F5 BIG-IP Local Traffic Manager (LTM) Reviews

The anti-bot protection is very good. They are able to see bots from their system quite well. It has helped our customers to filter real traffic from fake and allows the real traffic to access the application. With the profile provided, you can block many new scans and scripts that are constantly generating traffic to their web service.

When you create an autofile, its profile takes a long time to generate the view in the VIP. That is probably due to the performance of the device, however, when you load a specific profile, the browser takes more than one minute to show the information. 

The web interface could be better.

The solution should allow for the creation of custom signatures. Right now, I see that can be a little bit complicated to create new or personal signatures in the VIP.

The way that policies are created should make it easier to maintain the solution. 

The product needs to implement some kind of artificial intelligence or machine learning that can start to generate fewer false positive requests. We tend to have a lot of false positives. The policy should be created in such a way as to help lower false positives.

There should be better reporting. Our customers ask us for reports quite often. It would be ideal if the solution itself was able to generate various types of reports for them instead. 

I've been working with the solution since 2014.

This year, we had a couple of issues. We found some bugs in version 15. They are very good, however, at finding the issue and generating a hotfix quickly so that we can apply the hotfix to the device. In the general, I would say that version 15 has been very stable overall.

Whether you can scale easily or not depends on the device and the sizing. For example, if you have an E 2000 or I 4000, you might have a lot of traffic and the device cannot handle it very well. Scalability with the performance was the one issue that affected us this year.

Most of the customers that we have are enterprises. They are banking and insurance customers. They're quite large, which is why we need the scalability that we do.

We always use technical support and the team helps us very well. They're able to effectively find and fix issues and they respond very quickly. We're quite satisfied with their level of service overall.

We also work with Palo Alto firewalls. I've worked with Check Point as well.

The initial setup is not too complex. It's pretty straightforward.

It's straightforward to create a new policy or a new postulate or a new deployment. It takes a couple of minutes to create a new deployment and it's rather easy to do so.

We're a reseller for Enterprise companies such as Banking and Retail.

I'd advise that if a customer wants to implement this product, that they find a partner they can have a strong relationship with. The partner needs to be able to effectively implement the product and train your staff on the proper usage. That is, of course, if the client wants to manage it themselves in the long run.

Overall, I would rate the solution eight out of ten. If they could improve their web interface, generate reports, and have all the configuration on a single page on the platform, I'd rank it a bit higher.

On-premises

Our primary use case is for ADC (Application Delivery Controller) and SSL VPN prospectively worked for the PoC.

This solution is very good and the product stability is excellent.

It has very good production for SMB protocol.

I found the most valuable feature to be the SSL VPN.

The license terms for "non-commercial" are challenging for us. 

Trial/evaluations only.

This product has helped us build robust solutions for what my company does.

We are fond of the load balancing feature for DNS and servers. Also, these can help you natting/hiding the real IP.

I have been working on the LTM and GTM lines. Both of the products are awesome. I would consider the Wide IP and ZoneRunner features of GTM extremely useful. 

For the overall product, I would say provisioning is a good feature. There are other modules, which are good and people might want to try, such as APM and ASM. They are used for firewall and SSL VPN.

The only area that has room for improvement would be pricing.

Other than that, the v11 clustering is a new technology they have brought in that does not require improvement. They are the leader in the space.

Three to five years.

We did not find any stability issues while working on it. 

Bugs are part of any solution and they are fixed with every release, as with any vendor.

I have not encountered any scalability issues.

Customer Service:

We used to work with support three years back and it was not that great then. Hopefully, the situation has now improved.

Technical Support:

We did not require much technical support, as the product has good documentation. However, the experience with support as compared to other vendors was not excellent, but usable.

Regarding load balancing, this was our first product.

If you do not understand the design of this product, initial setup is tricky. If you do understand it, initial setup is straightforward.

This was implemented by an in-house team.

With the new pricing model, ROI was low, hence we switched.

This product is costly from a licensing perspective considering its competitors. This is why it lost a rating point from me.

