We primarily use the solution as a data center firewall.
It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.
The protection is very useful.
The solution is stable.
Once you understand the logic, it's straightforward to set up.
We seem to have confusing logic from the solution itself. This needs to be addressed.
For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.
Technical support could be better.
I've been using the solution for the last three years.
The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze.
The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.
Technical support is not that great.
The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.
The initial setup is illogical, which makes it difficult.
Basically, as a user, you are expecting something, it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.
The deployment only takes four days.
I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM.
The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.
The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.
It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.
In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.
When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.
The pricing is somewhere in the middle. It was not expensive and not cheap.
The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.
You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.
Support is also an additional expense.
We're resellers. We're using the latest version of the solution.
Chances are, as a standalone product, you can find a better firewall at the same price.
It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense.
I'd rate the product five out of ten.