NGINX Web Application Firewall Review

A stable system with good security and load balancing


What is our primary use case?

We use WAF as part of our security solution, protecting applications such as internet banking.

It is used both as a web application firewall and for load balancing. 

What is most valuable?

The most valuable feature is that I can establish different services from the firewall.

Using the standard configuration, it is very easy to set up.

What needs improvement?

The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary.

This solution would benefit from having a support portal that can be opened directly from the dashboard.

For how long have I used the solution?

We have been using the NGINX WAF for five years.

What do I think about the stability of the solution?

This solution is very much stable. Once it is working, it stays working. We use it on a daily basis.

What do I think about the scalability of the solution?

This solution is not really scalable. Both the virtual appliance and the physical appliance are limited in terms of how much traffic they can handle. If you need to scale up then you need to replace the box with a bigger one.

In my company, we have about 700 users. One of my customers has about 2,500 concurrent users, and another one has about 4,000. These are all internal users. I cannot tell how many external users are connecting from the internet, but it is an enormous number.

How are customer service and technical support?

It takes time to deal with technical support because they are pretty busy, but when you get the support it is very good. They know what they're talking about.

Which solution did I use previously and why did I switch?

Prior to using this solution, we tried open-source pfSense. However, most of my customers went to F5.

How was the initial setup?

The initial installation is very simple. However, there is one issue with security certificates.

Any system that you publish that is a secure system needs to have a certificate implemented, and that is always a struggle. We have plenty of customers with this solution, and every time that we get to the step involving the certificate, extra work is required. It never works smoothly. You always have to go and manipulate the certificate and the system just to set it up. I'm not sure about the latest systems, but in the old models, this could not even be done through the GUI. You had to use the command line, even though the certificate is visible in the GUI. A combination of commands is required just to make it work.

The length of time to deploy a basic system is very short. For more complex scenarios, it can be a long process.

What about the implementation team?

We do have a consultant to assist us with deployment. We do the initial configuration, but when it comes to things that don't work then we speak with F5 directly. 

We have two people in place to maintain this product. One is from IT and the other takes care of the networking aspect.

What's my experience with pricing, setup cost, and licensing?

The licensing fees for this solution are pretty expensive for what it does, but there is no alternative. The only alternative is Imperva, but that is even more expensive.

Which other solutions did I evaluate?

There is not much variety when it comes to web application firewalls that are also load-balancing solutions. Imperva is an alternative, although it is more expensive.

What other advice do I have?

My advice for anybody who is implementing this solution is to plan well. You have to make sure that you plan ahead and know what it is that you want to achieve, then gather all of the relevant information. Otherwise, if you start to configure it and then find out that you don't have the right application server, or the right policy, or the proper certificate to install and configure it, then the installation will be very long. On the other hand, if the plan is very good and you have all of the details in advance, along with the right people to test it, then it should be straightforward.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More NGINX Web Application Firewall reviews from users
...who compared it with Imperva Incapsula
Add a Comment
Guest