If your IT budget can support it, go for it.

Attend a training class before trying to deploy it, or at least refer to online videos on their portal, as this will make it fairly easy for you.

It is one of the best and easiest load balancing solutions. The product was designed to allow newbies to configure it, and it is properly documented.

LTM: Load balancing, SSL offloading, iRules, iApp,

LTM has been able to demonstrate an immediate return on investment, reducing the cost of server estate upgrades (both in terms of the numbers of required tin, reduced service impact through upgrades, server/website availability managed up to near 100% through redundancy management, improved human resource management (moving OOH work into daylight, reducing operational budget requirements)

LTM – the product is fine and all features that I have deployed have proven to be stable. TMOS release schedule is very dynamic. Major releases (9-10, 10-11) could have been made easier if configuration migration assistants had been more finessed prior to release.

4 years

No major issues with deployment. Care must be taken with infrastructure deploys – close engagement is required with Network Support and Firewall Support areas, but once the platforms are stable, module deployment is very simple. As per my previous comment, moving from release to release can be complicated by things like bigpipe command deprecation (or removal: thank you v11!!), especially if a large iRule base has been developed on the modules.

At the module level, no. They are not as stable as System Z, but they are not far off. Hardware can be a little more susceptible to failure at the component level.

None. Appliance based options (physical and virtual), blended with Viprion/vCMP mean that these solutions have been able to scale to support enterprise class ADC offerings.

Customer Service: First class. F5 have demonstrated a willingness to support us through all issues, from architecture, deployment BAU support and high incidents. I can’t recommend them and their product offering highly enoughTechnical Support: Again, first class. It can sometimes be challenging to find even support partners with the requisite knowledge of the most cutting edge features, but only because F5 seem to develop at such a blistering rate.

No. F5 was a virgin solution to a point problem and quickly grew to a central position in the management of our enterprise infrastructure and digital tier by demonstrating quickly a value contribution made to our live service offering.

Straightforward and complex. Infrastructure setup on the boxes themselves was straightforward, although challenges in working with Network/Firewall departments made the exercise slightly more interesting. Basic LTM configuration OOB is very easy. IRules demand considerably more time and attention to develop properly.

In house, and I would rate their level of expertise as of the very best, since it was myself and a single colleague that built the entire infrastructure.

Significant and immediate.

Full analysis of the ADC space was undertaken, evaluating all competitors in the GMQ. All were discounted because of the vast distance between technologies and their capabilities. F5 was the clear and only choice for us.

Look to Enterprise Architecture before striking a key. These boxes are multiply capable, so allowing development through capability can lead to hugely complex deployments. There is (almost) nothing these boxes can’t do, including providing “tactical” solutions to application issues. Left unconstrained by a robust Architecture model, these boxes WILL grow like topsy, and the complexity of the solutions demanded by any business hungry for rapid delivery will grow into a box of fixes that only SME-level network/security/F5 technicians can manage on even a day-to-day basis. Make sure that the Enterprise Architecture model is strong and well-defined, and stick to it like glue.

We are a reseller of F5, but we haven't had many projects that we've deployed with F5. In terms of use cases, it is used when clients have web servers, and they are hosting on their own infrastructure. When they have web applications that are publicly visible, they use F5 to balance that incoming traffic for their web servers.

The web application firewall feature is the most valuable and useful feature. It is a leading industry product when it comes to load balancing.

Its user interface is very simple. There isn't a steep learning curve. When we initiate someone to F5, they start using it quickly.

Its price can be better. It is a bit expensive.

I have been using this solution for the last five years.

It is very stable.

It is very scalable. 

I never had a case that required technical support.

It is very easy to set up. It is not a complicated product. The deployment duration depends on the architecture that you're deploying, but it usually doesn't take much time.

The number of people required for its deployment depends on the size of the deployment. For a very big deployment, you need less than three people. For a fairly normal or standard deployment, just one person would be fine.

It is a bit expensive product. Kemp Loadmaster is much cheaper than F5. 

