We primarily use the solution to protect and to divide cells. We are not using AFM as a standalone product. We are using AFM with the LTM module, as a module. The main purpose of F5 is to use it as an ADC application to deal with the console.
Contracted IP Development Engineer at a media company with 10,001+ employees
Good support, and capable of scaling
Pros and Cons
- "The decryption is great."
- "Deployment times vary according to the customer. It needs to be heavily configured. You need to look and you need to observe the behavior of the traffic before you can start configuring everything. It can take time."
What is our primary use case?
What is most valuable?
The DDoS is the solution's most valuable feature.
The support that the product offers is good.
When you buy an F5 as an appliance, you are buying licenses as well. If you buy both LTM and AFM licenses, you can protect your servers in a one-off solution. You don't have to buy another firewall to protect your servers. It makes security really easy.
The decryption is great.
What needs improvement?
We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of.
The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included.
In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks.
For how long have I used the solution?
I've been using the solution for two years or so now.
Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
November 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is pretty stable. If you do happen to find a bug, they will provide you with a patch to solve the issue. You can also go to their website where they will list all of the bugs that are associated with each version. They make it quite transparent.
What do I think about the scalability of the solution?
The solution is scalable because it doesn't depend on hardware. If you run this product on a Viprion, it will be scalable, but not too much. If you run the same product with the same version in a standalone device or on a virtual system, you will use the power and scale of the associated device. It's scalable because you are able to use the same product in different hardware. If you buy a powerful server, and you can scale your F5 as a virtual system easily.
How are customer service and support?
I don't really reach out to technical support, so I wouldn't be able to assess it.
How was the initial setup?
The initial setup is very straightforward. It's not complex. It just takes a few steps and you are finished.
Deployment times vary according to the customer. It needs to be heavily configured. You need to look and you need to observe the behavior of the traffic before you can start configuring everything. It can take time.
In terms of deployment, a powerful deployment actually needs a minimum of two people and one of them needs to speak with the developers because the developers are protecting the source. They will help you to understand the requirements. After the assessment of the requirements, the users can deploy and test the solution.
Maintenence also varies by customer, however, once it is configured, unless you are adding extra servers or adjusting things, there doesn't need to be any maintenance. You can just leave it alone for the most part, so you will only need one person to check on it.
What about the implementation team?
I help my clients deploy the product to their systems.
What other advice do I have?
While some companies have now started to move these devices from on-premises to the cloud, most companies prefer not to do this due to security reasons.
I'd rate the solution eight out of ten. It's a good product, but it may not be the absolute best on the market. Companies should examine NGINX or Palo Alto or others and compare them to see what would work best for their organization.
I would recommend the solution.
It's great for protecting servers from attacks. With controllers plus the firewall, you will only need one device to protect everything.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Analyst at Link3 Technologies
Stable product with valuable WAF features
Pros and Cons
- "The product’s most valuable features are LTM and WAF."
- "F5 BIG-IP Advanced Firewall Manager's pricing and technical support services need improvement."
What is most valuable?
The product’s most valuable features are LTM and WAF.
What needs improvement?
F5 BIG-IP Advanced Firewall Manager's pricing and technical support services need improvement.
For how long have I used the solution?
We have been using F5 BIG-IP Advanced Firewall Manager for four years.
What do I think about the stability of the solution?
It is a stable product.
What do I think about the scalability of the solution?
The application is scalable.
How are customer service and support?
The technical support services are complex in terms of direct communication compared to Fortinet. We only receive support easily for patch upgrades and configuration.
How was the initial setup?
The product is easy to deploy. A basic configuration takes around two days to complete fine-tuning and policy setup. The deployment consists of two steps including deploying it in monitoring mode including observing traffic without blocking. The second step is to verify and observe traffic patterns and then switch to system mode to block malicious traffic. It being a continuous process, takes some more time for analysis.
What's my experience with pricing, setup cost, and licensing?
The product is expensive compared to Fortinet, which has similar functionality. They offer one, three, and five-year license subscriptions.
What other advice do I have?
