If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.
Director Comercial at Ngeek Consulting "Suigeneris Tech"
Reseller
Top 10
2023-12-12T20:41:27Z
Dec 12, 2023
There is room for improvement in Advanced Firewall Manager's dashboard statistics, especially during attacks. Enhancements in graphical representation and more detailed reports would be beneficial for a more comprehensive understanding of the security landscape.
Learn what your peers think about F5 BIG-IP Advanced Firewall Manager (AFM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
F5 BIG-IP AFM can improve the reporting interface in relation to advanced troubleshooting depending on CLI. They should have enhanced troubleshooting with the use of GUI. In an upcoming release, F5 BIG-IP AFM should add more free online applications, tutorials, and guides for total enhancements.
The solution doesn't really meet our requirements for an edge firewall. It meets the requirements for a data center and that is the intended use of the base product.
We seem to have confusing logic from the solution itself. This needs to be addressed. For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way. Technical support could be better.
There should be simplified and better integration with BIG-IQ. There should also be a more modular approach. I believe they are working on it, and it is just a matter of deployment.
Head: Cyber and Information Research Centre at Council for Scientific and Industrial Research
Real User
2022-05-08T05:57:54Z
May 8, 2022
The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM). In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.
Technology Consultant / Cloud Security Architect at a tech services company with 11-50 employees
Consultant
2020-11-01T09:38:09Z
Nov 1, 2020
Currently, we have eighty F5s and we need some kind of management software. It would be very helpful. In the next release, I would like to have management and monitoring software included.
Contracted IP Development Engineer at a media company with 10,001+ employees
Real User
2020-03-16T06:56:22Z
Mar 16, 2020
We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of. The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included. In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks.
Senior Security Engineer at a tech services company with 201-500 employees
Real User
2019-12-04T05:40:00Z
Dec 4, 2019
Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve. I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.
I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.
It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. The database is not simple. It's not easy to understand. We needed to protect the database but the solution doesn't offer certain features to do so. Customers have requested container features.
Computer & Network Security Professional at a financial services firm with 10,001+ employees
Real User
2019-06-26T05:25:00Z
Jun 26, 2019
The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.
F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network. Built on F5’s industry-leading BIG-IP hardware and software platforms, BIG-IP AFM provides a scalable platform that delivers the flexible performance and control needed to mitigate aggressive distributed denial-of-service (DDoS) and protocol attacks before they overwhelm and degrade applications and...
NGINX, which F5 purchased, has room for improvement in its features, particularly its load balancing or application load balancing features.
If you're looking for a plain vanilla firewall or IPS, then this is a good tool. If you compare it with the next-generation firewalls, then definitely this tool is not comparable. The next generation tools are user centric and application centric at the same time.
There is room for improvement in Advanced Firewall Manager's dashboard statistics, especially during attacks. Enhancements in graphical representation and more detailed reports would be beneficial for a more comprehensive understanding of the security landscape.
The product is expensive.
F5 BIG-IP Advanced Firewall Manager's pricing and technical support services need improvement.
The solution's UI could be improved. The solution takes a high CPU computing power.
F5 BIG-IP AFM can improve the reporting interface in relation to advanced troubleshooting depending on CLI. They should have enhanced troubleshooting with the use of GUI. In an upcoming release, F5 BIG-IP AFM should add more free online applications, tutorials, and guides for total enhancements.
The solution doesn't really meet our requirements for an edge firewall. It meets the requirements for a data center and that is the intended use of the base product.
We seem to have confusing logic from the solution itself. This needs to be addressed. For configuring the firewall, every single vendor on the planet has pretty much the same logic when it comes to firewalls, and F5 has a completely different approach and completely different behavior. When you first encounter the AFM, it can be really complicated to understand and find a way how to achieve the desired configuration. It's not logical. It's completely different than any other solution. In the end, it gives you similar results - just in a much more complicated way. Technical support could be better.
There should be simplified and better integration with BIG-IQ. There should also be a more modular approach. I believe they are working on it, and it is just a matter of deployment.
The web gateway feature could improve in F5 BIG-IP Advanced Firewall Manager (AFM). In the next release, the automation and AI aspect are very important nowadays, particularly from the incident point of view. I know they've added automation and AI in the recent update, but it could improve. The solution comes with devices and is more device-based, but it could be beneficial to have a software-defined load balancer. If there were less hardware it would save on costs.
Currently, we have eighty F5s and we need some kind of management software. It would be very helpful. In the next release, I would like to have management and monitoring software included.
We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of. The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included. In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks.
The pricing of the solution could be a little bit better.
Firstly, geolocation currently relies on manual updates. It has to move to automatic updates. There are no automatic updates for this feature. If some IPs, countries, or service providers move to another country, now we will allow IPs that were previously denied. This is because you depend on the database, which doesn't update automatically. This is really a very important area that they need to improve. I also want to see something like application inspection. If they can add application inspection like a DC firewall, it would be a good added feature for them.
I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.
It used to not be simple to use because the GUI was complex. The GUI has evolved and is better now. The database is not simple. It's not easy to understand. We needed to protect the database but the solution doesn't offer certain features to do so. Customers have requested container features.
The interface for applying the features could use improvement. There are too many buttons. For the buttons, you don't get a clear description. With the interface, you don't get a clear idea of what you are doing. This affects what is enabled and what is disabled. So if there is a little help, maybe some descriptions on them, it would be better. At least you wouldn't need to go to use Google before you find a particular feature to enable.