F5 Advanced WAF Reviews

It's considered one of the modules for the LTM box. It's all modules for the LTM box.

It is actually to protect the customer web application which is published on the internet. It's actually to protect that, and nowadays, we also have this threat intelligence. You will link to the F5 centra, the depository of the threat intelligence database. We always have the latest update on the common threat that is happening currently. You will notify the customer if there's an issue.

The threat intelligence function is great. Nowadays, there is more awareness on the security side. They'd have a real-time update from F5. It provides peace of mind on the security side for the customer.

It is an add-on module to protect the web application.

The solution can scale with planning.

The solution is stable.

Support is helpful.

The deployment side is quite complex. We'd like them to simplify the implementation process. I'm not sure whether they can do that, however, they have to be very detailed on configurations, and sharing of the policy. Anybody that configures this box, the WAF, they have to have knowledge of the application and some of the security portions there as well.

We've had the solution since last year. We have deployed it to a customer.

It is stable. Actually, it evolved from ASM, what they call the Application Security Manager, and now they name it Advanced WAF. It's been around for a while. There are no bugs or glitches. It doesn't crash or freeze. 

We'll size up based on the customer requirement with some buffer, maybe 20% to 30% for the future extension. There is also some consideration on the capacity planning and the size of the box. You can scale. You just need to plan ahead. 

In terms of users, with Advanced WAF, normally their role is more related to the security side.

We just implemented the solution recently and we'll have to wait another three or four years before we change or upgrade the solution. 

I've dealt with technical support. We're quite satisfied with them. They're good. 

Positive

F5 WAF is a web application, in the firewall domain, they have been in the market for a very long time. They know the requirements and the market trends very well. This is the reason why we normally chose F5.

The solution is pretty difficult to set up. You really have to have a grasp o the product to configure it correctly.

The setup takes approximately two months. It's quite a long time. If the application is not ready, then the dependency will be on the application side. Therefore, the cycle is quite long. It depends on the application readiness.

We just need one to two people to handle deployment and maintenance. 

The licensing is charged yearly. It's considered expensive, however, there are more expensive WAFs on the market - like Imperva. F5 is second after Imperva in terms of cost. L1 to L3 support is included in the cost.

I'd rate the price of the solution at a four out of five in terms of how expensive it is.

We tend to stay with F5, however, we will look at pricing and try to negotiate based on that. We'd like to get a discount and look at the market to see the costs. 

I'd advise that new users need to know the requirement expectations, and then the criticality of the application that they're going to let the user use. Sometimes the application is public to the internet for a public user to log into and query the database. In that case, we're exposed to all kinds of external parties. So if you put something that is cheap in place, something that is not able to do the protection properly, then it will be a very big risk to the company. 

I'd rate the solution ten out of ten. Our clients have been very happy with it.

We are using F5 Advanced WAF to protect certain environments. It protects us against everything, such as botnets, web scraping attacks, and foreign entities attacks. It allows us to hone in on exactly the area that we need to focus on. It's a web-based firewall.

F5 Advanced WAF has benefited our company by protecting us against revenue loss. It's prevented hacks that would have taken us offline or caused us a loss of revenue in different areas.

The most valuable features of F5 Advanced WAF are the easy identification of events and customization. We can pinpoint our settings.

F5 Advanced WAF could improve resource usage, it is CPU intensive. Additionally, adding automated remediation would be a benefit. For example, an easy button alerts us of the events that are occurring, and what we want to do at the time. An automated approach where somebody could be alerted very quickly. Instead of going and reconfiguring everything, an automated approach is what I'm looking at.

I have been using F5 Advanced WAF for approximately five years.

We can scale the F5 Advanced WAF very easily. We could configure it to be a canned solution or a customized solution. It goes from canned to full customization to what we need.

After we sized F5 Advanced WAF just right and identified the correct way to configure it, it's very stable.

The solution is not being extensively used.

We have used other solutions previously and in parallel.

Generally, F5 Advanced WAF initial setup is straightforward. However, our environment was more complex and it took us a little more time to customize the solution to where we needed it to be. Additionally, the customization didn't rectify everything. We had to do customization to a certain event to prevent attacks that it wasn't catching, but that might not necessarily be the solutions' fault. It could be more of our setup than the solution's fault and not being able to run the latest version or the newer version could be more of a limitation on our ability to put it in the right place.

The whole implementation to have the solution run at the level we wanted it to take approximately five months.

Our company's environment is one that we can't put a canned solution in front of. Our environment, cannot have a canned solution that might fit everybody else because of how customized this environment is. It does need a lot of tuning to meet our environment's requirements.

I rate the initial setup of F5 Advanced WAF a three out of five.

We did the implementation of this solution in-house. We have a very small group that is managing it. However, because it's for external users it's not a company use solution. Managing it, it's a very small subset of users that will manage the solution and the environment behind it. It is for external customers only.

