F5 BIG-IP Advanced Firewall Manager (AFM) Reviews

We primarily use the solution as a data center firewall. 

It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.

The protection is very useful. 

The solution is stable. 

Once you understand the logic, it's straightforward to set up. 

We seem to have confusing logic from the solution itself. This needs to be addressed. 

For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.

Technical support could be better.

I've been using the solution for the last three years. 

The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.

Technical support is not that great.

The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.

Negative

The initial setup is illogical, which makes it difficult. 

Basically, as a user, you are expecting something,  it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.

The deployment only takes four days. 

I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM. 

The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.

The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.

It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.

In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.

When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.

The pricing is somewhere in the middle. It was not expensive and not cheap. 

The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.

You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.

Support is also an additional expense. 

We're resellers. We're using the latest version of the solution. 

Chances are, as a standalone product, you can find a better firewall at the same price. 

It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense. 

I'd rate the product five out of ten. 

In the past three years, I implemented Advanced Firewall Manager to safeguard our clients' DNS solutions and protect applications from DDoS and BPOS attacks. This involved securing DNS queries and ensuring resilience against various cyber threats.

The most valuable features of Advanced Firewall Manager are its effectiveness in protecting applications from DDoS attacks, ensuring service availability, and safeguarding against infrastructure and application-level threats. It excels in preventing downtime and maintaining application performance, which is crucial for our clients' security and operational continuity.

There is room for improvement in Advanced Firewall Manager's dashboard statistics, especially during attacks. Enhancements in graphical representation and more detailed reports would be beneficial for a more comprehensive understanding of the security landscape.

I have been using Advanced Firewall Manager for seven years.

In terms of stability, Advanced Firewall Manager performs well. Logging is straightforward, allowing for easy analysis and integration with other solutions. It provides detailed logs during attacks, facilitates in-depth review, and supports integration with SNMP for added insights into security events.

Advanced Firewall Manager scales well with a flexible SKN architecture, allowing easy capacity and high availability expansion. This scalability extends to hybrid setups, enabling consistent policies and configurations across on-premise and cloud environments through the BigIQ solution. It ensures seamless synchronization for efficient management.

Contacting F5 support for issues, especially related to traffic, attacks, or platform bugs, is easy and communication is straightforward. However, there is room for improvement in the support team's accuracy, as sometimes their recommendations may not directly address the reported issues, leading to a need for clearer and more relevant guidance. I would rate the support as a seven out of ten.

Neutral

The installation could be moderately complex, involving the implementation of new traffic flows and applications into the network for protection. Deployment for Advanced Firewall Manager for one application takes approximately one week. However, the technical configuration itself, focused on proactive platform setup and protection, can typically be accomplished in about a day. 
Deploying Advanced Firewall Manager usually involves around five people, covering security, network, application, support, and project teams.

While Advanced Firewall Manager comes with a relatively higher price, it aligns with the platform's benefits, stability, and warranty.

Overall, I would rate F5 BIG-IP Advanced Firewall Manager as an eight out of ten.

We use the solution for load balancing and WAF (web application firewall).

The solution's initial setup is not easy.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for three years.

F5 BIG-IP Advanced Firewall Manager is a stable solution.

I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten for stability.

F5 BIG-IP Advanced Firewall Manager is a scalable solution. Two administrators from IT use the solution for load balancing, and two administrators from security use it for WAF.

We previously used Arbor and Radware.

We implemented the solution through a consultant.

For our services, the solution took nearly three months to deploy.

We need to pay a yearly licensing fee for the solution.

I would recommend F5 BIG-IP Advanced Firewall Manager to other users.

Overall, I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten.

F5 BIG-IP AFM is deployed on-premise and in the cloud.

We are using F5 BIG-IP AFM mostly for financial services.

F5 BIG-IP AFM has improved the way our organization functions.

The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.

I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.

F5 BIG-IP AFM is very good.

The scalability of F5 BIG-IP AFM has been very good.

We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.

The support that we receive from the F5 BIG-IP AFM has been very valuable.

Positive

I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.

The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.

