We primarily use the solution as a data center firewall.
Presales Engineer at Exclusive-networks
Reliable and straightforward to set up but has confusing logic
Pros and Cons
- "The protection is very useful."
- "For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior."
What is our primary use case?
How has it helped my organization?
It offers a border between the DMZ, the demilitarized zone, and the rest of the data center. We already have an F5 solution over there with some other models included. This additional model is something extra that can make a difference in security protection.
What is most valuable?
The protection is very useful.
The solution is stable.
Once you understand the logic, it's straightforward to set up.
What needs improvement?
We seem to have confusing logic from the solution itself. This needs to be addressed.
For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way.
Technical support could be better.
Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
December 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I've been using the solution for the last three years.
What do I think about the stability of the solution?
The solution is really stable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The scalability and cost-effectiveness of the solution is really good. Hardware appliances can forward some crazy amounts of traffic. However, this is not like all other firewalls. Scalability is pretty much somewhere in the middle. You always have some additional models on the same hardware or even in virtual machines. In general, it's not good, and it's not bad. You need to take everything into account.
How are customer service and support?
Technical support is not that great.
The solution itself works perfectly. That said, if there is an issue and when you open the ticket, nobody picks up the ticket for ages. It can be a problem.
How would you rate customer service and support?
Negative
How was the initial setup?
The initial setup is illogical, which makes it difficult.
Basically, as a user, you are expecting something, it's not easy to achieve that since logic is way, way different than any other firewall. That's the only reason why it can be hard to configure. Once you understand how the solution is processing the traffic, it becomes extremely easy.
The deployment only takes four days.
I didn't have any cases where the AFM was the only module or where we started deployment of the solution from scratch. We always used it as an additional service on an existing platform. Therefore, you have F5 already deployed with, let's say, Access Policy Manager or maybe an advanced firewall verification firewall; that's an extra service where we are enabling one more functionality regarding that AFM.
The first step is configuring the virtual service that moves the traffic and configuring the policies, rate limits, protection, and similar things. After that, we validate the configuration and eventually fine-tune everything before putting it into production.
The deployment pretty can be done by one man, no more than that. It's not that complex of a solution. It's a basic layer for the firewall and nothing more than that. In the cases where you have 3,000 policies, that could be time-consuming; however, in the end, one person can do it without any issues.
It requires, not maintenance in general terms, where you have something to patch or something to do with that. However, if change requests are considered, every now and then, you will have to allow some different things and maybe reconfigure some existing policies to include something that was not included or needed before. That's common practice.
In most cases, after that initial deployment and knowledge transfer, the customer itself is able to manage the solution.
What was our ROI?
When you are using it with another solution from F5, it's an excellent addition, and you get a lot of discounts, so it's affordable. In that case, the ROI is really nice. However, if you are using it as a standalone solution, I don't even know if that's comparable to other vendors or not. The ROI might be slightly below average. In that case, I'd rate the ROI at four out of ten.
What's my experience with pricing, setup cost, and licensing?
The pricing is somewhere in the middle. It was not expensive and not cheap.
The license itself is perpetual. Or you can get subscriptions. However, it is more than likely to be perpetual since you don't need any live feeds.
You can get separate subscriptions for threat intelligence, IP intelligence, and geolocation, yet you don't need any kind of subscription for the firewall itself.
Support is also an additional expense.
What other advice do I have?
We're resellers. We're using the latest version of the solution.
Chances are, as a standalone product, you can find a better firewall at the same price.
It's limited with functionalities, so there is nothing really nice about AFM except that if you already have an F5 stack of solutions on hardware or on virtual infrastructure, and you are adding this license, in that case, it makes sense. Any other case doesn't simply work. That doesn't make sense.
I'd rate the product five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Head: Cyber and Information Research Centre at Council for Scientific and Industrial Research
Responsive support, beneficial load balancing, but web gateway could improve
Pros and Cons
- "The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available."
- "The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM)."
What is our primary use case?
I am using F5 BIG-IP Advanced Firewall Manager (AFM) for load balancing and an IP gateway.
What is most valuable?
The most valuable features of F5 BIG-IP Advanced Firewall Manager (AFM) are the web gateway, load balancing, services, and applications available.
What needs improvement?
The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM).
In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.
For how long have I used the solution?
I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately five years.
What do I think about the stability of the solution?
F5 BIG-IP Advanced Firewall Manager (AFM) is a stable solution. I have not had many issues.
What do I think about the scalability of the solution?
The solution is scalable, but there are costs involved.
