F5 Distributed Cloud WAF leverages F5's Advanced WAF technology, delivering WAF-as-a-Service and combining signature- and behavior-based protection for web applications. It acts as an intermediate proxy to inspect application requests and responses to block and mitigate a broad spectrum of risks stemming from the OW ASP Top 10, persistent and coordinated threat campaigns, bots, and layer 7 DoS.
Few scenarios 1. For viewing API analytics, I think it is best in the market 2. For earning money via API monetization 3. Securing API 4. Onboarding legacy APIs to provide modern REST endpoints
So a lot of companies that have a digital side and they have a lot of applications in the cloud, this is one of those areas that it can protect the net so it can lock 'em down, it'll build a baseline so you understand what that application's doing. So if it sees something not normal, it'll get protected against that.
Layer seven attacks are becoming far more common. Traditionally it was always layered three, layer four, where you get an additional firewall, but with the application layer attacks become more frequent, more popular, et cetera. So having the web application firewall protecting us, and then with the recent Log4j, that's the most recent use case when it gave us that instant level of protection whilst we remediated the Log4j that we had that and the F5 Distributed Cloud WAF was protecting us.
I have a great relationship with the account manager, my account manager, and I think he drives the best price possible, um, for me, and I'm happy with that price.
F5 Distributed Cloud WAF is always innovating and evolving.
We run a very competitive proof value where we run numerous competitors against each other, and then we evaluate from that and then make the selection, and F5 Distributed Cloud WAF was the winner.
Prohibited from using JSON.stringify on Apigee objects (tokens)
Debugging is difficult
Unable to rename or delete policies without bumping revision
Why would anyone give a js policy one name, display name something else, and script a different name?
'Trace' limited to only 20 transactions
UI allows users to add target servers, but users must utilize the api to turn on SSL.
I'm sure there's more, they just aren't coming to mind right now.
Apigee forgets (expires?) your password at random intervals without notice. Every few weeks, or days, sometimes even three times in one day, I'll attempt to login to Apigee and my password will be 'wrong'. I've reset my password and Apigee still claims it's wrong. I've had to reset my password three times before it finally let me log back in.
So we just had some performance issues when it comes to routing. Because the web application firewall sits in front of our website, which is hosted on-site, we had some trouble with the VGP protocols between the two sites and it took us a while to figure it out. So that is probably one area where we could improve. Otherwise, when it comes to the WAF functionality itself, it's really good.
I am not the one deciding whether to use apigee or not really. But personally, I would recommend the use of it as developing APIs on it is easy. And as a mediator between backend servers, we could easily modify request and responses in it without touching any backend code while having a centralize gateway to access our backend APIs too.
Quite hard to get support, at least on the coding side, when we encounter blockers. But general concerns, they would schedule a call to you for them to get a whole picture of your concern. Albeit in my experience, bad really as they haven't replied about the progress, but otherwise seems to have been fixed.
Apigee is the best in the market in terms of API Analytics Apigee is having wonderful Documentation with short videos Security is a major concern and Apigee provides an easily configurable policy to secure API Quota and rate-limit is again very easy to configure on every API basis It provides various policies to transform the response from one form to another form e.g. JSON to XML or XML to JSON
Basically, Cloudflare is a more economical solution at the level of DNS balancing, easy to use with a few simple clicks and that has gained an advantage in the market, however, compared to F5, it falls short of the entire protection panorama that the solution provides since F5 does not It's just DNS that goes further and that's where it differentiates and stands out.
As a public entity it is hard to say how much ROI we can have. We have yet to create a billing and ROI plan. We are thinking of other ways to create ROI, possibly through data/service barter.
Accelerated time to value as it was a requirement for a workload being provisioned on that cloud
As an existing f5 customer, access to their solutions integrator (GridZero) made the sizing, licensing, purchases, and downloading of the software very quick and painless