We did the implementation of F5 BIG-IP AFM in-house.

We have seven people that are maintaining F5 BIG-IP AFM.

F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.

I rate F5 BIG-IP AFM a ten out of ten.

The primary use case for F5 BIG-IP Advanced Firewall Manager is in government offices.

The features of F5 BIG-IP Advanced Firewall Manager that have proven most effective in securing the network are significant. The user mentioned that these features are valuable in security management, suggesting that they find the product attractive for their needs.

I have encountered challenges with the price of the solution. Apart from the price, I feel no other areas need improvement.

I have used the solution for two years.

I would rate the stability of F5 at eight out of ten.

I would rate the scalability of F5 as six out of ten. While there is room for improvement, it somewhat meets the scalability requirements.

The initial setup was easy for me.

The price of the solution presents a challenge.

Based on my experience, I recommend F5 BIG-IP Advanced Firewall Manager to other people. 

I would rate this solution overall as eight out of ten.

We primarily use the solution as a firewall. 

We use it to block or allow traffic inside the infrastructure.

Usually, if we want to tie it up to another service, we usually use AFM. The reason we use AFM is due to the fact that we have Anti-DDoS equipment and the components in order to mitigate those attacks, we use a combination of AFM, ATM, and GTM.

It's deployed in order to allow or deny traffic for us. It controls the flow and acts as a layer of security. It also is able to handle routing. 

The security is quite good. It allows us to block certain addresses. 

It is stable. 

Support is quite helpful.

We have witnessed an ROI. 

Some spam can go by the firewall. The processing is a bit slow, and spam can get by. 

We'd like to be able to do a deep packet inspection. We haven't enabled that. Hopefully, the next-generation firewalls will be able to do that for us.

The solution is a bit pricey. 

I've used the solution for around four years. It's been a while. 

The stability is okay. I'd rate it seven out of ten overall. 

The scalability would be based more on the hardware aspect. I'd rate its ability to scale at a six or seven out of ten, since it is rather fixed. It's still hardware and not fully virtualized, which makes scaling limited. 

Technical support is pretty good. I do find them to be mostly helpful and responsive. 

Positive

I have also used Check Point in the past. I've also used a few other firewalls as well. 

I wasn't directly involved in the initial setup. When I arrived at the company, I was more on the operations side of things. 

We have witnessed an ROI while using the product. 

The solution is a bit expensive. I'd rate pricing four out of ten in terms of affordability. 

Companies should implement the solution if they have the budget. If you're going to deploy a security firewall device, this is a helpful solution.

I'd rate the solution seven out of ten. 

CGNAT is one of its strong areas. 

If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.

I have experience with F5 BIG-IP Advanced Firewall Manager (AFM).

It is a highly stable solution. 

It is a scalable solution. 

I think com configuration of (AFM) is comparatively little better than LTM because one is that Sentry is not very feature rich. And because of that reasons, configurations are comparatively easier because when you deploy it as a plain, when you need a firewall or firewall or IPS. So it's it's not very difficult as such.

As per pricing, I would not say cheap, but little higher than cheap, but not very expensive. So you can say kind of value for money solutions.

Overall, i would rate the solution a seven out of ten. 

We use the on-prem model of this solution. Our primary use case is to protect our software with a firewall.

This solution has improved security. We also use it to protect various customer's software. 

They offer good video material to implement this solution. It's a mature product. Imperva is a competitor but this solution is the market leader.

It blocks various attacks and mitigates disasters from occurring. 

The most valuable feature is that you can implement it in a positive or negative model. Most customers implement the protection with a negative model because implementing with a positive model is not simple. We need help from the development team.

It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. 

The database is not simple. It's not easy to understand. 

We needed to protect the database but the solution doesn't offer certain features to do so.

Customers have requested container features. 

It's very stable. 

The technical support depends on who is helping you. Global support is good. Sometimes the representative is not so knowledgable about this product. 

I was previously using Imperva but my company wanted to switch to F5. 

The initial setup was very easy. 

This is a good product. I would recommend this solution to anybody evaluating it. 

I would rate this solution a nine out of ten.