We compared AWS WAF and F5 Advanced WAF based on our user's reviews in several parameters.
Users have praised AWS WAF for its effective protection against web application attacks, customizable rule sets, and affordable pricing. On the other hand, F5 Advanced WAF stands out for its robust security measures, advanced threat intelligence, and user-friendly interface. However, AWS WAF users appreciate the responsive customer support, while F5 Advanced WAF users value its seamless integration with existing systems. Both products have areas that need improvement, with AWS WAF users looking for better documentation and customization options, and F5 Advanced WAF users desiring a more intuitive interface and comprehensive support for troubleshooting.
Features: AWS WAF offers effective protection against web application attacks, easy setup and configuration, flexibility in setting rules, and integration with other AWS services. F5 Advanced WAF provides robust security measures, advanced threat intelligence, efficient traffic management, and customizable policies.
Pricing and ROI: The setup cost for AWS WAF is minimal, with a smooth and straightforward process. Users find the licensing flexible and customizable. On the other hand, F5 Advanced WAF also has a minimal setup cost, making installation hassle-free. Users appreciate the straightforward and easy-to-manage licensing., AWS WAF's ROI is reflected in increased security, reduced risks, and improved web threat protection. It also offers cost savings and efficient management. On the other hand, F5 Advanced WAF's ROI is seen in improved security, enhanced visibility, and reduced cyber threats. It effectively protects web applications for a safe user experience. Overall, both products deliver valuable and beneficial ROI.
Room for Improvement: AWS WAF users have requested better documentation and detailed instructions for users with limited technical expertise. They also want a more user-friendly interface, enhanced customization options, and greater flexibility in configuring rule sets. F5 Advanced WAF users have expressed concerns about a lack of user-friendly interface, complexity in configuration, and a need for improved documentation and better support for troubleshooting and resolving issues. Overall, they desire a more streamlined and intuitive experience.
Deployment and customer support: Based on user feedback, it is necessary to consider the duration required for different phases of implementing a new tech solution. For AWS WAF, users mentioned distinct timeframes for deployment and setup, while for F5 Advanced WAF, users mentioned similar timeframes for deployment and setup., AWS WAF's customer service is consistently praised for being excellent and highly responsive. Users appreciate the knowledgeable support team who go above and beyond. On the other hand, F5 Advanced WAF's support has received positive feedback for their prompt and helpful assistance.
The summary above is based on 56 interviews we conducted recently with AWS WAF and F5 Advanced WAF users. To access the review's full transcripts, download our report.
"Stable and scalable web application firewall. Setting it up is straightforward."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"This is not a product that you need to install. You just use it."
"What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses."
"The most valuable feature is the way it blocks threats to external applications."
"The valuable features vary from customers to customers. Some customers are okay with the basic features of the WAF, and some customers use advanced WAF with a few other features."
"There are a lot of good features."
"The most valuable feature is artificial intelligence and to get extra internal access."
"With F5 Advanced WAF, it was protection for online publications and for our customers that caused us to choose the platform."
"F5 Advanced WAF is a stable solution, we are satisfied. It is more stable than ForiWeb."
"I like the security features, especially against SQL injection."
"The solution uses AI to protect against botnet attacks."
"This solution inspects your traffic and based on that, automatically create distinct qualities for you, so you can add this to the policy already created. That's what I like most."
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."
"The product should improve the DDoS-related features."
"They should make the implementation process faster."
"We must monitor and clean up the WAF manually."
"The cost management has room for improvement."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"The solution should identify why it blocks particular websites."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"One area for improvement in the product is its SSO integration, which posed challenges and required significant effort to resolve."
"I would like to see the API Protection improved."
"You have to buy another module with an extra license, to have the authentication feature."
"The solution is tedious. It takes a lot of discrete settings so one needs to get detailed and granular when they use the solution. It takes you a whole lot of energy and concentration to configure. It needs to be much more straight-forward, like other web solutions."
"It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."
"I would say their graphical interface, the GUI. I don't like the GUI as much as before."
"We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement."
"Scalability could be improved."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 51 reviews while F5 Advanced WAF is ranked 3rd in Web Application Firewall (WAF) with 53 reviews. AWS WAF is rated 8.2, while F5 Advanced WAF is rated 8.6. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of F5 Advanced WAF writes "Flexible configuration, reliable, and highly professional support". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas F5 Advanced WAF is most compared with Fortinet FortiWeb, Microsoft Azure Application Gateway, Imperva Web Application Firewall, F5 BIG-IP Local Traffic Manager (LTM) and Prisma Cloud by Palo Alto Networks. See our AWS WAF vs. F5 Advanced WAF report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