We have received a return on investment by using F5 Advanced WAF which has saved us from losing revenue.

I rate the return of investment from F5 Advanced WAF a four out of five.

My advice to others would be to define the parameters well in the beginning, and then they will be fine. They could define it as a regular canned solution and go from there, instead of working it as not a canned solution. Define the environment and what you need to protect, that way you can build a base protection profile that you could deploy elsewhere instead of building the policy to the environment first because then customizing cannot be deployed easily.

I rate F5 Advanced WAF an eight out of ten.

It protects our public entities. Its use case is very directed at a resolution of security.

It protects our environment. It protects our entities.

Identification, ease of use, and ease of modifying it to most of our needs are valuable.

There should be more ability to rate limit certain scenarios. The majority of the time, it is either on or off. For certain types of use cases, there should be the ability to rate limit, not just enable or disable.

It is a very CPU-intensive application. I understand why, but I'm hoping that they could optimize the CPU utilization a little bit better.

I have been using this solution for eight years.

It is stable.

It is very scalable for what we need. It is a public-facing service. So, everybody on the internet would be able to utilize this type of service.

We are exploring areas to increase its usage.

I would rate them an eight out of ten.

Positive

We used other public entities for similar use cases.

It is pretty straightforward. A typical setup for these types of projects takes three months.

It is all done in-house. We do everything in-house. 

In its maintenance, I and other people are involved. The daily operations, which include modifying policies, are up to the individual application owners because they understand their applications a lot better than I or our standard operating team would. So, their usage might go higher than mine.

We have very much seen an ROI. It protects our revenue stream.

The way we deployed it, I would rate it a four out of five in terms of pricing.

I would advise doing your homework. It could be very simplified, or it could be very complex, but definitely, do your homework with the owners of the application because they understand the application more than certain people.

I would rate this solution an eight out of ten.

In Pakistan, the banking and financial sector requires F5 WAF solutions. I worked with other companies that had more clients, but my current company is a start-up. We have Palo Alto business, but we're trying to get F5 business.

F5 products are highly stable, top-notch solutions, and we have also the expertise to deploy and design the F5 and Palo Alto product lines. I have more than 10 years of experience with F5 and Palo Alto. I have deployed around F5 products for around seven or eight customers of F5.

F5 should consider adding network detection and response.

We have been using F5 solutions for two years, including load balancers and Advanced WAF.

Advanced WAF is highly stable.

F5 products are scalable, and they have an excellent R&D department. Their product is constantly maturing.

F5 technical support is excellent. They are experts who always provide the right solution, and they understand the problem. Their response and resolution times are good.

Advanced WAF is a difficult product for new users, but it's not too challenging if you have experience. Nevertheless, F5 products are generally considered to be hard to deploy. 

F5's hardware product line is called BIG-IP, and they have many software licenses for IP DNS, Advanced WAF, APM, anti-spam, etc. We have around 10 licenses.

I rate F5 Advanced WAF 10 out of 10. I would highly recommend the entire F5 product line.

What a WAF is happens to be exactly what we are using F5 WAF for: a firewall for our web applications. It is a totally customizable solution. You have our signature-based rule sets and then we can customize to our heart's content depending on what our application can and can not do or what we are trying to protect against.  

So we are using this for anything that is internet-facing. We are applying the WAF there and we are putting it in block mode wherever possible.  

The features I think are the most valuable starts with the IP intelligence component. That is separately licensed and it is definitely one component that we have made heavy use of. Geo-blocking is another — which can be done without a WAF because you do not necessarily need a WAF to do it — but the F5 WAF has those capabilities.  

The signature-based controls that F5 has are another one of the heavier-used components that Advanced WAF has. We do not have to worry about updating signatures, et cetera. WAF will automatically update the signatures for us. I think that is a nice feature.  

Those are the biggest things that we are making use of month-to-month.  

I think the contextual-based component needs a lot of help. It is all based on regular-expressions. That is something I think companies like Signal Sciences are doing a really good job with. We are transitioning off to Signal Sciences on some of our WAF components because of the capabilities Signal Science has. I think that contextual-base signatures would definitely help in F5 WAF.  

Within the enterprise, F5 Advanced WAF (Web Application Firewall) has been rolled out for about six or seven years. I have been working on it for about three to four years.  

It is a stable product.  

F5 WAF is a scalable solution. A lot of the employees and other end-users (virtually anybody on the internet who is coming to your site) benefit from the solution. As far as the people who are directly dealing with the administration, maintenance, and deploying the updates, there are maybe two people. But it can certainly scale-out to service passive use.  

