Skip to main content
TrustRadius
F5 BIG-IP Advanced Firewall Manager (AFM)

F5 BIG-IP Advanced Firewall Manager (AFM)

Overview

What is F5 BIG-IP Advanced Firewall Manager (AFM)?

F5 Networks offers the F5 BIG-IP Advanced Firewall Manager, a firewall software combining a number of features including DDoS, DNS security, and other protections.

Read more

Learn from top reviewers

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is F5 BIG-IP Advanced Firewall Manager (AFM)?

F5 Networks offers the F5 BIG-IP Advanced Firewall Manager, a firewall software combining a number of features including DDoS, DNS security, and other protections.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

2 people also want pricing

Alternatives Pricing

N/A
Unavailable
What is Cisco Firepower 1000 Series?

The Cisco Firepower® 1000 Series for small to medium-size businesses and branch offices is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms designed to deliver business resiliency through superior threat defense. The vendor provides that they offers exceptional…

What is SonicWall TZ?

SonicWall TZ is a NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.

Return to navigation

Product Details

What is F5 BIG-IP Advanced Firewall Manager (AFM)?

F5 BIG-IP Advanced Firewall Manager (AFM) is a full-proxy network security solution designed to protect networks and data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5’s BIG-IP hardware and software platform, BIG-IP AFM is presented as a scalable platform that delivers the flexibility, performance, and control needed to mitigate aggressive distributed denial-of-service (DDoS) and protocol attacks before they overwhelm and degrade business critical services.

F5 intrusion prevention system (IPS), natively a part of F5 BIG-IP AFM, performs Layer 5-7 inspection of all incoming traffic and protects more than 25 protocols and infrastructure applications against security incidents and exploits. BIG-IP AFM’s IPS solution reviews traffic for adherence to protocol standards, matching it against hundreds of known attack signatures. It protects DNS infrastructure against protocol attacks and exploits that can impact performance. For service providers, BIG-IP AFM IPS protects the network edge, performing traffic inspection and protocol adherence for prevalent service provider protocols such as SS7, Diameter, HTTP/2, GTP, SCTP and SIP traffic coming into the network over UDP, TCP, and SCTP.

F5 BIG-IP Advanced Firewall Manager (AFM) Features

Firewall Features

  • Supported: Identification Technologies
  • Supported: Visualization Tools
  • Supported: Content Inspection
  • Supported: Policy-based Controls
  • Supported: Firewall Management Console
  • Supported: Reporting and Logging
  • Supported: High Availability
  • Supported: Stateful Inspection
  • Supported: Proxy Server

Additional Features

  • Supported: High-volume logging controls - Supports, SNMP, SIP, DNS, IPFIX collectors, and protects log servers from being overwhelmed.
  • Supported: S/GI firewall for service providers - Defends network infrastructure and mobile subscribers from attacks such as DDoS.
  • Supported: SSH Channel Protection - Provides granular, policy-based control over SSH traffic in data centers.

F5 BIG-IP Advanced Firewall Manager (AFM) Videos

In this video F5 demonstrates how offloading DDoS detection and mitigation from BIG-IP AFM VE to an Intel SmartNIC empowers organizations to prevent large, complex attacks from overwhelming their virtualized environments.
F5 DevCentral's John Wagnon discusses solutions to apply BIG-IP Advanced Firewall Manager (AFM) policies dynamically based on geolocation of source IP address.

F5 BIG-IP Advanced Firewall Manager (AFM) Competitors

F5 BIG-IP Advanced Firewall Manager (AFM) Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

F5 Networks offers the F5 BIG-IP Advanced Firewall Manager, a firewall software combining a number of features including DDoS, DNS security, and other protections.

Arbor Sightline, Radware DefensePro, and NETSCOUT Arbor DDoS Protection are common alternatives for F5 BIG-IP Advanced Firewall Manager (AFM).

The most common users of F5 BIG-IP Advanced Firewall Manager (AFM) are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Stress Monitoring Feature: Several users have praised the stress monitoring feature for load balanced traffic, citing its ability to enhance security measures and provide real-time insights into network activities. This feature has been instrumental in proactively identifying potential threats and ensuring smooth operations.

