F5 BIG-IP Local Traffic Manager (LTM) Reviews

All of our web servers are load-balanced by F5.

The iRule feature is very useful for inspecting HTTP. Sometimes, we use it for modifying the headers of the HTTP.

F5 has another solution to load balance servers on the cloud, which they got after the purchase of NGINX. It is deployed as Kubernetes or something like that, but the problem now is that they have two solutions for two situations. They should make F5 deployable on the cloud.

Recently, we were investigating offloading SSL as version TLS 1.3. I am not sure if we were able to do that or not.

I have been using this solution for more than 15 years.

It is very stable.

They have a host where you can increase the CPUs dedicated for load balancing. You can mount a cluster to escalate, but in order to escalate, you need to virtualize the solution. Otherwise, you need to change the device and load something bigger.

I contacted them in the past. They provide good support.

I have used a Cisco solution in the past, but they discontinued the solution or the hardware. F5 is much better.

It is very easy. It depends a bit on what you want, but in one day or two days, you can have F5 load balancing on backend servers. It is very easy.

I would recommend others to choose a virtualized solution. I would rate this solution an eight out of 10.

On-premises

We are using it for web application firewall and load balancing features. We have its latest version.

It is stable.

Its scalability and deployment should be better. It should be more scalable, and it should be easier to deploy.

I have been using this solution for a couple of months.

It is stable.

It is not scalable. We have about 2,000 users in our organization.

I don't have any experience with their technical support.

We didn't use any other product.

It is neither easy nor complex. It needs experience. Fortinet is easier to deploy than this.

I did it myself. We have an IT team of 60 people.

I would recommend this solution. We plan to keep using it. 

I would rate F5 BIG-IP an eight out of ten.

On-premises

The anti-bot protection is very good. They are able to see bots from their system quite well. It has helped our customers to filter real traffic from fake and allows the real traffic to access the application. With the profile provided, you can block many new scans and scripts that are constantly generating traffic to their web service.

When you create an autofile, its profile takes a long time to generate the view in the VIP. That is probably due to the performance of the device, however, when you load a specific profile, the browser takes more than one minute to show the information. 

The web interface could be better.

The solution should allow for the creation of custom signatures. Right now, I see that can be a little bit complicated to create new or personal signatures in the VIP.

The way that policies are created should make it easier to maintain the solution. 

The product needs to implement some kind of artificial intelligence or machine learning that can start to generate fewer false positive requests. We tend to have a lot of false positives. The policy should be created in such a way as to help lower false positives.

There should be better reporting. Our customers ask us for reports quite often. It would be ideal if the solution itself was able to generate various types of reports for them instead. 

I've been working with the solution since 2014.

This year, we had a couple of issues. We found some bugs in version 15. They are very good, however, at finding the issue and generating a hotfix quickly so that we can apply the hotfix to the device. In the general, I would say that version 15 has been very stable overall.

Whether you can scale easily or not depends on the device and the sizing. For example, if you have an E 2000 or I 4000, you might have a lot of traffic and the device cannot handle it very well. Scalability with the performance was the one issue that affected us this year.

Most of the customers that we have are enterprises. They are banking and insurance customers. They're quite large, which is why we need the scalability that we do.

We always use technical support and the team helps us very well. They're able to effectively find and fix issues and they respond very quickly. We're quite satisfied with their level of service overall.

We also work with Palo Alto firewalls. I've worked with Check Point as well.

The initial setup is not too complex. It's pretty straightforward.

It's straightforward to create a new policy or a new postulate or a new deployment. It takes a couple of minutes to create a new deployment and it's rather easy to do so.

We're a reseller for Enterprise companies such as Banking and Retail.

I'd advise that if a customer wants to implement this product, that they find a partner they can have a strong relationship with. The partner needs to be able to effectively implement the product and train your staff on the proper usage. That is, of course, if the client wants to manage it themselves in the long run.

