F5 SSL Visibility Review

Consistent and stable with a straightforward setup


What is our primary use case?

We primarily use the solution for securing public internet communications.

What is most valuable?

Just the very functionality of the load balancer has been very useful to our organization. It's been essential for our operations to stay up and stay operational. There have been few problems where a particular node has been offline for whatever reason - yet we've been able to maintain consistently due to the fact that we have five load balances and everything. That's been very effective.

The initial setup isn't too difficult.

The solution has a very good community the surrounds the product. 

The solution has been quite stable over the years we've had it running.

What needs improvement?

The most difficult thing that we have to deal with is SSL Hardening. Vulnerabilities are found in various ciphers, getting them removed, identifying them, et cetera.

For how long have I used the solution?

I've been working with the solution for more than five years at this point. It's been a while.

What do I think about the stability of the solution?

The solution is stable. The cluster has been out for five-plus years. It's reliable and the performance has been good. We have no complaints.

What do I think about the scalability of the solution?

From what I'm working on, scalability looks to be very good. I am literally in the midst of a project whereby we'll be hitting that to the nth degree, so to speak. It looks to be good, however, I don't have good firsthand knowledge on that yet.

We're really going to be beginning to cross that in the next couple of weeks. I can't fully answer the question of scalability just yet.

Soon, virtually everybody in the company will be using it to some degree. It's going to be anybody and everybody, however, it depends on if the function is load balanced. If it has public communication and it currently does, we're adding in some scalability. The solution also requires some type of internal and external load balancing to offer scalability from site to site, for the disaster recovery solution. In one way or another, it's touching a lot of our infrastructure.

How was the initial setup?

The initial setup was okay. They've improved the community or they've added more functionality over the years. There have been eight or nine major version releases, and we're currently running 14. We were at eight or nine originally. If I'm about accurate, there have been five or six major releases over the time we've started using the solution. Therefore, initial setups have likely changed a bit. With SSL improving, there's been quite a few changes, modifications, cipher ads, and things of that sort. 

While we have a team of five people capable of maintaining the solution, we only really need two people to maintain it as necessary.

What was our ROI?

In terms of ROI, it's not something that I directly look at, to be honest. My functionality and focus are more along the lines of making sure that the environment is stable, secure, and available. From my standing, those are essential to that process. They're very important.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the actual pricing. I've never had to renew them yet.

So far the F5 is proven to, according to my analysis at least, to be less expensive than, for example, an Azure load balancer. For our implementation and use, it appears that the F5 is less expensive, over ANTC or TCL than the Azure solution would be.  It's also more functional. Honestly, that has to be 70% to 80% of the reason why the choice got made by the company to go with F5. If that hadn't been there, we would probably have a dispersed topology and I'd have to deal with Azure here and some other thing on-prem and that sort of thing. So it makes my life a lot simpler and things a lot cheaper since it's a single point.

What other advice do I have?

We have a partner relationship with F5.

We work with 1.2 SSL, TLS 1.2 and 1.3.

The most challenging thing is that it just requires a little more understanding than your average web user, server user, or something similar. The solution does require some explicit knowledge. Somewhere down the way, depending on your underlying purpose and how secure you want to be, you're going to need to have a little better knowledge than the layman has as to SSL ciphers, keys, et cetera, to make them function. An organization just needs to be aware that to take advantage of the solution properly they'll want to have someone with knowledge on-hand.

Overall, I would rate the solution at a nine out of ten. We've mostly been very pleased with the product.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Find out what your peers are saying about A10 Networks Thunder SSLi vs. F5 SSL Visibility and other solutions. Updated: May 2021.
509,820 professionals have used our research since 2012.
Add a Comment
Guest