F5 BIG-IP Advanced Firewall Manager (AFM) Reviews

F5 BIG-IP Advanced Firewall Manager's most valuable feature is load balance. It is readily available and uncomplicated. 

The product is expensive. 

F5 BIG-IP Advanced Firewall Manager is stable. 

The solution is scalable. 

The tool has a good support center in Saudi Arabia. 

You can expect ROi with the tool's use. 

I rate the product a ten out of ten. 

We primarily use the solution to protect and to divide cells. We are not using AFM as a standalone product. We are using AFM with the LTM module, as a module. The main purpose of F5 is to use it as an ADC application to deal with the console.

The DDoS is the solution's most valuable feature.

The support that the product offers is good. 

When you buy an F5 as an appliance, you are buying licenses as well. If you buy both LTM and AFM licenses, you can protect your servers in a one-off solution. You don't have to buy another firewall to protect your servers. It makes security really easy.

The decryption is great.

We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of.

The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included.

In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks. 

I've been using the solution for two years or so now.

The solution is pretty stable. If you do happen to find a bug, they will provide you with a patch to solve the issue. You can also go to their website where they will list all of the bugs that are associated with each version. They make it quite transparent.

The solution is scalable because it doesn't depend on hardware. If you run this product on a Viprion, it will be scalable, but not too much. If you run the same product with the same version in a standalone device or on a virtual system, you will use the power and scale of the associated device. It's scalable because you are able to use the same product in different hardware. If you buy a powerful server, and you can scale your F5 as a virtual system easily.

I don't really reach out to technical support, so I wouldn't be able to assess it.

The initial setup is very straightforward. It's not complex. It just takes a few steps and you are finished.

Deployment times vary according to the customer. It needs to be heavily configured. You need to look and you need to observe the behavior of the traffic before you can start configuring everything. It can take time.

In terms of deployment, a powerful deployment actually needs a minimum of two people and one of them needs to speak with the developers because the developers are protecting the source. They will help you to understand the requirements. After the assessment of the requirements, the users can deploy and test the solution.

Maintenence also varies by customer, however, once it is configured, unless you are adding extra servers or adjusting things, there doesn't need to be any maintenance. You can just leave it alone for the most part, so you will only need one person to check on it.

I help my clients deploy the product to their systems.

While some companies have now started to move these devices from on-premises to the cloud, most companies prefer not to do this due to security reasons.

I'd rate the solution eight out of ten. It's a good product, but it may not be the absolute best on the market. Companies should examine NGINX or Palo Alto or others and compare them to see what would work best for their organization.

I would recommend the solution.

It's great for protecting servers from attacks. With controllers plus the firewall, you will only need one device to protect everything.

I am using this solution to protect my web services.

It helps improve the security of my environment.

I find the signature base is very helpful to see traffic, to see the increase in web traffic.

The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.

You don't necessarily call for technical support that gets deployed like Cisco does. With this, you have to go and look for all the support separately for the deployment and stuff like that. It makes work a little tiring. Otherwise, support is fine. It's just a question of how they are going to help you on the deployment when something is broken.

The initial setup was straightforward. It's not too complex. We were very careful to not cause an outage. The implementation strategy was to keep it in transference mode to observe it for a while before we pushed it through to preventive mode.

I used a software team and had a little help from Google. We would have preferred to have support when we first started, instead of having to hire an engineer which charged us a little.

We didn't really evaluate other options. They were the top one at the time, so we decided to go for that.

There should be more qualified support, like training videos or how to install features. 

I would rate the solution 8 out of 10. If the user interface was more user-friendly, I'd rate it higher.

The product’s most valuable features are LTM and WAF.

F5 BIG-IP Advanced Firewall Manager's pricing and technical support services need improvement.

We have been using F5 BIG-IP Advanced Firewall Manager for four years.

It is a stable product.

The application is scalable.

The technical support services are complex in terms of direct communication compared to Fortinet. We only receive support easily for patch upgrades and configuration.

The product is easy to deploy. A basic configuration takes around two days to complete fine-tuning and policy setup. The deployment consists of two steps including deploying it in monitoring mode including observing traffic without blocking. The second step is to verify and observe traffic patterns and then switch to system mode to block malicious traffic. It being a continuous process, takes some more time for analysis.

The product is expensive compared to Fortinet, which has similar functionality. They offer one, three, and five-year license subscriptions.

I rate F5 BIG-IP Advanced Firewall Manager an eight out of ten from other users. It holds a challenger’s position in Gartner, closer to leader products. Its migration feature is complicated for on-premise versions compared to Palo Alto, Fortinet, etc.

I recommend the product to businesses with a considerable budget. I recommend Fortinet to other users.

We use three main features. The first one is access control. Access control would mainly use the IP geolocation feature. This feature in AFM lets you limit access to some countries and allow other countries. Some countries can access your service while others cannot access it. This is one feature which is called IP geolocation. 

The second feature we use is called IP intelligence. It's another feature of F5. It's like a straight feed for all blacklisted IP addresses in the world. They make categories for the blacklisted IP addresses, such as blacklists to a channel, blacklisted proxies, blacklisted malicious malware, and blacklisted spammers. If anyone of these IPs is trying to hurt your service, we are able to just block it with the AFM firewall, which is a separate license in essence. We utilize this license as well. 

Finally, we have a DDoS safety feature. AFM provides protection for the network from a DDoS attack. We use this feature at times too. These are the only three features we utilize: IP geolocation, IP intelligence, and DDoS.

Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve.

I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.

We've been using this solution for four years now.

I would say it's a good, stable solution. We haven't had a major issue with the AFM.

They have many options to scale. They have a very stable, versatile FM, but we rely on the physical units. I can see that it's very scalable. Whatever you want to add, you can add to the same cluster.

Sometimes technical support is good and sometimes they are bad, so I can evaluate them around 80%.

It's a good solution only for a published service. If you are publishing services outside the company, it's very good for us, but the biggest lesson is that it cannot be applied internally to replace a data center firewall. Sometimes, a company will introduce F5 to the place as a data center firewall. It's not a replacement for the DC firewall. It cannot replace the data center firewall but can be added to the service.

I would rate this as eight out of ten.

The solution is primarily used as a web application firewall.

The solution is very straightforward. The usability is great.

The pricing of the solution could be a little bit better.

We've been selling the solution for five years now.

The solution is very stable. We haven't run into bugs, crashes or glitches. We find it reliable.

The solution is very scalable. Companies should not face issues when they need to expand. 

We have 20 enterprises using the solution currently. They are mostly banks.

We've been in touch with technical support in the past and have been very satisfied so far with their level of support.

We aren't currently offering any other solutions similar to F5.

The initial setup is straightforward. We didn't run into complexities when setting it up.

We are a reseller of F5. We're not a customer.

I'd advise companies considering implementing the solution to understand the architecture and the flow of the service before setting it up.

I'd rate the solution nine out of ten.

We are using this solution for protection and blocking IPs for our customers.

The most valuable feature of this solution is that the blocking of IPs.

F5 has many advantages.

Currently, we have eighty F5s and we need some kind of management software. It would be very helpful. 

In the next release, I would like to have management and monitoring software included.

I have been using this solution for three years.

It's very stable.

It's not as easy to scale because you have to purchase new hardware to scale up.

I am satisfied with technical support, they are fairly widespread.

The initial setup was complex.

Some of the rules were not easy to do and it can take a fair amount of time to deploy.

I am doing the maintenance of this solution.

It's very expensive, and you pay extra for the models.

I recommend this solution to others who are interested in using F5 Advanced Firewall.

I would rate this solution a ten out of ten.