Its licensing is on a yearly basis. It can be for one year or three years.

I would recommend this solution. It is a really good solution. It is fairly straightforward, and it does what it is meant to do.

I would rate F5 BIG-IP a nine out of ten. In terms of features, it is good, but its price can be better.

On-premises

We are a solution provider and we work with a lot of products from F5.

In our internal network, we use F5 BIG-IP. We also have a few implementations with this product, including some that are integrated with other solutions such as IBM Guardium. 

One of the great use cases is capturing an application user through F5 and then pushing it to Guardium. This is very useful for our customers because they can then connect to the database with a real application user, which is something that is very hard to achieve through other vendors.

The main reason that we suggest this product to our clients is the great integration with other security tools, such as IBM Guardium. 

This product is very user-friendly, which is good for customers who have an implementation done by a partner but want to handle administration in-house.

All of the functionality can be achieved from one console.

Even on Hyper-V or a VMware appliance, the performance is very good when you use it as a proxy or a web application.

The documentation is very good.

We have been working with F5 BIG-IP for between three and four years.

This is a stable product.

From our perspective, it is scalable.

We have all of the help and support that we need from the F5 office in this region.

Technical support from F5 is very good. As a partner, I have had a very good experience with them. They have shared knowledge with us and support us in our projects, which is definitely a big plus.

It is very easy to install, especially when doing so to VMware. For example, we have spent almost a day installing security tools by other vendors. For BIG-IP, we need only two or three hours to complete it.

For the complete deployment that includes implementation and configuration, it takes between 10 and 15 days. The length of time depends on the client's goals and requirements. For example, some just want to use it as a web application firewall, whereas others want to use more functionality. The more functionality there is, the more time it takes to complete.

Our in-house team implements and deploys this solution to our customers. 

You need two or three people, including a security manager who will configure all of the rules and policies.

The price should be reduced because it is expensive when compared to the competition. Alternatively, bundled packages should be offered. This is an issue that shows up for most of our customers.

In summary, this is a very good product and we are actively suggesting it to our customers. It is something that should be more present in our market, especially because of the functionality that it provides.

In the end, we get very good results from BIG-IP.

I would rate this solution a nine out of ten.

On-premises

We’re a systems integration company. We propose this solution mostly to our banking customers and large enterprise clients, so that they can load-balance their core banking applications and their main applications.

It also provides proxying, the client cannot directly access the server. BIG-IP is a proxy between the user and the server, so the client cannot make connections directly to servers. They land on F5 BIG-IP and then F5 creates connections on servers on behalf of clients.

We use the solution for smarter, safer, and reliable connectivity.

It has multi-tenancy features, like hardware clustering. It has software partitioning so that you can partition F5. For example, in my recent deployments, I deployed F5 in a bank where they had two load balancers. One was Cisco Ace and the other was Citrix Netscaler.

We created two instances, two vCMP Virtual Clustered Multiprocessing, two hardware partitions in F5, one for Ace and one for Citrix. We migrated all applications which were on Ace to the Ace partition, and we migrated all applications which were on Citrix to the Citrix partition. Further, we created the outgoing internet and software partitions, and it has application visibility, reporting functions.

It has so many features. First of all, it has a full proxy architecture, it has multiple modules. The best feature is the WAF, the web application firewall module. It also has cashing type capabilities. It has all kinds of load-balancing algorithms based on your IT requirements.

So the WAF and load balancing. Both are core features of BIG-IP.

In every environment, you have a Web application firewall, you have internet firewalls. Then, traffic comes into your datacenter so that you have datacenter firewalls. F5 has everything.

It provides first-tier firewalling, for you application. And it provides server load-balancing, it provides optimization, and it provides a proxy feature, where your users cannot directly access your server. It acts as a fully proxy architecture. It has client-side and server-side connections, both, and they're separate.

It also has an AVR feature: application, visibility, and recording. It's good for customers looking for what is actually happening in their network and where the latency is. If I'm using iDirect, the bank branch is connecting to my core banking application, but if the clients are finding that the application is slow, it has TCP  LAN and WAN optimization features. It has has caching.

