Contracted IP Development Engineer at a media company with 10,001+ employees
Real User
2020-03-16T06:56:22Z
Mar 16, 2020
We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of. The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included. In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks.
Senior Security Engineer at a tech services company with 201-500 employees
Real User
2019-12-04T05:40:00Z
Dec 4, 2019
Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve. I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.
I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.
It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. The database is not simple. It's not easy to understand. We needed to protect the database but the solution doesn't offer certain features to do so. Customers have requested container features.
Computer & Network Security Professional at a financial services firm with 10,001+ employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network. Built on F5’s industry-leading BIG-IP hardware and software platforms, BIG-IP AFM provides a scalable platform that delivers the flexible performance and control needed to mitigate aggressive distributed denial-of-service (DDoS) and protocol attacks before they overwhelm and degrade applications and...
We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of. The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included. In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks.
The pricing of the solution could be a little bit better.
Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve. I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.
I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.
It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. The database is not simple. It's not easy to understand. We needed to protect the database but the solution doesn't offer certain features to do so. Customers have requested container features.
The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.