Machine Learning Capabilities: Users have highlighted the machine learning capabilities for contractual reporting as a crucial asset for automating tasks, improving decision-making processes, and enhancing overall operational efficiency. The advanced functionality offered by these capabilities has helped streamline complex reporting requirements and save valuable time for users.

Effective Attack Mitigation: The DDoS and other attack mitigation capabilities have garnered positive feedback from users for their effectiveness in swiftly identifying and neutralizing various cyber threats. By providing robust defense mechanisms, these features contribute significantly to maintaining a secure network environment and minimizing disruptions caused by malicious attacks.

Small GUI Icons: Several users have expressed that the GUI icons are very small, making them difficult to see and interact with effectively. They have suggested an overall UI refresh to improve visibility and usability.

Costly Training: Users have mentioned that accessing training for the tool is not easily achievable and often comes with a high cost, which can be a barrier for those looking to enhance their skills or knowledge of the tool.

Limited User Control: Reviewers have highlighted the limited changes that end-users can make within the tool, leading to a sense of caution among users who prefer more customization options.

(1-5 of 5)

Great experience with F5 BIG-IP Advanced Firewall Manager

Rating: 9 out of 10
February 09, 2024
AC
Vetted Review
Verified User
F5 BIG-IP Advanced Firewall Manager (AFM)
2 years of experience
F5 AFM offers unparalleled protection against cyber threats by seamlessly integrating with your network infrastructure and providing comprehensive security policies. Its advanced capabilities empower administrators to effectively manage and mitigate risks, ensuring continuous availability and optimal performance for your applications and services. With F5 AFM, you can confidently safeguard your network assets while maximizing productivity and minimizing downtime, making it an essential component of any modern IT ecosystem.
  • Threat Prevention and Mitigation
  • Application Layer Security
Cons
  • Complex Configuration
  • Enhanced Threat Intelligence Integration
Organizations that prioritize application security can benefit from F5 BIG-IP Advanced Firewall Manager (AFM)'s deep packet inspection capabilities and granular traffic policies, which help protect critical applications from various cyber threats.AFM is well-suited for mitigating Distributed Denial of Service (DDoS) attacks, thanks to its robust DDoS protection features, which can detect and mitigate volumetric, protocol, and application-layer attacks in real-time.

F5 BIG-IP Advanced Firewall Manager (AFM) - Excellent Module for Firewall Functionality

Rating: 10 out of 10
February 13, 2024
Vetted Review
Verified User
F5 BIG-IP Advanced Firewall Manager (AFM)
4 years of experience
We use F5 BIG-IP Advanced Firewall Manager (AFM) to segment traffic and prevent third-parties from accessing services outside of what they are permitted to access, per contractual documentation and other associated forms. With AFM, we are functionally protecting ourselves, our customers, and mission critical infrastructure, allowing our work to continue as necessary for the flying public.
  • Stress monitoring for load balanced traffic
  • Machine learning capabilities for contractual reporting
  • DDoS and other attack mitigation
Cons
  • More intuitive user interface
  • Better naming conventions
  • Fewer navigation steps to prevent abstraction
We were able to eliminate a firewall from our network architecture by integrating the module into our existing F5 BIG-IP Advanced Firewall Manager (AFM). This allowed us to save on tech refresh costs, since the F5 was able to handle the module without much additional strain on the device. However, if a firewall had features that the AFM lacked, then using that firewall in tandem with an F5 would be preferable.
F5 BIG-IP Access Policy Manager (APM), F5 BIG-IP Local Traffic Manager (LTM), F5 BIG-IP SSL Orchestrator

F5 BIG-IP Advanced Firewall Manager (AFM) is good for basic port blocking

Rating: 6 out of 10
February 10, 2024
Vetted Review
Verified User
F5 BIG-IP Advanced Firewall Manager (AFM)
3 years of experience
I use AFM to do basic port-based protections for both external VIPs and internal datacenter traffic
  • Port based controls
  • Ease of using address objects
Cons
  • Ability to use external dynamic lists
F5 BIG-IP Advanced Firewall Manager (AFM) is good for basic port blocking, not good for any security signature options

