F5 Advanced WAF Room for Improvement

Jamshaid Dayar
Network Engineer at a tech services company with 11-50 employees
If I had to summarize what needed improvement, I'd say they are currently in the process of updating their software. But more specifically, I would say their graphical interface, the GUI. I don't like the GUI as much as before, but now I think they're focusing on it. We are getting some new good features in the latest update. But there is still room for improvement on the user interface as well. It's easy to use. It's not difficult but it is not pleasing to the eye. Most of the time you want to see something dynamic, something like the reporting section or the system usage, the CPU, some detailed graphs, anything of that sort. So I guess they have some room for improvement there. Don't make it more complicated, just make it more pleasing to the eye. We are using the most stable version. Because recently we got an email from F5 suggesting that if you have any user on the that there was a vulnerability on that feature. And it was quite a severe one, so they asked us to immediately update that license to another version. They currently have 15 versions, but they are not stable. They didn't recommend them to us. So most of the customers in Pakistan are using the version. That is the most stable version and is recommended by F5. My focus is normally on logging and reporting, because customers always ask for a clear reporting criteria. I would like it if they could simplify the reporting process. If I create something, I want to get a good report on it that I can read in seconds or in minutes. I don't want extra details in it. They should work on the exporting of the logging and reporting. View full review »
Executive Director IT Security at a printing company with 501-1,000 employees
I think the contextual-based component needs a lot of help. It is all based on regular-expressions. That is something I think companies like Signal Sciences are doing a really good job with. We are transitioning off to Signal Sciences on some of our WAF components because of the capabilities Signal Science has. I think that contextual-base signatures would definitely help in F5 WAF. View full review »
Georges Samaha
Security Consultant at a tech services company with 501-1,000 employees
We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement. The solution still needs some development to handle more traffic, especially in huge environments. In small environments, it's not an issue. View full review »
Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.
Priyesh MP
Solution Architect at a computer software company with 201-500 employees
It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall. View full review »
Technical Team Leader at a tech services company with 201-500 employees
I would like to see the pricing of this solution improved. There are a lot of other products that are trying to compete with this solution, and there are a few now that are very good. I know that F5 doesn't always worry about the pricing because of the branding, but if they want to capture more of the market then they need to consider that not everybody thinks about the brand. Some are concerned with the price, and some of the competitors offer solutions at a lower cost. While it is true that price is only one of the things that people consider, it is one of the major factors that can cause them to lose the battle to a competitor. This solution can be made more user-friendly. View full review »
IT Engineer at a tech vendor with 51-200 employees
This solution is the best out there on the market. One thing that can be improved, is to increase the quantity over predefine policy. I know it's impossible to do it all, but what I would have liked to increase the ready-to-deploy templates with only a few clicks. View full review »
Security Specialist at a energy/utilities company with 51-200 employees
The administrator's user interface and some of the settings can sometimes be very complicated to understand. It would really help if they could be easier and more user-friendly. Perhaps the developers can add a training video that shows users what to do. I am sure it is a good product and you only need some experience to become familiar with it. Another thing that may need improvement, is upgrading from one version to another. It is good, but it can be faster. View full review »
Senior Engineer at a tech services company with 51-200 employees
For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use. F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard. We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future. F5 now is the product we use for the web products to have a web application firewall. We need better integration in the application and more security features in the future. View full review »
Senior Technical Specialist | Cloud Platforms at a financial services firm with 5,001-10,000 employees
If they could separate the control plane from the data plane, it would give us more flexibility, especially with the Hyper Cloud. This could be the reason they purchased NGINX. They have released the first production release but they are not there yet. It would be good to have this separation in the near future. Also, automation on the cloud is not easy. It's a bit of a job, and it doesn't auto-scale very well. They need to work on the BIG-IQ, which is centralized management. There are too many devices. Managing them individually is inconvenient. Essentially, BIG-IQ is supposed to centralize the management for all of the boxes but it's not very effective. View full review »
Reza Torabi
Senior Network Engineer at PECCO
Everything is good about the F5 WAF, except the reporting. It's really difficult to set records from that device, the UI is kind of hard to work with, and the reporting must be improved. As a suggestion to the F5 company, they have to put in shells to have the next generation WAF. So, instead of buying different modules and different hardware and appliances, they can offer an all-in-one solution for WAF. View full review »
Shiran Cohen
Cyber & Security Application Delivery Expert at Hewlett Packard Enterprise
I think the deployment template can be better, like the iApps they have in the F5 MPM. I think the deployment templates can be better. View full review »
Georges Samaha
Security Consultant at a tech services company with 501-1,000 employees
In general, the web interface is not really catchy. It's very powerful, very customizable, but it doesn't have a very nice GUI interface for a new adopter. For them, they'd have to do a lot of configuring. At least the reporting and monitoring parts, let's say, to be honest, should have a better interface. A few other products have very nice dashboards, out of the box, and F5 is not that friendly to use. Also, when you buy WAF, you have to buy another module called APM to do authentication. You have to buy another module with an extra license, to have the authentication feature. Other vendors have it interwoven. For example, I don't know if Barracuda has it, but Citrix has it under the same license. So maybe add authentication functionality in the AOS license, and not separate. View full review »
Shiran Cohen
Cyber & Security Application Delivery Expert at Hewlett Packard Enterprise
The templates of the iApps could be better. The solution's dashboard could be improved. When you're moving from policy to policy, the logs and the integration of the logs in other systems aren't straightforward. The solution has a lot of training material, but not about integration in a virtual improvement. They should create more documentation around this for users. View full review »
Hillary Ugwuanyi
Head IT Infrasrtucture at ActivEdge
The solution is tedious. It takes a lot of discrete settings so one needs to get detailed and granular when they use the solution. It takes you a whole lot of energy and concentration to configure. It needs to be much more straightforward, like other web solutions. They need to have a way to define attack signatures. It might help improve the user experience. View full review »
User at a financial services firm with 10,001+ employees
I would not expect traffic details to pass through the web application firewall across the length of the whole application. I think that there is a web application where it can let the application function without traffic going in into the WAF. I think the solution is already being phased out. They are now going for a more advanced option but I'm referring to the web crawler. The web crawler should be able to allow a web application on its own to create policies, rather than wait for traffic to go to the WAF. View full review »
Head of IT Security at a financial services firm with 201-500 employees
The scalability could be improved. There is a version with 25 and 200 Mbps, no options in between View full review »
Learn what your peers think about F5 Advanced WAF. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.