helped out when we had issues.

The initial setup of the F5 BIG-IP Advanced Firewall Manager (AFM) is of a medium level of difficulty. There are technical elements that are required to set it up.

We used the vendor to help us do the implementation.

F5 BIG-IP Advanced Firewall Manager (AFM) is an expensive solution. They are one of the best in the market, but the price could be cheaper.

I rate the price of F5 BIG-IP Advanced Firewall Manager (AFM) a three out of five.

There are competing solutions in the market. In terms of what F5 BIG-IP Advanced Firewall Manager (AFM) offers, from the load balancing point of view, I think they are one of the best. When it comes to firewalls and other solutions, there are better ones, such as FortiGate, Cisco, or Huawei. As a firewall, they are not the best. However, for load balancing, they're the best.

F5 BIG-IP Advanced Firewall Manager (AFM) is a popular big brand name behind it. However, it is expensive. Everything that is being used by large corporations is going to have a high cost.

I rate F5 BIG-IP Advanced Firewall Manager (AFM) a seven out of ten.

F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated. 

The product is expensive. 

F5 BIG-IP Advanced Firewall Manager is stable. 

The solution is scalable. 

The tool has a good support center in Saudi Arabia. 

You can expect ROi with the tool's use. 

I rate the product a ten out of ten. 

F5 BIG-IP AFM is deployed on-premise and in the cloud.

We are using F5 BIG-IP AFM mostly for financial services.

F5 BIG-IP AFM has improved the way our organization functions.

The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.

F5 BIG-IP AFM is very good.

The scalability of F5 BIG-IP AFM has been very good.

We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.

The support that we receive from the F5 BIG-IP AFM has been very valuable.

Positive

I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.

The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.

We did the implementation of F5 BIG-IP AFM in-house.

We have seven people that are maintaining F5 BIG-IP AFM.

F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.

I rate F5 BIG-IP AFM a ten out of ten.

CGNAT is one of its strong areas. 

If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.

I have experience with F5 BIG-IP Advanced Firewall Manager (AFM).

It is a highly stable solution. 

It is a scalable solution. 

I think com configuration of (AFM) is comparatively little better than LTM because one is that Sentry is not very feature rich. And because of that reasons, configurations are comparatively easier because when you deploy it as a plain, when you need a firewall or firewall or IPS. So it's it's not very difficult as such.

As per pricing, I would not say cheap, but little higher than cheap, but not very expensive. So you can say kind of value for money solutions.

Overall, i would rate the solution a seven out of ten. 

We use the on-prem model of this solution. Our primary use case is to protect our software with a firewall.

This solution has improved security. We also use it to protect various customer's software. 

They offer good video material to implement this solution. It's a mature product. Imperva is a competitor but this solution is the market leader.

It blocks various attacks and mitigates disasters from occurring. 

The most valuable feature is that you can implement it in a positive or negative model. Most customers implement the protection with a negative model because implementing with a positive model is not simple. We need help from the development team.

It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. 

The database is not simple. It's not easy to understand. 

We needed to protect the database but the solution doesn't offer certain features to do so.

Customers have requested container features. 

It's very stable. 

The technical support depends on who is helping you. Global support is good. Sometimes the representative is not so knowledgable about this product. 

I was previously using Imperva but my company wanted to switch to F5. 

The initial setup was very easy. 

This is a good product. I would recommend this solution to anybody evaluating it. 

I would rate this solution a nine out of ten.

I am using this solution to protect my web services.

It helps improve the security of my environment.

I find the signature base is very helpful to see traffic, to see the increase in web traffic.

The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.

You don't necessarily call for technical support that gets deployed like Cisco does. With this, you have to go and look for all the support separately for the deployment and stuff like that. It makes work a little tiring. Otherwise, support is fine. It's just a question of how they are going to help you on the deployment when something is broken.

The initial setup was straightforward. It's not too complex. We were very careful to not cause an outage. The implementation strategy was to keep it in transference mode to observe it for a while before we pushed it through to preventive mode.

I used a software team and had a little help from Google. We would have preferred to have support when we first started, instead of having to hire an engineer which charged us a little.

We didn't really evaluate other options. They were the top one at the time, so we decided to go for that.

There should be more qualified support, like training videos or how to install features. 

I would rate the solution 8 out of 10. If the user interface was more user-friendly, I'd rate it higher.