Value for money

Rating: 9 out of 10
November 23, 2021
Vetted Review
Verified User
F5 BIG-IP Advanced Firewall Manager (AFM)
2 years of experience
We use F5 [BIG-IP Advanced Firewall Manager] as a load balancer and for SSL offloading. We have created AFM iRules to manage attacks such as DDoS and threat intelligence.
  • Load balancing using pools
  • SSL offloading
  • iRules for threat handling
Cons
  • The GUI icons are very small and Overall UI can use some refreshing
  • The training on the tool is not easily available and mostly involves a high cost
  • The support or third party implementation teams could use some improvement
F5 BIG-IP [Advanced Firewall Manager] is a one box solution for all three of our needs, firewalls, load balancers, and WAF. This is a great tool for [the] security of the servers and services.
  • It offers vast options of types to configure load balancing
  • The security plane of this tool is very competitive
  • It is a very useful and one of the top WAFs available in the market
Firewall (9)
72.22222222222223%
7.2
Identification Technologies
80%
8.0
Visualization Tools
70%
7.0
Content Inspection
90%
9.0
Policy-based Controls
80%
8.0
Firewall Management Console
70%
7.0
Reporting and Logging
80%
8.0
High Availability
90%
9.0
Stateful Inspection
90%
9.0
Proxy Server
N/A
N/A
  • When we had to decide on whether to buy different hardware our team were all in support of renewal for F5 [BIG-IP Advanced Firewall Manager]
  • F5 [BIG-IP Advanced Firewall Manager] requires proper training on tools and clear concepts of packets, headers, and content to create WAF policies
  • Overall, we are satisfied by the ROI provided by our F5 AFM and GTMs
Both F5 [BIG-IP Advanced Firewall Manager] and Radware require training as they are not easy to use. But Radware uses some configuration that needs deep learning and proper labs. From an admin's perspective, Configuration and management for F5 [BIG-IP Advanced Firewall Manager are] less. Also, the cost of implementing F5 [BIG-IP Advanced Firewall Manager] is lesser than that of Radware Alteon.
Infoblox DDI (BloxOne), LogicMonitor, OpSmart ITSM / CMDB

F5 Advanced Firewall Manager is a robust and solid solution

Rating: 9 out of 10
January 10, 2020
Vetted Review
Verified User
F5 BIG-IP Advanced Firewall Manager (AFM)
5 years of experience
The F5 Advanced Firewall Manager is being used across our entire organization allowing us to manage the toll for all employees with one team and one contact point. It also ensures all divisions have the same security which is key as we reorganize and restructure. All groups can expect the same functionality.
  • Central management.
  • Strong security.
Cons
  • If unsure, can be overly cautious.
  • There are few changes the end user can make.
F5 Advanced Firewall Manager is good for large organizations that need to have a consistent experience for all end users. Might be a little much in the terms of complexity for smaller organizations. Either way, it provides a strong solution that meets the needs of both the IT security group and the end-user.
Firewall (11)
90%
9.0
Identification Technologies
70%
7.0
Visualization Tools
80%
8.0
Content Inspection
90%
9.0
Policy-based Controls
90%
9.0
Active Directory and LDAP
100%
10.0
Firewall Management Console
100%
10.0
Reporting and Logging
90%
9.0
VPN
100%
10.0
High Availability
90%
9.0
Stateful Inspection
80%
8.0
Proxy Server
100%
10.0
  • Easy maintenance reduces support hours.
  • Consistent experience reduces user learning curve.
SolarWinds Network Configuration Manager is a bit easier to initially set up than F5 Advanced Firewall Manager but not as robust in its ability to manage different devices with different profiles. Different machines need different access and F5 Advanced Firewall Manager is better at allowing flexibility in identifying different devices and managing what they can access.
F5 Advanced Firewall Manager has been a solid, strong solution to both keep our systems safe and being seamless for our end users. Most of the time, the end-user is not impacted and does not even know F5 Advanced Firewall Manager is running which is exactly what we are looking for.
Return to navigation