I rate F5 BIG-IP Advanced Firewall Manager an eight out of ten from other users. It holds a challenger’s position in Gartner, closer to leader products. Its migration feature is complicated for on-premise versions compared to Palo Alto, Fortinet, etc.
I recommend the product to businesses with a considerable budget. I recommend Fortinet to other users.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
F5 BIG-IP Advanced Firewall Manager (AFM)
November 2024
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Systems Engineer at Datasure Solutions
Enables us to configure the product to the client's exact needs with unprecedented flexibility
Pros and Cons
- "This product excells in every aspect from installation and the interface to providing superior network security."
- "This would be absolutely the best network security solution if the price were not so high."
What is our primary use case?
I use F5 AFM (Advanced Firewall Manager) for several solutions including firewall, load balancing, and security.
How has it helped my organization?
The F5 product has one thing that is remarkable. I do not have any two deployments for customers that are exactly the same. There are so many opportunities to configure the product to the client's exact needs that it offers unprecedented flexibility.
What is most valuable?
I would have to say that F5 excels in all aspects of network protection. There are five modules and I have yet to use them all. I use the LTM that's Local Traffic Manager, then I've worked with APM or Access Policy Manager, and I've worked with AFM which is Advanced Firewall Manager.
If I were a CPO of an organization, I would just get F5 in my infrastructure to perform all the network security activities. I could just do that if I have the budget rather than bringing in separate solutions like Barracuda from one vendor and then bringing one other solution from another vendor. This is a unified solution that is already integrated and optimizes performance.
F5 will do load balancing, security, act as the firewall and F5 excels in executing all of them. How it gets deployed depends on the customer and on what particular features the customers want. From a deployment perspective, F5 is excellent in all of them.
What needs improvement?
I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.
For how long have I used the solution?
We have been using the solution for more than four years.
What do I think about the stability of the solution?
I can vouch for the stability of F5. The product has been around for a while now. In fact, there is a particular claim that they use in their marketing and we have experienced. We have had some customers where we find that in the environment they have very old, end of life cycle, machines that are still running their F5 instance.
Even though the product is 'end of life' F5 company is very committed to supporting it. So the improvements keep coming out. It is technically not 'end of life' because they still support it. We have not had any customer that complained that "Oh they are billing me for the F5 system because of one upgrade." It's very, very stable, it's reliable once it is deployed. It's just there once it is deployed and there is nothing to worry about.
What do I think about the scalability of the solution?
F5 is also highly scalable. You can easily upgrade from one version to the next or even upgrade the machine. The hardware is scalable. We can and have easily upgraded a deployment either by turning on or applying a license. As for the machine, you can upgrade the physical hardware or you can use a virtual machine because they have a Virtual Machine Edition. The scalability is versatile and straightforward.
How are customer service and technical support?
I find the technical support to be top-notch. I rarely have to contact technical support. The only time I do is if I think I don't have time to do research on my own by taking the time to look things up by reading community posts. If I can just quickly contact technical support, sometimes it makes more sense. Whenever I have contacted technical support, they call back within the hour. It also depends on the severity of the issue that you're reporting. When you submit a ticket, you have severity level 1, 2, 3, 4. So, the response time depends but whatever the case is. But the technical support are always responsive. They call you and they stay with you till the situation is resolved.
There was only one case I reported that they did not resolve immediately. The engineer could not find a solution to the issue. They had to do something to actually change the OS. They have a special way to address this kind of problem. They call it the engineering hot seat. That engineering hot seat solution had to come out as an update in the next version. So, that's how professional and resourceful technical support is. They're fantastic.
How was the initial setup?
The product is easy to install. It's straightforward. In fact, the first time I deployed F5, it was my very first experience doing an installation of the product. It was my very first experience using F5 and I deployed it for an Enterprise customer and it was successful. That was my first time using it and it was successful. If you follow the guidelines that they give you, it says "do this, do that," and it is very very easy.
There have been applications that I have installed with terrible navigation. You can't move from point A to point B, C, and D. Or by the time you get to D you can't get back to A. F5 just works. It is easy to navigate and install.
What about the implementation team?
We deploy this product ourselves for clients, and as I mentioned it is easy to do even for the first time.
