We just raised a $30M Series A: Read our story

NGINX App Protect OverviewUNIXBusinessApplication

NGINX App Protect is #1 ranked solution in top API Security tools, #6 ranked solution in Container Security Solutions, and #13 ranked solution in top Web Application Firewalls. IT Central Station users give NGINX App Protect an average rating of 8 out of 10. NGINX App Protect is most commonly compared to AWS WAF: NGINX App Protect vs AWS WAF. The top industry researching this solution is Computer Software Company, accounting for 28% of all views.
What is NGINX App Protect?

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

  • Integrating security controls directly into the development automation pipeline
  • Applying and managing security for modern and distributed application environments such as containers and microservices
  • Providing the right level of security controls without impacting release and go-to-market velocity
  • Complying with security and regulatory requirements

NGINX App Protect offers:

  • Expanded security beyond basic signatures to ensure adequate controls
  • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
  • Confidently run in “blocking” mode in production with proven F5 expertise
  • High‑confidence signatures for extremely low false positives
  • Increases visibility, integrating with third‑party analytics solutions
  • Integrates security and WAF natively into the CI/CD pipeline
  • Deploys as a lightweight software package that is agnostic of underlying infrastructure
  • Facilitates declarative policies for “security as code” and integration with DevOps tools
  • Decreases developer burden and provides feedback loop for quick security remediation
  • Accelerates time to market and reduces costs with DevSecOps‑automated security

NGINX App Protect is also known as NGINX WAF, NGINX Web Application Firewall.

Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: October 2021

NGINX App Protect Video

Pricing Advice

What users are saying about NGINX App Protect pricing:
  • "The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."
  • "Our licensing costs are about $40,000 a year."

NGINX App Protect Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
AmirIlany
Chief Technology Officer at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
A stable system with good security and load balancing

Pros and Cons

  • "The most valuable feature is that I can establish different services from the firewall."
  • "The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."

What is our primary use case?

We use WAF as part of our security solution, protecting applications such as internet banking.

It is used both as a web application firewall and for load balancing. 

What is most valuable?

The most valuable feature is that I can establish different services from the firewall.

Using the standard configuration, it is very easy to set up.

What needs improvement?

The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary.

This solution would benefit from having a support portal that can be opened directly from the dashboard.

For how long have I used the solution?

We have been using the NGINX WAF for five years.

What do I think about the stability of the solution?

This solution is very much stable. Once it is working, it stays working. We use it on a daily basis.

What do I think about the scalability of the solution?

This solution is not really scalable. Both the virtual appliance and the physical appliance are limited in terms of how much traffic they can handle. If you need to scale up then you need to replace the box with a bigger one.

In my company, we have about 700 users. One of my customers has about 2,500 concurrent users, and another one has about 4,000. These are all internal users. I cannot tell how many external users are connecting from the internet, but it is an enormous number.

How are customer service and technical support?

It takes time to deal with technical support because they are pretty busy, but when you get the support it is very good. They know what they're talking about.

Which solution did I use previously and why did I switch?

Prior to using this solution, we tried open-source pfSense. However, most of my customers went to F5.

How was the initial setup?

The initial installation is very simple. However, there is one issue with security certificates.

Any system that you publish that is a secure system needs to have a certificate implemented, and that is always a struggle. We have plenty of customers with this solution, and every time that we get to the step involving the certificate, extra work is required. It never works smoothly. You always have to go and manipulate the certificate and the system just to set it up. I'm not sure about the latest systems, but in the old models, this could not even be done through the GUI. You had to use the command line, even though the certificate is visible in the GUI. A combination of commands is required just to make it work.

The length of time to deploy a basic system is very short. For more complex scenarios, it can be a long process.

What about the implementation team?

We do have a consultant to assist us with deployment. We do the initial configuration, but when it comes to things that don't work then we speak with F5 directly. 

We have two people in place to maintain this product. One is from IT and the other takes care of the networking aspect.

What's my experience with pricing, setup cost, and licensing?

The licensing fees for this solution are pretty expensive for what it does, but there is no alternative. The only alternative is Imperva, but that is even more expensive.

Which other solutions did I evaluate?

There is not much variety when it comes to web application firewalls that are also load-balancing solutions. Imperva is an alternative, although it is more expensive.

What other advice do I have?

My advice for anybody who is implementing this solution is to plan well. You have to make sure that you plan ahead and know what it is that you want to achieve, then gather all of the relevant information. Otherwise, if you start to configure it and then find out that you don't have the right application server, or the right policy, or the proper certificate to install and configure it, then the installation will be very long. On the other hand, if the plan is very good and you have all of the details in advance, along with the right people to test it, then it should be straightforward.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
LM
Product Manager - Technical at a tech services company with 5,001-10,000 employees
Real User
Top 10Leaderboard
WAF is very good at tracking mitigation, inclusion, prevention, and the parametric firewall

Pros and Cons

  • "WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."
  • "It's challenging if you need to go for a high throughput."