Overall, I would rate the solution eight out of ten. If they could improve their web interface, generate reports, and have all the configuration on a single page on the platform, I'd rank it a bit higher.

On-premises

Our primary use case is for ADC (Application Delivery Controller) and SSL VPN prospectively worked for the PoC.

This solution is very good and the product stability is excellent.

It has very good production for SMB protocol.

I found the most valuable feature to be the SSL VPN.

The license terms for "non-commercial" are challenging for us. 

Trial/evaluations only.

This product has helped us build robust solutions for what my company does.

We are fond of the load balancing feature for DNS and servers. Also, these can help you natting/hiding the real IP.

I have been working on the LTM and GTM lines. Both of the products are awesome. I would consider the Wide IP and ZoneRunner features of GTM extremely useful. 

For the overall product, I would say provisioning is a good feature. There are other modules, which are good and people might want to try, such as APM and ASM. They are used for firewall and SSL VPN.

The only area that has room for improvement would be pricing.

Other than that, the v11 clustering is a new technology they have brought in that does not require improvement. They are the leader in the space.

Three to five years.

We did not find any stability issues while working on it. 

Bugs are part of any solution and they are fixed with every release, as with any vendor.

I have not encountered any scalability issues.

Customer Service:

We used to work with support three years back and it was not that great then. Hopefully, the situation has now improved.

Technical Support:

We did not require much technical support, as the product has good documentation. However, the experience with support as compared to other vendors was not excellent, but usable.

Regarding load balancing, this was our first product.

If you do not understand the design of this product, initial setup is tricky. If you do understand it, initial setup is straightforward.

This was implemented by an in-house team.

With the new pricing model, ROI was low, hence we switched.

This product is costly from a licensing perspective considering its competitors. This is why it lost a rating point from me.

If your IT budget can support it, go for it.

Attend a training class before trying to deploy it, or at least refer to online videos on their portal, as this will make it fairly easy for you.

It is one of the best and easiest load balancing solutions. The product was designed to allow newbies to configure it, and it is properly documented.

LTM: Load balancing, SSL offloading, iRules, iApp,

LTM has been able to demonstrate an immediate return on investment, reducing the cost of server estate upgrades (both in terms of the numbers of required tin, reduced service impact through upgrades, server/website availability managed up to near 100% through redundancy management, improved human resource management (moving OOH work into daylight, reducing operational budget requirements)

LTM – the product is fine and all features that I have deployed have proven to be stable. TMOS release schedule is very dynamic. Major releases (9-10, 10-11) could have been made easier if configuration migration assistants had been more finessed prior to release.

4 years

No major issues with deployment. Care must be taken with infrastructure deploys – close engagement is required with Network Support and Firewall Support areas, but once the platforms are stable, module deployment is very simple. As per my previous comment, moving from release to release can be complicated by things like bigpipe command deprecation (or removal: thank you v11!!), especially if a large iRule base has been developed on the modules.

At the module level, no. They are not as stable as System Z, but they are not far off. Hardware can be a little more susceptible to failure at the component level.

None. Appliance based options (physical and virtual), blended with Viprion/vCMP mean that these solutions have been able to scale to support enterprise class ADC offerings.

Customer Service: First class. F5 have demonstrated a willingness to support us through all issues, from architecture, deployment BAU support and high incidents. I can’t recommend them and their product offering highly enoughTechnical Support: Again, first class. It can sometimes be challenging to find even support partners with the requisite knowledge of the most cutting edge features, but only because F5 seem to develop at such a blistering rate.

No. F5 was a virgin solution to a point problem and quickly grew to a central position in the management of our enterprise infrastructure and digital tier by demonstrating quickly a value contribution made to our live service offering.

Straightforward and complex. Infrastructure setup on the boxes themselves was straightforward, although challenges in working with Network/Firewall departments made the exercise slightly more interesting. Basic LTM configuration OOB is very easy. IRules demand considerably more time and attention to develop properly.

In house, and I would rate their level of expertise as of the very best, since it was myself and a single colleague that built the entire infrastructure.