What's my experience with pricing, setup cost, and licensing?
The product is a little expensive but it is such a good solution and unified that the cost is worth the price.
Which other solutions did I evaluate?
We have evaluated and also recommend other solutions when the client does not have the budget to go with F5. For example, we used some Cisco solutions which are also expensive but they are not as versatile and easy to deploy and manage.
What other advice do I have?
I have not had any deployments that are exactly the same. For example, if I deployed everything as a solution for customer A and for customer B I do deployments with the same set of applications, and even then there are differences in the deployment. In all the experiences I have had, they have never been the same in my entire four-year experience installing the product. That shows how broad F5 is in its ability to manage situations and customize the experience for specific organizations.
It is usually the case that customers tell us what they want to achieve. They tell us what the need is in their network or in their infrastructure, or they tell us the solution that they expect as a result and then we make a recommendation. If we make the recommendation and they are impressed with the capabilities that the solution can achieve, then they go for it if they have the budget. If they do not have the budget or they don't like what we propose we can give them a different plan.
In most cases, our customers have taken the time and have done their research very well. They just say, "okay, we need this product or solution and I want this product deployed." In most cases, we don't even get to do a recommendation because they have done their research. They have come to a conclusion as to what product meets their needs whether it is because of the name or the advertising. In my opinion, it may not always be the best solution, but they are the client so we give them what they ask for.
The dashboard and the interface for F5 are fantastic. That is really something that is remarkable. It is unlike any other solutions that I've worked with. For example with Cisco, many of the things that you want to do you have to take care of on the command line. It is not very convenient. With F5 you find everything in the interface. There is hardly anything that you want to do with F5 that you can't do from the GUI.
In terms of analytic reporting, the product has very good detailed analytics that comes with the product that you can access on the dashboard. There is also analytics and analysis with visibility reporting. The module that is dedicated for that gives you a fine grain access into everything that you want to see and report on immediately. With everything I want to do for the client in F5, the GUI allows me and maybe this makes a big difference for me in the evaluation of the product because of its ease of use. The dashboard is fantastic and the GUI is excellent.
What I find most impressive about F5 is that, as long as you know what you want to do, as long as we know what you want to achieve, you find the solution there. Let me restrict this example to the LTM (local traffic manager). Let's say, for instance, you want to deploy your application and then there is a feature you want to add or you want to introduce some kind of logic you want to introduce that you cannot find in GUI or it doesn't even come packaged with the box. If you have an idea of what you want to do, you can program it in.
There is a feature you can use to introduce some programmability into the box. It really just comes down to you knowing what exactly you want to achieve. If it doesn't come already pre-programmed as part of the package, this feature will allow you to program it in yourself. There is hardly anything you would want to do that F5 cannot do for you.
On a scale from one to ten, where one is the worst and ten being the best, I would rate this product as a nine. The only reason I will not give them a ten is because of the cost. But based on functionality and ease of deployment, scalability, reliability, overall security and functionality, I give them nine.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a tech services company with 201-500 employees
Offers good IP geolocation, IP intelligence, and DDoS features and good scaling options
Pros and Cons
- "We use three main features. The first one is access control. The second feature we use is called IP intelligence. Finally, we have a DDoS safety feature."
- "Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now you will be allow IPs that you previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve."
What is our primary use case?
We use three main features. The first one is access control. Access control would mainly use the IP geolocation feature. This feature in AFM lets you limit access to some countries and allow other countries. Some countries can access your service while others cannot access it. This is one feature which is called IP geolocation.
The second feature we use is called IP intelligence. It's another feature of F5. It's like a straight feed for all blacklisted IP addresses in the world. They make categories for the blacklisted IP addresses, such as blacklists to a channel, blacklisted proxies, blacklisted malicious malware, and blacklisted spammers. If anyone of these IPs is trying to hurt your service, we are able to just block it with the AFM firewall, which is a separate license in essence. We utilize this license as well.
Finally, we have a DDoS safety feature. AFM provides protection for the network from a DDoS attack. We use this feature at times too. These are the only three features we utilize: IP geolocation, IP intelligence, and DDoS.
