What is our primary use case?
We have several websites that are exposed to external users. We have a website for interaction with supply chain customers. We also have a website that gives access to CRM functionality to allow our customers to open tickets and disputes. F5 WAF is at the front for security and attack mitigation. It ensures that users are able to access only allowed pages.
What is most valuable?
The web application firewall itself is most valuable. It provides positive security and negative security. In negative security, it blocks a task such as cross-site scripting, code injection, etc. In positive security, it lets you specify and enforce things, such as the parameters allowed in username and password fields and the number of characters allowed in a field.
It also has antivirus and DDoS mitigation capabilities. We have enabled these features.
It is also quite intuitive and user-friendly. They have several webinars that are actually like labs. You can use these webinars to learn about how to use all features of the product.
What needs improvement?
Its price should be better. It is expensive.
What do I think about the stability of the solution?
In general, it is stable and reliable. Over the past few months, several vulnerabilities were found in the product, but which product doesn't have vulnerabilities? The main question is how fast do you get the fix for it, and they provided the fix quite quickly. We had to upgrade it as soon as possible to mitigate the risks.
What do I think about the scalability of the solution?
I didn't try to expand it. We have two staff members who are using F5 Advanced WAF.
In terms of its usage, we are deploying it on all points through which we are exposing services, but we are currently not exposing too many services.
How are customer service and technical support?
I had only one case for which I had to call tech support. It wasn't a straightforward ticket. It was quite a challenging ticket. Eventually, they found a solution, but it took some time. It was challenging to find the bug in one of the previous versions. They also didn't know about it. We did the troubleshooting together until we found the problem.
Which solution did I use previously and why did I switch?
We were using another solution before switching to F5 Advanced WAF. We didn't have success with that solution because the integrator failed to deploy it properly. It was more complex and not user-friendly.
How was the initial setup?
It was a little bit complex. If you want to add an additional layer or model like APM with two-factor authentication, then it requires a little bit more integration.
What's my experience with pricing, setup cost, and licensing?
It is expensive. Its price should be better.
Its licensing is on a yearly basis. Its licensing is also based on the model. There are no additional costs.
What other advice do I have?
I would recommend this solution to other users. I will advise others to learn a little bit about how the HTTP protocol works. They should be familiar with the functionality of the product. They should not use it without understanding what they are actually doing.
I would rate F5 Advanced WAF a nine out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?