Significant and immediate.

Full analysis of the ADC space was undertaken, evaluating all competitors in the GMQ. All were discounted because of the vast distance between technologies and their capabilities. F5 was the clear and only choice for us.

Look to Enterprise Architecture before striking a key. These boxes are multiply capable, so allowing development through capability can lead to hugely complex deployments. There is (almost) nothing these boxes can’t do, including providing “tactical” solutions to application issues. Left unconstrained by a robust Architecture model, these boxes WILL grow like topsy, and the complexity of the solutions demanded by any business hungry for rapid delivery will grow into a box of fixes that only SME-level network/security/F5 technicians can manage on even a day-to-day basis. Make sure that the Enterprise Architecture model is strong and well-defined, and stick to it like glue.

We are a reseller of F5, but we haven't had many projects that we've deployed with F5. In terms of use cases, it is used when clients have web servers, and they are hosting on their own infrastructure. When they have web applications that are publicly visible, they use F5 to balance that incoming traffic for their web servers.

The web application firewall feature is the most valuable and useful feature. It is a leading industry product when it comes to load balancing.

Its user interface is very simple. There isn't a steep learning curve. When we initiate someone to F5, they start using it quickly.

Its price can be better. It is a bit expensive.

I have been using this solution for the last five years.

It is very stable.

It is very scalable. 

I never had a case that required technical support.

It is very easy to set up. It is not a complicated product. The deployment duration depends on the architecture that you're deploying, but it usually doesn't take much time.

The number of people required for its deployment depends on the size of the deployment. For a very big deployment, you need less than three people. For a fairly normal or standard deployment, just one person would be fine.

It is a bit expensive product. Kemp Loadmaster is much cheaper than F5. 

Its licensing is on a yearly basis. It can be for one year or three years.

I would recommend this solution. It is a really good solution. It is fairly straightforward, and it does what it is meant to do.

I would rate F5 BIG-IP a nine out of ten. In terms of features, it is good, but its price can be better.

On-premises

We are a solution provider and we work with a lot of products from F5.

In our internal network, we use F5 BIG-IP. We also have a few implementations with this product, including some that are integrated with other solutions such as IBM Guardium. 

One of the great use cases is capturing an application user through F5 and then pushing it to Guardium. This is very useful for our customers because they can then connect to the database with a real application user, which is something that is very hard to achieve through other vendors.

The main reason that we suggest this product to our clients is the great integration with other security tools, such as IBM Guardium. 

This product is very user-friendly, which is good for customers who have an implementation done by a partner but want to handle administration in-house.

All of the functionality can be achieved from one console.

Even on Hyper-V or a VMware appliance, the performance is very good when you use it as a proxy or a web application.

The documentation is very good.

We have been working with F5 BIG-IP for between three and four years.

This is a stable product.

From our perspective, it is scalable.

We have all of the help and support that we need from the F5 office in this region.

Technical support from F5 is very good. As a partner, I have had a very good experience with them. They have shared knowledge with us and support us in our projects, which is definitely a big plus.

It is very easy to install, especially when doing so to VMware. For example, we have spent almost a day installing security tools by other vendors. For BIG-IP, we need only two or three hours to complete it.

For the complete deployment that includes implementation and configuration, it takes between 10 and 15 days. The length of time depends on the client's goals and requirements. For example, some just want to use it as a web application firewall, whereas others want to use more functionality. The more functionality there is, the more time it takes to complete.

Our in-house team implements and deploys this solution to our customers. 

You need two or three people, including a security manager who will configure all of the rules and policies.

The price should be reduced because it is expensive when compared to the competition. Alternatively, bundled packages should be offered. This is an issue that shows up for most of our customers.

In summary, this is a very good product and we are actively suggesting it to our customers. It is something that should be more present in our market, especially because of the functionality that it provides.

In the end, we get very good results from BIG-IP.

I would rate this solution a nine out of ten.

On-premises