Please share with the community what you think needs improvement with F5 Advanced WAF.
What are its weaknesses? What would you like to see changed in a future version?
The scalability could be improved. There is a version with 25 and 200 Mbps, no options in between
I would like to see the pricing of this solution improved. There are a lot of other products that are trying to compete with this solution, and there are a few now that are very good. I know that F5 doesn't always worry about the pricing because of the branding, but if they want to capture more of the market then they need to consider that not everybody thinks about the brand. Some are concerned with the price, and some of the competitors offer solutions at a lower cost. While it is true that price is only one of the things that people consider, it is one of the major factors that can cause them to lose the battle to a competitor. This solution can be made more user-friendly.
The templates of the iApps could be better. The solution's dashboard could be improved. When you're moving from policy to policy, the logs and the integration of the logs in other systems aren't straightforward. The solution has a lot of training material, but not about integration in a virtual improvement. They should create more documentation around this for users.
I would not expect traffic details to pass through the web application firewall across the length of the whole application. I think that there is a web application where it can let the application function without traffic going in into the WAF. I think the solution is already being phased out. They are now going for a more advanced option but I'm referring to the web crawler. The web crawler should be able to allow a web application on its own to create policies, rather than wait for traffic to go to the WAF.
The solution is tedious. It takes a lot of discrete settings so one needs to get detailed and granular when they use the solution. It takes you a whole lot of energy and concentration to configure. It needs to be much more straightforward, like other web solutions. They need to have a way to define attack signatures. It might help improve the user experience.
This solution is the best out there on the market. One thing that can be improved, is to increase the quantity over predefine policy. I know it's impossible to do it all, but what I would have liked to increase the ready-to-deploy templates with only a few clicks.
I think the deployment template can be better, like the iApps they have in the F5 MPM. I think the deployment templates can be better.
The administrator's user interface and some of the settings can sometimes be very complicated to understand. It would really help if they could be easier and more user-friendly. Perhaps the developers can add a training video that shows users what to do. I am sure it is a good product and you only need some experience to become familiar with it. Another thing that may need improvement, is upgrading from one version to another. It is good, but it can be faster.
Everything is good about the F5 WAF, except the reporting. It's really difficult to set records from that device, the UI is kind of hard to work with, and the reporting must be improved. As a suggestion to the F5 company, they have to put in shells to have the next generation WAF. So, instead of buying different modules and different hardware and appliances, they can offer an all-in-one solution for WAF.
In general, the web interface is not really catchy. It's very powerful, very customizable, but it doesn't have a very nice GUI interface for a new adopter. For them, they'd have to do a lot of configuring. At least the reporting and monitoring parts, let's say, to be honest, should have a better interface. A few other products have very nice dashboards, out of the box, and F5 is not that friendly to use. Also, when you buy WAF, you have to buy another module called APM to do authentication. You have to buy another module with an extra license, to have the authentication feature. Other vendors have it interwoven. For example, I don't know if Barracuda has it, but Citrix has it under the same license. So maybe add authentication functionality in the AOS license, and not separate.
For F5 Advanced WAF, it's only 70% different over time with upgrades. F5 can still build AWS support after many long years of absence. It's difficult to use. F5 Advanced WAF needs better integration within the application, like remote dashboards. The pricing is too high. It needs better security features with the interface or dashboard. We go through some problems with the Disc Doctor services and F5 was recommended to fix or avoid the same situation in the future. F5 now is the product we use for the web products to have a web application firewall. We need better integration in the application and more security features in the future.