The room for improvement is that the product is a little costly. I live in the Third World, Pakistan. We have budget constraints, even in big enterprise servers. My team said that this product is too costly, and why don't we go with another product, we should do a comparative analysis with Citrix and F5.

I told them that is costly, but it has rich features, the support is good, the features are reliable, and the technical assistance center, the tech support, is almost perfect.

Still, I would say they need to cut their prices for countries or regions that we live in.

The one gap I saw was that pure LBN integration is a little tricky. The insertion of F5 in LBN is a little tricky. They need to work on something, on products by which they can insert F5 in any sort of cloud environment. These are not really big things. 

They are continuously improving. They are improving day by day, and they are the number-one load balancer.

More than five years.

It is a stable product. It runs on TMOS, traffic management operating system. This is very stable. 

If they see that an upgrade required, they provide you the release and they provide you the release notes, so you can upgrade your TMOS version and at any time. You can also open a case and they can guide you on how to upgrade your TMOS version.

They also keep an eye on vulnerability. If there is a bug or any sort of vulnerability in their operating system, they will immediately release an update. So the product is so much more stable compared to any load balancers on the planet at the moment.

It has that scalability for adding more F5, N + 1. 

It's scalable, and it has more functions than a service. At the same time, this device can run access policy manager, it has Web application firewall, datacenter switching to DR sites. It has a modular approach actually. It gives you what you want.

They are very professional. They are highly skilled people.

It is neither simple nor complex. It all depends on what kind of situations you are in. My last deployment was a little bit complex but previous deployments were very simple.

We did hardware partitioning and software partitioning for a multi-tenancy concept, where every application owner has its own load balancing instance within F5. So it all depends on how you deploy a device and it depends on your planning.

If you want a simple deployment you can do so. You can create multiple virtual servers on F5 BIG-IP technology, and within multiple virtual servers you can have multiple nodes, where a node equals two application servers.

It can be deployed in a complex manner and it can be deployed in a very simple manner, it all depends on your choice. 

It has a rapid deployment feature to deploy Microsoft Exchange load balancing. It has automation. You can simply click on Microsoft Exchange 2016 Email Server. Tclick on it and tell F5 about server IPs, and it goes automatically. 

 24 x 7 always on applications without any down time. 

Brocade ADX.

F5 is the number-one application delivery controller, plus they are the number-one Web application firewall, together in the market right now. So what else do you want from them? Whenever we go and pitch this solution to our customers, we tell them that we are not selling you just a load balancer. We are selling you application delivery controllers, and Web application firewalls.

I give it 9.5 out of 10. It's a really costly product and smaller organizations cannot afford this solution, so it's hard to sell a plan. But once the customer has it, this product is a 10.

There are many use cases. It is mainly used for local traffic management. It can also be used as an advanced firewall for an application or as a VPN policy manager.

We have cloud, on-premise, and hybrid deployments.

Bandwidth optimization and capacity awareness of the bandwidth are valuable features. Its video streaming capabilities are also very useful.

The user experience for dashboards and reports can be improved. They should make dashboards and the reporting system easier for users. They need to add more reports to the dashboard. Currently, for complicated reports, I have to do the customization.

It should have more integration with network firewalls to be able to gather all the information required for traffic management.

We were their partners for five years, and since last year, we are officially their distributor.

It is really awesome. You can scale from one or two servers to hundreds of servers. They have all the modules that a customer needs. You can go for on-premise or cloud deployment. You can have whatever you need.

Our clients are medium and large businesses.

They have 24/7 support. You can open a ticket directly in F5, and there is no need to use another system.

They reply very fast. They usually get back within four hours, and sometimes, you get a response immediately. They have four-tier system support.

Its initial setup is straightforward. It is just like a wizard and not complex. It takes only a few seconds.

You can buy it on a yearly basis, or you can go for a subscription. For on-premise boxes, it is just the RMA.

I would rate F5 Traffic Management Operating System a nine out of ten.