What is our primary use case?

I'm carrying out some research work on NGINX because I am in academia. All my use cases relate to scaling from private to public cloud and vice versa. The other use case is for our perimeter security for cloud-based EDCs. We are customers of NGINX and I'm a technical product manager.

How has it helped my organization?

The solution has helped us greatly during this Covid period. When everything went remote, we had to scale up some applications and provide remote access to our users. It meant that we needed more security for our applications, the EDCs, and that's when we made use of the WAF module from NGINX to ensure the applications are secure.

What is most valuable?

The WAF itself was a feature that I found very useful to track mitigation, inclusion, prevention, and the parametric firewall.

What needs improvement?

The solution does well when there's low throughput but when we go for any high throughput, it's always a challenge. I'm expecting the next version to have a better high throughput. I also find that the bug fix rate is pretty slow.

I would like to see some more tools and to have some more automation capabilities in the next release, because right now the exposure of the API in NGINX is pretty limited. So I would like to see more of that as well as robustness in the scaling of the solution. 

For how long have I used the solution?

I've been using this solution for six months. 

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

Scalability can be a bit of a challenge because there are some use cases that are not tackled. Our Dev Ops, IT staff and support service all use this solution. Let's say about 100 people at any given time. We have two staff responsible for support, they are IT support admins. We use the solution on a daily basis. 

Which solution did I use previously and why did I switch?

I previously used the HAProxy. We switched to NGINX because it is more advanced. And then after the F5 networks bought them, their product portfolio increased and that was another reason for us to shift.

How was the initial setup?

The initial setup was straightforward but I am well versed in this implementation. If I was a novice, it would be difficult. We have pretty much automated all our deployments, and then we schedule a downtime for our apps and deploy the patches or the new versions through automation so it'll take a lot less time.

What was our ROI?

We have seen a good ROI. Because of the Covid virus, we were able to see it immediately. When everyone went remote, we were scrambling to see how we could deploy and secure the apps and this came in at the right time.

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are about $40,000 a year. We pay on an annual basis. We just have our operating costs on top of that. 

What other advice do I have?

I would recommend getting your deployments before you jump into buying or trying out this solution. Have a clear road map for your deployments and your future solutions. The solution has a rich feature set but on the down side is the issue with the high throughputs.

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about F5, Amazon, Microsoft and others in Web Application Firewall (WAF). Updated: October 2021.
543,424 professionals have used our research since 2012.
Vijay Lalwani
Manager - Cyber Security (SOC) at a financial services firm with 10,001+ employees
Real User
Top 10Leaderboard
Easy to analyze security abnormalities, stable, and the support is good

Pros and Cons

  • "The most valuable feature is that there is a link in the system that will help to analyze the security of an application when something abnormal is found."
  • "Setting policies and parameters through the UI should be more automated because the process is manual, where we can only edit one rule at a time."

What is our primary use case?

We use this solution to protect our entire set of web applications. This includes protecting against vulnerabilities as a result of programming errors.

What is most valuable?

The most valuable feature is that there is a link in the system that will help to analyze the security of an application when something abnormal is found.

What needs improvement?

This firewall should support more of the network layers.

Profiling capability should be improved.

Setting policies and parameters through the UI should be more automated because the process is manual, where we can only edit one rule at a time.

For how long have I used the solution?

I have been using the NGINX Web Application Firewall for more than a year and a half.

What do I think about the stability of the solution?

In terms of stability, this solution is much better than Imperva.

What do I think about the scalability of the solution?

In terms of scalability, depending on the application, there is a limit to how many policies I can design.

How are customer service and technical support?

The technical support for this solution has improved. Imperva used to be better, but now, NGINX is more responsive.

Which solution did I use previously and why did I switch?

I have also used Imperva. The stability and interface are better in the NGINX WAF. For example, it is easier to create new policies. Technical support from NGINX is also more responsive than that of Imperva.

How was the initial setup?

The initial setup was complex in terms of deployment and fine-tuning.

We have more than ten applications so it took us between four and five months to deploy.

What about the implementation team?

We had to contract a third-party consultant to assist us with the deployment. We are satisfied with their work

What other advice do I have?

Based on my experience, this solution is better than the other choices on the market.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Web Application Firewall (WAF) Report and find out what your peers are saying about F5, Amazon, Microsoft, and more!