We have approximately 10,000 users using the solution. The solution is being used daily.
How are customer service and support?
I rate the technical support of F5 BIG-IP Advanced Firewall Manager (AFM) a four out of five.
They're responsive and have always have pointed helped out when we had issues.
How was the initial setup?
The initial setup of the F5 BIG-IP Advanced Firewall Manager (AFM) is of a medium level of difficulty. There are technical elements that are required to set it up.
What about the implementation team?
We used the vendor to help us do the implementation.
What's my experience with pricing, setup cost, and licensing?
F5 BIG-IP Advanced Firewall Manager (AFM) is an expensive solution. They are one of the best in the market, but the price could be cheaper.
I rate the price of F5 BIG-IP Advanced Firewall Manager (AFM) a three out of five.
Which other solutions did I evaluate?
There are competing solutions in the market. In terms of what F5 BIG-IP Advanced Firewall Manager (AFM) offers, from the load balancing point of view, I think they are one of the best. When it comes to firewalls and other solutions, there are better ones, such as FortiGate, Cisco, or Huawei. As a firewall, they are not the best. However, for load balancing, they're the best.
What other advice do I have?
F5 BIG-IP Advanced Firewall Manager (AFM) is a popular big brand name behind it. However, it is expensive. Everything that is being used by large corporations is going to have a high cost.
I rate F5 BIG-IP Advanced Firewall Manager (AFM) a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
December 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Head of the direction of ensuring the security of digital systems, electronic databases and networks at Ukreximbank
A stable solution that can be used for load balancing and WAF (web application firewall)
Pros and Cons
- "We use the solution for load balancing and WAF (web application firewall)."
- "The solution’s initial setup is not easy."
What is most valuable?
We use the solution for load balancing and WAF (web application firewall).
What needs improvement?
The solution's initial setup is not easy.
For how long have I used the solution?
I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for three years.
What do I think about the stability of the solution?
F5 BIG-IP Advanced Firewall Manager is a stable solution.
I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten for stability.
What do I think about the scalability of the solution?
F5 BIG-IP Advanced Firewall Manager is a scalable solution. Two administrators from IT use the solution for load balancing, and two administrators from security use it for WAF.
Which solution did I use previously and why did I switch?
We previously used Arbor and Radware.
What about the implementation team?
We implemented the solution through a consultant.
For our services, the solution took nearly three months to deploy.
What's my experience with pricing, setup cost, and licensing?
We need to pay a yearly licensing fee for the solution.
What other advice do I have?
I would recommend F5 BIG-IP Advanced Firewall Manager to other users.
Overall, I rate F5 BIG-IP Advanced Firewall Manager a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Security Engineer at Malam Engineering PLC
Robust security management that's effective and offers valuable security features
Pros and Cons
- "The features of F5 BIG-IP Advanced Firewall Manager that have proven most effective in securing the network are significant."
- "Apart from the price, I feel no other areas need improvement."
What is our primary use case?
The primary use case for F5 BIG-IP Advanced Firewall Manager is in government offices.
What is most valuable?
The features of F5 BIG-IP Advanced Firewall Manager that have proven most effective in securing the network are significant. The user mentioned that these features are valuable in security management, suggesting that they find the product attractive for their needs.
What needs improvement?
I have encountered challenges with the price of the solution. Apart from the price, I feel no other areas need improvement.
For how long have I used the solution?
I have used the solution for two years.
What do I think about the stability of the solution?
I would rate the stability of F5 at eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of F5 as six out of ten. While there is room for improvement, it somewhat meets the scalability requirements.
How was the initial setup?
The initial setup was easy for me.
What's my experience with pricing, setup cost, and licensing?
The price of the solution presents a challenge.
What other advice do I have?
Based on my experience, I recommend F5 BIG-IP Advanced Firewall Manager to other people.
I would rate this solution overall as eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Dec 3, 2024
Flag as inappropriateExecutive of the Telecommunications Area at a financial services firm with 501-1,000 employees
Top level support, scalable, and reliable
Pros and Cons
- "The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it."
- "The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year."
What is our primary use case?
F5 BIG-IP AFM is deployed on-premise and in the cloud.
We are using F5 BIG-IP AFM mostly for financial services.
How has it helped my organization?
F5 BIG-IP AFM has improved the way our organization functions.
What is most valuable?
The most valuable feature of F5 BIG-IP AFM is all of my workers enjoy using it.
For how long have I used the solution?
I have been using F5 BIG-IP Advanced Firewall Manager (AFM) for approximately 11 years.