The F5 tech supports is fairly decent. It is not the top of the line, but they do their job. They give you an account team. The account teams are normally really responsive. When you need to run something by them, they are unlike some other products. With other products you have to go through opening up a ticket — because that is the only way they will respond to you — and later they might come back and say it is not their problem and you need to figure it out on your own. The F5 is very different from that perspective in providing support. Your account team is your go-to group. They will walk you through solutions, help you design solutions, and it is part of the value add of using F5Advanced WAF. I really liked them for the extra effort they put in to provide good support. They do not upsell professional services or anything like that. Because of that, I would rate them a little on the higher side for support than just your average support experience.  

The installation of F5 Advanced WAF is complex. Any WAF that you put in takes a lot of time to install correctly. You never really just drop it in and have it working right off the bat. The only exception I can say that I have come across to that right now is Signal Sciences. You can literally drop that solution in place and put it in blocking mode within the same day. With F5 there is a learning period where you allow it to learn and then you go back because it is based on regular expressions. So you have to go through and check to see that there is normal traffic going through your site, et cetera. In other words, there is training involved. It can take from seven to fourteen days before you get a good signature set up.  

If you just need to turn on the licensing key, that might take 10 seconds to do and that is available essentially immediately when you implement WAF. But when you are talking about implementation — and this is true with any WAF — it is time-consuming. You are integrating a piece of technology with applications that have already been written. It might be a legacy app, it might be a new app or whatever that you use for whatever your use case might be for that application. You are using WAF in order to protect that app. You have to invest time in creating the signatures. That period of time where you are creating the signature is what is complex and extends the period of the implementation.  

That is what I think the true difference is between F5 WAF and the new-gen stuff like Signal Sciences is. With Signal Sciences you literally can just drop in and turn it on.  

F5's licensing varies. I do not know exactly what the individual WAF component costs because they bundle up services and the bundle is what I pay for. I do not pay for individual components.  

Advice that I would give to people considering F5 WAF is to look at and consider other products as well. They have to make sure they know what they are getting into. That is key to finding the right solution. I think WAF requires a lot of time and patience as well as an understanding of your applications in order to make the best use of its capabilities.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate the F5 Advanced WAF as a solid eight-out-of-ten.  

We are distributors in Vietnam. We consult for our customers and I am a Product Manager. We use F5 Advanced WAF as a firewall for our website applications and the websites of our customers.

The most valuable features of F5 Advanced WAF are the security features and the protection.

In the future, I would like to see F5 include AI in the hardware of F5 Advanced WAF.

F5 Advanced needs to improve its bot protection. The solution needs to have machine learning to learn the behavior of the customer to recognize the human versus the bot. This is a difficult feature to explain to our customers. I would like documentation about the bot feature to make it easier for the customer to understand.

I have been using F5 Advanced WAF for two years.

The solution is stable.

F5 Advanced WAF is scalable.

We tend to handle our own technical support for our customers. My experience with F5 support is a three out of five overall. They need to improve the information and training of the receiver.

Positive

The initial setup was neither easy nor difficult. I would rate setup as a four out of five.

The pricing of F5 Advanced WAF is more expensive than other solutions like Radware and CD18, it is quite high. I rate the product a one out of five for price, with one being expensive.

Overall, I would rate F5 Advanced WAF an eight out of ten overall.

I use it for load balancing.

It's flexible and powerful, and the users can input their own rules to the system.

The pricing could be more flexible.

I've been using it for three to four years.

It is a stable solution.

F5 Advanced WAF is a scalable solution. We have 20 people using it in our company, mainly from our operations team.

F5 has a partner in Singapore, and he's very supportive.

It is reasonably easy to set up and took about a month.

I used a third party for the deployment.

The cost is slightly above average.

I would rate this solution at eight on a scale from one to ten.

F5 Advanced WAF can be deployed on-premise or in the cloud. When it comes to local governmental organizations, it's mostly on-premises solutions they use. However, we recommend using virtual ones.

F5 Advanced WAF is used for protecting applications.

The most valuable features of F5 Advanced WAF are the balancer and you can change policies very easily.

The overall price of F5 Advanced WAF could improve.

I have been familiar with F5 Advanced WAF for approximately one year.

I have not had any customers complaining about the stability.

F5 Advanced WAF is scalable.

The initial setup of F5 Advanced WAF is easy.

I rate the setup of F5 Advanced WAF a four out of five.

The ease of maintenance of F5 Advanced WAF depends from customer to customer. If the company had someone trained or they have an inside person who is reliable for this maintenance, they typically do not have any problems.

The price of F5 Advanced WAF could improve it is expensive.

There can be extra features added at an additional cost.

I rate the price of F5 Advanced WAF a three out of five.

Our clients pick this solution over others because it is one of the leading companies in the category.

I can recommend F5 Advanced WAF to any customer because we have experience, and referrals from customers using it within different models. If it comes to WAF, LTM, or whatever. I'm very happy to sell it because it is one of the leading vendors within its line. Our customers within the financial market, such as banking organizations, are very happy with it.

I rate F5 Advanced WAF a nine out of ten.