Please share with the community what you think needs improvement with F5 BIG-IP.
What are its weaknesses? What would you like to see changed in a future version?
The license terms for "non-commercial" are challenging for us.
I would like to see improvement in the manageability and easier setup. They need to have features that you can turn on and spin up and not have to buy a license for. I'd want to be able to quickly spin up a feature and start using it and then come back and pay for it later. Citrix has them beat on that.
The products are great and easy to upgrade from time to time to improve functionality. F5 BIG-IP is working fine. We use it more in production and operations. There are issues with F5 BIG-IP but they are minor issues, not big ones. This does not affect production and services. Sometimes the operations and the facility systems fail. However, there is an alert action from the windows. Related to the groups, when it comes to cost, rates are regulated. When the market is not good, then we will consider doing the increase. In general, there are more features that could be provided with F5 BIG-IP if it were not so costly. From application to application to customer respects, you can't always customize software based on customer requirements. If you don't consider that, you can't deliver.
Services to be improved: * Multi-cloud consistency, like to simplify administration with centralized policies with multi-cloud vendors * F5 lateral scalability within the container is still restricted. * Web application firewalls and service mesh would be a nice-to-have feature. * Drive programmable application with 100% restful API * Cover deployment * Monitoring * Policy-based control.
They have to scale, developing more products. I would like them to have more flexible models.
We would like to have integration into encryption and PKI integration with SafeNet. That is probably the key component in using External PKIs, letting people bring their PKIs with them. On the back-end, we have a SafeNet component. They are going to bring additional features in, so allowing integration with encryption and PKI, and tying it back into Microsoft AD in the back with an LDAP lookup for users.
The auto logout feature after three minutes is terrible. I wish they would make that longer, since it is not a feature that we can change.
They could improve the product's ease of use. There has been a bit of complication on some things from the admin side. There is some confusion how to operate it.
Certificate management needs improvement. I would like automated deployment of new certificates without manual intervention to be in the next release of this product.
We would like to see load balancing between the cloud and the on-premise, a straightforward deployment feature.
* Cloud native integration should be provided. * Native support for containers should be added to future releases, as this is the future of load balancing.
The management process seems a bit difficult. The management interface is unclear, complex, and not concise. I would like a better user interface. For integration with other AWS environments, we do some tie-ins with some autoscaling groups. This has been challenging for us. We have had issues, where when autoscaling groups scale up, there are some instances which are not showing up in the proper size. Then, those IPs would get registered with F5, but never get released. Therefore, we are ending up with a whole bunch of ghosted IPs. However, this is more an implementation detail than an F5 detail.
People love them in security, but their costs are completely out of bounds. However, I'm not a security guy, so I don't necessarily know all the ins and outs of why our security team may have chosen this product versus other ones. I am disappointed with the additional cost. 25 megabytes is low. If we get to a thousand, a gig, It is like three dollars an hour. While you can get a reduction in price, when I price them against anyone else, they are wildly overpriced. I used GitHub for autoscaling CloudFormation, and I found two bugs and I submitted them. Their implementation in GitHub could be cleaner and allow for a bit more customization. We always end up customizing these things, so I found two bugs and I thought they were big bugs so I was surprised. This wasn't necessarily relative to product. It was more about the support role of GitHub and the way it was launching. However, the features that they said would work, did not.
I would like them to expand load balancing, being able to go across multiple regions to on-premise and into the cloud. This could use improvement, as it is sometimes a little cumbersome.
They need to improve the interface and some of the functionalities.
The pricing could be improved.
We need best-practice information. They have something called DevCentral and a blog. But we want something from F5 itself regarding how to tackle the false-positive configurations. If you go into detail with so many configurations it will find so many false positives from the moment it is enabled that it will quickly impact your applications, and it will not work.
F5 should improve or develop the reporting tools further. They should improve the management policies on the BOX.
In future, I would like there to be more device security. I would like the tool to support SSL links, along with SSL and TLS. It also needs to disable the old cipher suite, which is a very old. There are ciphers, like D5, still available on the device.
Logging is a bit of a problem. Logging and monitoring are only in plain text. You have to search and you have to know what you are searching for to find anything. So of course, monitoring and getting alerts for abnormal situations is hard. There are no tools for monitoring and alerts. If you have problems and you need to diagnose them, you really have to know what you're looking for in order to find it. Logging and monitoring could be something out-of-the-box that are more accessible.
I would like to see F-5 implement a regular routing like in other Linux-based devices. We know the F-5 is not a router, but can be used for traffic forwarding, so it's not the same as other devices if we compare it with Citrix-based devices. It is a simple Linux-based routing software. I don't have any problems with it. However, in F-5, when we try and integrate in some complex networks, we have to use some additional routing scenarios from a Layer 3 perspective, then we have some problems. It would be great if this were fixed somehow. We have to keep in mind features when we deploy an F-5 solution. Designing the same approach in Citrix can often be simpler. I have written syntax in F-5 which were complicated; not straightforward. For example, in a Citrix device, we have a lot of predefined patterns, and it's much simpler to implement.
Internet and cloud support could be improved. Security enhancement should be more user friendly.
It would help to get more training, even better in local languages. While we are able to speak and understand English, sometimes it is much easier to use the language you truly understand.
I would recommend that the cost be lowered. User tracking: Needs to provide a visual interface to follow a customer's activity (from client to BIG-IP to SNAT IP to the chosen server, then back). Today, we are still performing packet captures.
Performance is the first thing and most critical issue that needs improvement. Supporting more Clients would be nice, but without improving performance, F5 will not widely be used for critical work. It killed an international meeting the first time that we used BIG-IP VPN.
The room for improvement is that the product is a little costly. I live in the Third World, Pakistan. We have budget constraints, even in big enterprise servers. My team said that this product is too costly, and why don't we go with another product, we should do a comparative analysis with Citrix and F5. I told them that is costly, but it has rich features, the support is good, the features are reliable, and the technical assistance center, the tech support, is almost perfect. Still, I would say they need to cut their prices for countries or regions that we live in. The one gap I saw was that pure LBN integration is a little tricky. The insertion of F5 in LBN is a little tricky. They need to work on something, on products by which they can insert F5 in any sort of cloud environment. These are not really big things. They are continuously improving. They are improving day by day, and they are the number-one load balancer.
Implementing whitepapers with a lot more applications could easily be added. This project is missing some relevant features: * We set up the customer through the load balancer. * Then once it is there and functional, then the next step is to add the web application firewall on the same boxes.