What do I think about the stability of the solution?
F5 BIG-IP AFM is very good.
What do I think about the scalability of the solution?
The scalability of F5 BIG-IP AFM has been very good.
We have approximately 3,000 users using this solution in my company. If we have another system we will increase our usage.
How are customer service and support?
The support that we receive from the F5 BIG-IP AFM has been very valuable.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Cisco solutions and I switched to F5 BIG-IP AFM because of the superior support.
How was the initial setup?
The initial setup of F5 BIG-IP AFM in a complex environment was simple. However, the full deployment took us approximately one year.
What about the implementation team?
We did the implementation of F5 BIG-IP AFM in-house.
We have seven people that are maintaining F5 BIG-IP AFM.
What's my experience with pricing, setup cost, and licensing?
F5 BIG-IP AFM is an affordable solution. There were not any additional fees other than the standard licensing.
What other advice do I have?
I rate F5 BIG-IP AFM a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Major Account Manager at Check Point Software
CGNAT is one of its strong areas but it doesn't compare to next generation firewalls
Pros and Cons
- "CGNAT is one of its strong areas."
- "It doesn't compare to next generation firewalls"
What is our primary use case?
What is most valuable?
CGNAT is one of its strong areas.
What needs improvement?
If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.
For how long have I used the solution?
I have experience with F5 BIG-IP Advanced Firewall Manager (AFM).
What do I think about the stability of the solution?
It is a highly stable solution.
What do I think about the scalability of the solution?
It is a scalable solution.
How was the initial setup?
I think com configuration of (AFM) is comparatively little better than LTM because one is that Sentry is not very feature rich. And because of that reasons, configurations are comparatively easier because when you deploy it as a plain, when you need a firewall or firewall or IPS. So it's it's not very difficult as such.
What's my experience with pricing, setup cost, and licensing?
As per pricing, I would not say cheap, but little higher than cheap, but not very expensive. So you can say kind of value for money solutions.
What other advice do I have?
Overall, i would rate the solution a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
IT Service Delivery Manager at Consys.it
Blocks various attacks and mitigates disasters from occurring
Pros and Cons
- "It blocks various attacks and mitigates disasters from occurring."
- "We needed to protect the database but the solution didn't offer a certain feature to do so."
What is our primary use case?
We use the on-prem model of this solution. Our primary use case is to protect our software with a firewall.
How has it helped my organization?
This solution has improved security. We also use it to protect various customer's software.
They offer good video material to implement this solution. It's a mature product. Imperva is a competitor but this solution is the market leader.
It blocks various attacks and mitigates disasters from occurring.
What is most valuable?
The most valuable feature is that you can implement it in a positive or negative model. Most customers implement the protection with a negative model because implementing with a positive model is not simple. We need help from the development team.
What needs improvement?
It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now.
The database is not simple. It's not easy to understand.
We needed to protect the database but the solution doesn't offer certain features to do so.
Customers have requested container features.
For how long have I used the solution?
I have been using this solution for six years.
What do I think about the stability of the solution?
It's very stable.
How are customer service and technical support?
The technical support depends on who is helping you. Global support is good. Sometimes the representative is not so knowledgable about this product.
Which solution did I use previously and why did I switch?
I was previously using Imperva but my company wanted to switch to F5.
How was the initial setup?
The initial setup was very easy.
What other advice do I have?
This is a good product. I would recommend this solution to anybody evaluating it.
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
A readily available solution with load balancing feature
Pros and Cons
- "F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated."
- "The product is expensive."
What is most valuable?
F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated.
What needs improvement?
The product is expensive.
What do I think about the stability of the solution?
F5 BIG-IP Advanced Firewall Manager is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
The tool has a good support center in Saudi Arabia.
What was our ROI?
You can expect ROi with the tool's use.
What other advice do I have?
I rate the product a ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Distributed Denial-of-Service (DDoS) ProtectionPopular Comparisons
Akamai App and API Protector
Radware DefensePro
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We are looking at managed DNS providers and want to know what others are using
- Prolexic vs. Arbor Networks: How do they compare?
- Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
- How does a WAF help to protect against DDoS attacks?
- DDoS solutions: Any other solutions to consider aside from Radware DefensePro and F5 Silverline DDoS Protection?
- Which is the best DDoS solution and why?
- When evaluating DDoS Protection, what aspect do you think is the most important to look for?
- What is the difference between denial of service and distributed denial of service?
- How does BGP routing help to mitigate DDoS attacks?
- How does a CDN protect against DDoS attacks?