F5 Advanced Firewall Manager Review

Good support, and capable of scaling


What is our primary use case?

We primarily use the solution to protect and to divide cells. We are not using AFM as a standalone product. We are using AFM with the LTM module, as a module. The main purpose of F5 is to use it as an ADC application to deal with the console.

What is most valuable?

The DDoS is the solution's most valuable feature.

The support that the product offers is good. 

When you buy an F5 as an appliance, you are buying licenses as well. If you buy both LTM and AFM licenses, you can protect your servers in a one-off solution. You don't have to buy another firewall to protect your servers. It makes security really easy.

The decryption is great.

What needs improvement?

We aren't using the most recent version. The most recent version is 15. Therefore, there may have been improvements on the solution we're not aware of.

The should add, if they aren't already going to, some features surrounding location awareness, station awareness and segregation of users. I'm not sure of which version supports these items and which port version doesn't. However, I hope they will continue to develop out the product to ensure they are included.

In order to overcome some of the problems in the industry, I would like to see the solution offer a hardware device with strong ASICs, and a stand-alone AFM tool to prevent attacks. 

For how long have I used the solution?

I've been using the solution for two years or so now.

What do I think about the stability of the solution?

The solution is pretty stable. If you do happen to find a bug, they will provide you with a patch to solve the issue. You can also go to their website where they will list all of the bugs that are associated with each version. They make it quite transparent.

What do I think about the scalability of the solution?

The solution is scalable because it doesn't depend on hardware. If you run this product on a Viprion, it will be scalable, but not too much. If you run the same product with the same version in a standalone device or on a virtual system, you will use the power and scale of the associated device. It's scalable because you are able to use the same product in different hardware. If you buy a powerful server, and you can scale your F5 as a virtual system easily.

How are customer service and technical support?

I don't really reach out to technical support, so I wouldn't be able to assess it.

How was the initial setup?

The initial setup is very straightforward. It's not complex. It just takes a few steps and you are finished.

Deployment times vary according to the customer. It needs to be heavily configured. You need to look and you need to observe the behavior of the traffic before you can start configuring everything. It can take time.

In terms of deployment, a powerful deployment actually needs a minimum of two people and one of them needs to speak with the developers because the developers are protecting the source. They will help you to understand the requirements. After the assessment of the requirements, the users can deploy and test the solution.

Maintenence also varies by customer, however, once it is configured, unless you are adding extra servers or adjusting things, there doesn't need to be any maintenance. You can just leave it alone for the most part, so you will only need one person to check on it.

What about the implementation team?

I help my clients deploy the product to their systems.

What other advice do I have?

While some companies have now started to move these devices from on-premises to the cloud, most companies prefer not to do this due to security reasons.

I'd rate the solution eight out of ten. It's a good product, but it may not be the absolute best on the market. Companies should examine NGINX or Palo Alto or others and compare them to see what would work best for their organization.

I would recommend the solution.

It's great for protecting servers from attacks. With controllers plus the firewall, you will only need one device to protect everything.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More F5 Advanced Firewall Manager reviews from users
...who compared it with Imperva Incapsula
Add a Comment
Guest