We are using NGINX App Protect as a web portal and we are planning to use it as an API gateway.
Chief Technology Officer at a tech company with 11-50 employees
Beneficial open-source environment, simple implementation, and reliable
Pros and Cons
- "The most valuable feature of NGINX App Protect is its open source."
- "NGINX App Protect could improve security."
What is our primary use case?
What is most valuable?
The most valuable feature of NGINX App Protect is its open source.
What needs improvement?
NGINX App Protect could improve security.
For how long have I used the solution?
I have been using NGINX App Protect for approximately five years.
Buyer's Guide
NGINX App Protect
October 2024
Learn what your peers think about NGINX App Protect. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
NGINX App Protect is stable.
What do I think about the scalability of the solution?
The scalability of NGINX App Protect is good.
Everyone in my company that uses this solution are developers. We have a total of 150 concurrent users.
How are customer service and support?
The support from NGINX App Protect is too expensive. We did not end up receiving support because of the cost.
How was the initial setup?
The initial setup of NGINX App Protect is easy. It took us a couple of days maximum.
What about the implementation team?
NGINX App Protect is low maintenance and we did the implementation in-house with a couple of people.
What was our ROI?
We have seen a return on investment using NGINX App Protect.
What's my experience with pricing, setup cost, and licensing?
The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner.
What other advice do I have?
I rate NGINX App Protect an eight out of ten.
No solution is perfect, there is always room for improvement.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head Of Information Security at a financial services firm with 501-1,000 employees
Perfect protection against all application attacks
Pros and Cons
- "The policies are flexible based on the technologies you use."
- "The dashboard could provide a more comprehensive view of the status of the connections."
What is our primary use case?
We use this solution for protecting published services including website applications, mobile applications, and web applications.
What is most valuable?
The policies are flexible based on the technologies you use.
What needs improvement?
The dashboard could provide a more comprehensive view of the status of the connections.
For how long have I used the solution?
I have been using the solution for the past two years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable with many licensing options according to client requirements. We have about 800 employees who use NGINX App protect.
How are customer service and support?
Customer support is helpful, and they respond fast.
How was the initial setup?
Initial setup was easy. For the implementation, it takes no time, but it takes some time to learn, understand the traffic, and to build the policies according to the traffic of the applications already implemented.
We have two employees for maintenance.
What about the implementation team?
We had a partner implement the solution and they were able to do so easily.
What's my experience with pricing, setup cost, and licensing?
There are no additional fees.
What other advice do I have?
This solution provides perfect protection for the published services against all application attacks.
I would rate this a 9 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
NGINX App Protect
October 2024
Learn what your peers think about NGINX App Protect. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Senior Network and Security Specialist at a tech services company with 51-200 employees
Reasonably priced and responsive support, but scalability could be improved
Pros and Cons
- "NGINX App Protect has complete control over the HTTP session."
- "Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
What is our primary use case?
I work with containers. I do the architecting, but there are times when I also do the implementation. So I'm familiar with the products, particularly NGINX.
NGINX App Protect is used in Kubernetes and OpenShift environments.
What is most valuable?
NGINX App Protect has complete control over the HTTP session. I can experiment with whatever I want. I can start with URLs and cookies. I can work with parameters and everything that I need. I can work with signatures also. I can inspect the traffic whenever I want.
What needs improvement?
As I see it now, there are some things to improve, but the F5's WAF is, more enhanced when compared to NGINX's. However, they have done a good job adapting it.
It should be automated in some way.
Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment.
It would be good if some kind of automation was included.
For how long have I used the solution?
I have worked with NGINX App Protect for at least three or four years.
What do I think about the stability of the solution?
NGINX App Protect is a stable product. Because it's an additional module, we use it in conjunction with the Ingress Controller, but it can also be run anywhere, as a VM or whatever you need.
They did an excellent job porting the VSM code to NGINX.
What do I think about the scalability of the solution?
NGINX App Protect is scalable, but, handling the configuration is still time-consuming. It doesn't have a centralized option. They have the NGINX controller and some APIs to do it, but it isn't fully scalable in my opinion.
How are customer service and support?
I've known them for a long time because I began working with F5 more than ten years ago. Even though my primary experience is with F5, and I don't have many tickets open in NGINX in general, the service is quick. But, in my opinion, it's pretty solid.
Which solution did I use previously and why did I switch?
I began with F5 products such as ASM. It performs the functions of the various firewalls. When NGINX was acquired by F5, they adapted the module for NGINX, which was dubbed App Protect. When this became public, I began to work with NGINX in this case as well.
How was the initial setup?
The implementation process is not simple. If you have more than one, the policy must be created from scratch in YAML files, which is not automated and takes time.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable because NGINX operates on an instance basis. There are differences. There is some leeway in how much the instance can cost, depending on the customer and other actions, but it's reasonable in my opinion.
Which other solutions did I evaluate?
I work as a consultant for a company and am currently evaluating some products.
What other advice do I have?
We are a partner with F5. I am currently evaluating Prisma Cloud because they have a WAF option on Palo Alto and I'm looking into it. But, aside from Prisma, I've never seen the WAF. So I'm attempting to make some comparisons in order to learn the Prisma side and see how it works with NGINX. I downloaded a document to get a head start on it and to form an idea for now.
I would rate NGINX App Protect a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Product Manager - Technical at a tech services company with 5,001-10,000 employees
WAF is very good at tracking mitigation, inclusion, prevention, and the parametric firewall
Pros and Cons
- "WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."
