F5 Advanced Firewall Manager Review

Enables us to configure the product to the client's exact needs with unprecedented flexibility


What is our primary use case?

I use F5 AFM (Advanced Firewall Manager) for several solutions including firewall, load balancing, and security.

How has it helped my organization?

The F5 product has one thing that is remarkable. I do not have any two deployments for customers that are exactly the same. There are so many opportunities to configure the product to the client's exact needs that it offers unprecedented flexibility.

What is most valuable?

I would have to say that F5 excels in all aspects of network protection. There are five modules and I have yet to use them all. I use the LTM that's Local Traffic Manager, then I've worked with APM or Access Policy Manager, and I've worked with AFM which is Advanced Firewall Manager.

 If I were a CPO of an organization, I would just get F5 in my infrastructure to perform all the network security activities. I could just do that if I have the budget rather than bringing in separate solutions like Barracuda from one vendor and then bringing one other solution from another vendor. This is a unified solution that is already integrated and optimizes performance.

F5 will do load balancing, security, act as the firewall and F5 excels in executing all of them. How it gets deployed depends on the customer and on what particular features the customers want. From a deployment perspective, F5 is excellent in all of them.

What needs improvement?

I've had a very impressive four-year experience deploying F5, so it is difficult to pinpoint one weakness in the solution. On the other hand, honestly in all of the deployments I have done with F5, there has not been one customer that has used up to 40% capacity of what the modules can provide. That's a case of underutilization. If anything, the product is already more powerful than any client I know has needed. It would be difficult for them to improve in this particular area.

For how long have I used the solution?

We have been using the solution for more than four years.

What do I think about the stability of the solution?

I can vouch for the stability of F5. The product has been around for a while now. In fact, there is a particular claim that they use in their marketing and we have experienced. We have had some customers where we find that in the environment they have very old, end of life cycle, machines that are still running their F5 instance. 

Even though the product is 'end of life' F5 company is very committed to supporting it. So the improvements keep coming out. It is technically not 'end of life' because they still support it. We have not had any customer that complained that "Oh they are billing me for the F5 system because of one upgrade." It's very, very stable, it's reliable once it is deployed. It's just there once it is deployed and there is nothing to worry about.

What do I think about the scalability of the solution?

F5 is also highly scalable. You can easily upgrade from one version to the next or even upgrade the machine. The hardware is scalable. We can and have easily upgraded a deployment either by turning on or applying a license. As for the machine, you can upgrade the physical hardware or you can use a virtual machine because they have a Virtual Machine Edition. The scalability is versatile and straightforward.

How are customer service and technical support?

I find the technical support to be top-notch. I rarely have to contact technical support. The only time I do is if I think I don't have time to do research on my own by taking the time to look things up by reading community posts. If I can just quickly contact technical support, sometimes it makes more sense. Whenever I have contacted technical support, they call back within the hour. It also depends on the severity of the issue that you're reporting. When you submit a ticket, you have severity level 1, 2, 3, 4. So, the response time depends but whatever the case is. But the technical support are always responsive. They call you and they stay with you till the situation is resolved.

There was only one case I reported that they did not resolve immediately. The engineer could not find a solution to the issue. They had to do something to actually change the OS. They have a special way to address this kind of problem. They call it the engineering hot seat. That engineering hot seat solution had to come out as an update in the next version. So, that's how professional and resourceful technical support is. They're fantastic.

How was the initial setup?

The product is easy to install. It's straightforward. In fact, the first time I deployed F5, it was my very first experience doing an installation of the product. It was my very first experience using F5 and I deployed it for an Enterprise customer and it was successful. That was my first time using it and it was successful. If you follow the guidelines that they give you, it says "do this, do that," and it is very very easy. 

There have been applications that I have installed with terrible navigation. You can't move from point A to point B, C, and D. Or by the time you get to D you can't get back to A. F5 just works. It is easy to navigate and install.

What about the implementation team?

We deploy this product ourselves for clients, and as I mentioned it is easy to do even for the first time.

What's my experience with pricing, setup cost, and licensing?

The product is a little expensive but it is such a good solution and unified that the cost is worth the price.

Which other solutions did I evaluate?

We have evaluated and also recommend other solutions when the client does not have the budget to go with F5. For example, we used some Cisco solutions which are also expensive but they are not as versatile and easy to deploy and manage.

What other advice do I have?

I have not had any deployments that are exactly the same. For example, if I deployed everything as a solution for customer A and for customer B I do deployments with the same set of applications, and even then there are differences in the deployment. In all the experiences I have had, they have never been the same in my entire four-year experience installing the product. That shows how broad F5 is in its ability to manage situations and customize the experience for specific organizations.

It is usually the case that customers tell us what they want to achieve. They tell us what the need is in their network or in their infrastructure, or they tell us the solution that they expect as a result and then we make a recommendation. If we make the recommendation and they are impressed with the capabilities that the solution can achieve, then they go for it if they have the budget. If they do not have the budget or they don't like what we propose we can give them a different plan.

In most cases, our customers have taken the time and have done their research very well. They just say, "okay, we need this product or solution and I want this product deployed." In most cases, we don't even get to do a recommendation because they have done their research. They have come to a conclusion as to what product meets their needs whether it is because of the name or the advertising. In my opinion, it may not always be the best solution, but they are the client so we give them what they ask for.

The dashboard and the interface for F5 are fantastic. That is really something that is remarkable. It is unlike any other solutions that I've worked with. For example with Cisco, many of the things that you want to do you have to take care of on the command line. It is not very convenient. With F5 you find everything in the interface. There is hardly anything that you want to do with F5 that you can't do from the GUI.

In terms of analytic reporting, the product has very good detailed analytics that comes with the product that you can access on the dashboard. There is also analytics and analysis with visibility reporting. The module that is dedicated for that gives you a fine grain access into everything that you want to see and report on immediately. With everything I want to do for the client in F5, the GUI allows me and maybe this makes a big difference for me in the evaluation of the product because of its ease of use. The dashboard is fantastic and the GUI is excellent.

What I find most impressive about F5 is that, as long as you know what you want to do, as long as we know what you want to achieve, you find the solution there. Let me restrict this example to the LTM (local traffic manager). Let's say, for instance, you want to deploy your application and then there is a feature you want to add or you want to introduce some kind of logic you want to introduce that you cannot find in GUI or it doesn't even come packaged with the box. If you have an idea of what you want to do, you can program it in.

There is a feature you can use to introduce some programmability into the box. It really just comes down to you knowing what exactly you want to achieve. If it doesn't come already pre-programmed as part of the package, this feature will allow you to program it in yourself. There is hardly anything you would want to do that F5 cannot do for you.

On a scale from one to ten, where one is the worst and ten being the best, I would rate this product as a nine. The only reason I will not give them a ten is because of the cost. But based on functionality and ease of deployment, scalability, reliability, overall security and functionality, I give them nine. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email