We just raised a $30M Series A: Read our story
2019-07-07T06:35:00Z

What advice do you have for others considering F5 Silverline Web Application Firewall?

5

If you were talking to someone whose organization is considering F5 Silverline Web Application Firewall, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
55 Answers

author avatar
Top 10Real User

You should know what you're actually blocking. A lot of customers move to WAF or AWAF because they were told to do that, but they need to identify what they're actually looking to inspect. For example, one of the clients I worked with did not understand the differences in capabilities between a next-generation firewall and a WAF. When I say WAF, I am talking about AWAF, not the previous generation WAF. No one considers that anymore. People who try to put WAF and think that they are secure are not really secure. There is still a fine grain of security that you need on a next-generation firewall. For example, if I inject a payload, I'm going to have HTTPS traffic that I pass on to WAF. If I do not do my SSL termination and just inspect the remaining stuff, such as headers, WAF is basically useless. If you're using a WAF solution like F5 Silverline Web Application Firewall, one thing it does really well is the orchestration part. It can terminate your SSL and do the encryption. Basically, it may make your stream decrypted via texts, inspect every element of it, decrypt it back, and then send it. As a security consultant, I would add another next-generation firewall behind F5 Silverline Web Application Firewall. I will make sure that I do a service chaining, and every single stream or packet that is decrypted is again routed via a next-generation firewall to do IPS. This is because your WAF cannot do IPS. It is not its major strength; it is a firewall capability. Let's say you have a website where you upload files, and you are going to upload a file that probably has some malicious code that could be executed. When you upload it, it is going to sit on your system. How do you know that a file that is attached to a website is not malicious? A WAF generally doesn't take this up. That's where a combination of WAF and firewall comes into the picture. It's about defining and ensuring what is your load and how many applications you want to protect. Do you really have the skills to manage those policies in-house? If you don't have really good engineers who look at the policies and manage these boxes, then it is better to go for managers like Silverline. If you have good hands on the ground, then use an Advanced WAF in your data center. Some companies might not need on-premises deployments because they might be using a cloud. In that case, run this on the cloud. You could have virtual licenses or virtual machines running on the cloud, or you could use Silverline. If you're more security passionate, then you probably will have to have a Silverline for it and then another WAF within your cloud. Again, there's no one way to do it. It depends on your network, but do not rely on one product because every product has its limitations. I would easily rate F5 Silverline Web Application Firewall a seven out of ten. I won't give it an eight because I haven't tested it for a longer period.

2020-09-17T08:05:57Z
author avatar
Top 20Real User

We just renewed our license and will be continuing to use this product. Overall, this is a good security solution, but there is no such thing as a perfect appliance in IT. I would rate this solution an eight out of ten.

2020-04-02T07:00:12Z
author avatar
Top 5Real User

I would rate the F5 Silverline Web Application Firewall an eight out of ten. Pricing is the reason why I wouldn't give it a ten. There's really no 10 I think in the market. They always have something that needs to improve or upgrade.

2020-02-17T07:42:00Z
author avatar
Real User

This is one of the best solutions. I would rate them a ten out of ten.

2019-09-24T05:43:00Z
author avatar
Top 10Real User

If you are looking for web security and don't have any solution, just try it. I don't think the solution needs too much more. Sometimes you try to build too much and you make things worse. They should just take what they have right now and continuously improve it to make it better. With caching and security, everything so far is fine. I would rate this solution 9 out of 10.

2019-07-07T06:35:00Z
Find out what your peers are saying about F5, Imperva, Akamai and others in Web Application Firewall (WAF). Updated: November 2021.
553,954 professionals have used our research since 2012.