- "It's challenging if you need to go for a high throughput."
What is our primary use case?
I'm carrying out some research work on NGINX because I am in academia. All my use cases relate to scaling from private to public cloud and vice versa. The other use case is for our perimeter security for cloud-based EDCs. We are customers of NGINX and I'm a technical product manager.
How has it helped my organization?
The solution has helped us greatly during this Covid period. When everything went remote, we had to scale up some applications and provide remote access to our users. It meant that we needed more security for our applications, the EDCs, and that's when we made use of the WAF module from NGINX to ensure the applications are secure.
What is most valuable?
The WAF itself was a feature that I found very useful to track mitigation, inclusion, prevention, and the parametric firewall.
What needs improvement?
The solution does well when there's low throughput but when we go for any high throughput, it's always a challenge. I'm expecting the next version to have a better high throughput. I also find that the bug fix rate is pretty slow.
I would like to see some more tools and to have some more automation capabilities in the next release, because right now the exposure of the API in NGINX is pretty limited. So I would like to see more of that as well as robustness in the scaling of the solution.
For how long have I used the solution?
I've been using this solution for six months.
What do I think about the stability of the solution?
This is a stable solution.
What do I think about the scalability of the solution?
Scalability can be a bit of a challenge because there are some use cases that are not tackled. Our Dev Ops, IT staff and support service all use this solution. Let's say about 100 people at any given time. We have two staff responsible for support, they are IT support admins. We use the solution on a daily basis.
Which solution did I use previously and why did I switch?
I previously used the HAProxy. We switched to NGINX because it is more advanced. And then after the F5 networks bought them, their product portfolio increased and that was another reason for us to shift.
How was the initial setup?
The initial setup was straightforward but I am well versed in this implementation. If I was a novice, it would be difficult. We have pretty much automated all our deployments, and then we schedule a downtime for our apps and deploy the patches or the new versions through automation so it'll take a lot less time.
What was our ROI?
We have seen a good ROI. Because of the Covid virus, we were able to see it immediately. When everyone went remote, we were scrambling to see how we could deploy and secure the apps and this came in at the right time.
What's my experience with pricing, setup cost, and licensing?
Our licensing costs are about $40,000 a year. We pay on an annual basis. We just have our operating costs on top of that.
What other advice do I have?
I would recommend getting your deployments before you jump into buying or trying out this solution. Have a clear road map for your deployments and your future solutions. The solution has a rich feature set but on the down side is the issue with the high throughputs.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Tech Lead Security at a comms service provider with 51-200 employees
Reliable, scalable, and simple installation
Pros and Cons
- "NGINX App Protect is stable."
- "The integration of NGINX App Protect could improve."
What is our primary use case?
We used NGINX App Protect for our externally-facing web applications to secure them using the WAF.
What needs improvement?
The integration of NGINX App Protect could improve.
For how long have I used the solution?
I have been using NGINX App Protect for approximately two years.
What do I think about the stability of the solution?
NGINX App Protect is stable.
What do I think about the scalability of the solution?
The scalability of NGINX App Protect is good.
We have two people using this solution in my company.
How are customer service and support?
I have not contacted support.
How was the initial setup?
The initial setup of NGINX App Protect is simple.
What about the implementation team?
We have two people that are doing the support for NGINX App Protect which included the deployment.
What's my experience with pricing, setup cost, and licensing?
There is a license needed to use NGINX App Protect.
What other advice do I have?
The solution is very good overall.
I rate NGINX App Protect an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Platform Engineer at a tech vendor with 51-200 employees
We use it together with AWS, to manage load balancing, topic migration and AV testing.
Pros and Cons
- "It is a very good tool for load balancing."
What is our primary use case?
We generally use NGINX with a combination of docker downstream so we have a container running which exposes multiple boards. And in terms on which we are running NGINX directory maps into the ports. So there is a major use case and sometimes we use it for security headers forwarding.
How has it helped my organization?
We use it together with AWS, to manage load balancing, topic migration and AV testing.
What is most valuable?
We use NGINX for security headers, and as a proxy. It is also a very good tool for load balancing.
What needs improvement?
The contributions I think sometimes take a toll on you like you're going to spend a lot of time on the right contributions. So as a product it is good, but from the development standpoint but if you think about somebody who's not from development background, this won't work. It's not up to speed if you really realize. So the set up process, it's good from a development standpoint. The development was easy to set up because they know that their understanding of the machine that they are going to set it up and take care of everything else.
For how long have I used the solution?
One to three years.
How is customer service and technical support?
I have never used techical support.
How was the initial setup?
Yes, it was pretty easy as far as I remember. So this company, everything was previously set up and we had all the predefined user scripts so even though we had come to set it up from scratch.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free NGINX App Protect Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Cloudflare
Prisma Cloud by Palo Alto Networks
Checkmarx One
Microsoft Azure Application Gateway
Azure Front Door
AWS WAF
F5 Advanced WAF
Fortinet FortiWeb
NetScaler
CrowdStrike Falcon Cloud Security
Aqua Cloud Security Platform
Imperva Web Application Firewall
Cloudflare Web Application Firewall
Imperva DDoS
Akamai App and API Protector
Buyer's Guide
Download our free NGINX App Protect Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?
- When evaluating Web Application Security, what aspect do you think is the most important to look for?