What needs improvement?
Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve.
I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.
For how long have I used the solution?
We've been using this solution for four years now.
What do I think about the stability of the solution?
I would say it's a good, stable solution. We haven't had a major issue with the AFM.
What do I think about the scalability of the solution?
They have many options to scale. They have a very stable, versatile FM, but we rely on the physical units. I can see that it's very scalable. Whatever you want to add, you can add to the same cluster.
How are customer service and technical support?
Sometimes technical support is good and sometimes they are bad, so I can evaluate them around 80%.
What other advice do I have?
It's a good solution only for a published service. If you are publishing services outside the company, it's very good for us, but the biggest lesson is that it cannot be applied internally to replace a data center firewall. Sometimes, a company will introduce F5 to the place as a data center firewall. It's not a replacement for the DC firewall. It cannot replace the data center firewall but can be added to the service.
I would rate this as eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Founder / Senior Security Architect at a tech services company with 1-10 employees
Stable and scalable with straightforward usability
Pros and Cons
- "The solution is very straightforward. The usability is great."
- "The pricing of the solution could be a little bit better."
What is our primary use case?
The solution is primarily used as a web application firewall.
What is most valuable?
The solution is very straightforward. The usability is great.
What needs improvement?
The pricing of the solution could be a little bit better.
For how long have I used the solution?
We've been selling the solution for five years now.
What do I think about the stability of the solution?
The solution is very stable. We haven't run into bugs, crashes or glitches. We find it reliable.
What do I think about the scalability of the solution?
The solution is very scalable. Companies should not face issues when they need to expand.
We have 20 enterprises using the solution currently. They are mostly banks.
How are customer service and technical support?
We've been in touch with technical support in the past and have been very satisfied so far with their level of support.
Which solution did I use previously and why did I switch?
We aren't currently offering any other solutions similar to F5.
How was the initial setup?
The initial setup is straightforward. We didn't run into complexities when setting it up.
What other advice do I have?
We are a reseller of F5. We're not a customer.
I'd advise companies considering implementing the solution to understand the architecture and the flow of the service before setting it up.
I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Technology Consultant / Cloud Security Architect at a tech services company with 11-50 employees
Good support, and the functionality for blocking IPs works well
Pros and Cons
- "The most valuable feature of this solution is that the blocking of IP's."
- "Currently, we have eighty F5s and we need some kind of management software. It would be very helpful."
What is our primary use case?
We are using this solution for protection and blocking IPs for our customers.
What is most valuable?
The most valuable feature of this solution is that the blocking of IPs.
F5 has many advantages.
What needs improvement?
Currently, we have eighty F5s and we need some kind of management software. It would be very helpful.
In the next release, I would like to have management and monitoring software included.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
It's very stable.
What do I think about the scalability of the solution?
It's not as easy to scale because you have to purchase new hardware to scale up.
How are customer service and technical support?
I am satisfied with technical support, they are fairly widespread.
How was the initial setup?
The initial setup was complex.
Some of the rules were not easy to do and it can take a fair amount of time to deploy.
What about the implementation team?
I am doing the maintenance of this solution.
What's my experience with pricing, setup cost, and licensing?
It's very expensive, and you pay extra for the models.
What other advice do I have?
I recommend this solution to others who are interested in using F5 Advanced Firewall.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Distributed Denial of Service (DDOS) ProtectionPopular Comparisons
Akamai App and API Protector
Radware DefensePro
Buyer's Guide
Download our free F5 BIG-IP Advanced Firewall Manager (AFM) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We are looking at managed DNS providers and want to know what others are using
- Prolexic vs. Arbor Networks: How do they compare?
- Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
- How does a WAF help to protect against DDoS attacks?
- DDoS solutions: Any other solutions to consider aside from Radware DefensePro and F5 Silverline DDoS Protection?
- Which is the best DDoS solution and why?
- What is the difference between denial of service and distributed denial of service?
- When evaluating DDoS Protection, what aspect do you think is the most important to look for?
- How does BGP routing help to mitigate DDoS attacks?
- How does a CDN protect against DDoS attacks?