A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. TR verified that a representative sample of customers was invited. More Info
Verified User
Engineer in Information Technology (51-200 employees employees)
Use Cases and Deployment Scope
-F5 BIG-IP DNS provides Global Server Load Balancing (GSLB), intelligently distributing client traffic across multiple data centers, such as primary (DC) and disaster recovery (DR) sites. -Client side initiated requests are processed as DNS queries and directed to the appropriate data center, ensuring optimal performance, resilience and high availability. -The system continuously performs health checks on destination servers in both DC and DR locations, routing traffic only to endpoints that are verified as healthy -Also mitigates DDos attacks and malicious queries -Directs client requests to nearest and optimal response data centers, -Provides hybrid support in directing traffic between on prem and cloud hosted applications -It also reduces a lot of manual man power by automatically failover and diverting the traffic without losing business -F5 BIG-IP DNS works more robustly by integrating it with F5 BIG IP Advance firewall Manager as it allows to configure security profiles that provides more granular level of protection
Pros
Routing the traffic to multiple data centers deployed in different locations
Examines the servers health, performance metrics and do evaluation on the basis of geography as well to redirect queries to optimal destination
Provides rate limiting feature to mitigate DDos and DNS flood attacks
Best in routing the traffic to multiple clouds including on prem resources
Faster results of the queries and reduced latency is one of the biggest advantages of F5 BIG-IP DNS
Cons
Implementing iRules requires advanced expertise, and additional vendor resources or guidance would significantly ease adoption for clients
While the user interface is intuitive, many tasks demand extensive manual effort. Greater automation across both UI and CLI would reduce operational overhead and improve efficiency.
similar limitation is observed in BIG‑IP ASM, where analytics lack sufficient granularity to support detailed task execution and effective implementation planning
Return on Investment
Saved almost 1.2 million USD for one of critical activities as downtime could have posed this but due to failover based on health checks saved these bucks
Business impact which can be caused due to DDos attacks avoided
High cost licensing as mentioned earlier as well
Analytical limitations as F5 has also mentioned multiple it’s not an analytical tool
Usability
Alternatives Considered
IBM Security QRadar SIEM, Barracuda Email Protection, Barracuda Load Balancer ADC, Barracuda Web Security Gateway, Barracuda Application Protection, F5 BIG-IP Access Policy Manager (APM), F5 BIG-IP Local Traffic Manager (LTM), F5 Big-IP Advanced WAF, F5 Distributed Cloud WAF (Web Application Firewall) and F5 Distributed Cloud API Security
Other Software Used
IBM Security QRadar SIEM, Barracuda Application Protection, F5 BIG-IP Local Traffic Manager (LTM), F5 Big-IP Advanced WAF
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. TR verified that a representative sample of customers was invited. More Info
Verified User
Engineer in Information Technology (10,001+ employees employees)
Use Cases and Deployment Scope
We noticed lots of traffic, lots of users using the DNS over TLS, and then it was hard for us to allow it from the firewall perspective. We tried to block all of them, but we had to sit back and to make sure that we have another product as a DNS, F5 BIG-IP DNS. We were actually able to SSL decrypt all that traffic and then put all this model as a DOT or DOH, and to make sure that, to see all that traffic and then inspect, they call Bricken inspection. And we were able to analyze the data after the decryption and then make sure that we hid all this encrypted data behind the HTTPS and protected it for our corporate users.
Pros
I love this product, especially DoH because it's not able to do the same functionality in NextGen firewalls on our edge location because of the nature that integrated with the F5 BIG-IP, the V we provide for our external clients and we love it the most because it's, it's right in the same box, we use it and then we get the benefits out of the same big IP boxes, same VE boxes. And I think that's the only aspect we liked the most.
Cons
So far we liked it the most. In previous version, like the 15 we had very difficulty, but with the new version they brought it up. The 16.1, there was not any difficulty and I wish I see more view loggings, the log analytics from this. I would say that's the only thing, but the rest is been great since 16.1.
Return on Investment
Well, yes, I would say a big impact for ours. We were able to have more visibilities and trying to allow those traffic that we weren't able to see what is behind the scene and then reduce a lot of attackers. And then it led us to actually allow our clients freely using the DOT or DOH.
Other Software Used
Palo Alto Networks Next-Generation Firewalls - PA Series, F5 BIG-IP
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
Verified User
Engineer in Information Technology (10,001+ employees employees)
Use Cases and Deployment Scope
Today we use it for Global Availability and HA across our multiple cloud regions and equinix facilities both internally and externally.
Pros
Being able to create topology load balancing is very easy and straightforward
It works really well to detect which region or state you are in to be able to load balance to the closest location
Cons
We struggle with the fact that F5 BIG-IP DNS uses the LDNS. Today we use infoblox and we are able to tag ECS data so that the F5 can see the true source of the client but it would be cool if somehow that would work without having to forward.
One thing that I also struggle with is the time stamps and adding new GTMS into the cluster. I have wiped out my deployment before because the timestamps we're wrong.
Return on Investment
It has created an easy environment for us to onramp and load balance based on region into our GCP instances. This provides a faster experience for our customers increasing sales.
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info
Verified User
Engineer in Engineering (10,001+ employees employees)
Use Cases and Deployment Scope
We use F5 BIG-IP DNS for DNS resolutions. We used to have Infoblox for DNS queries and with Infoblox as our environment grew, there were resource issues. We had users complaining about DNS queries taking lot of time. With Infoblox, service used to restart nightly at 10pm. When we moved to F5 BIG-IP DNS, nightly restart was addressed.
Pros
DNS Caching
DNS Response Time
Stability
Cons
Instead of purchasing separate DNS appliance, would like to see a containerized LTM with DNS
Return on Investment
Service restart was addressed which we had with previous DNS solution
A de minimis incentive was given to thank the reviewer for their time. The incentive was not used to bias or drive a particular response, nor was the incentive contingent on a positive endorsement. More Info