F5 Distributed Cloud WAF (Web Application Firewall) Reviews & Insights

Score9.2 out of 10

284 Reviews and Ratings

Learn More

F5 Distributed Cloud WAF (Web Application Firewall)

Learn More

Overview

Synthesised from 39 reviews | Last Published June 30, 2026

F5 Distributed Cloud WAF is widely adopted by organizations to secure web applications and APIs against threats such as OWASP Top 10 risks, DDoS attacks, and malicious bot activity. In TrustRadius reviews, users emphasize its role as a critical first layer of defense, safeguarding sensitive data and ensuring application availability. Reviewers frequently commend its robust security capabilities, with 31% specifically highlighting its effectiveness in mitigating Distributed Denial of Service (DDoS) attacks.

The platform also simplifies application security through unified policy management across diverse environments, contributing to an improved security posture and reduced operational costs. However, a significant portion of reviewers, 26%, point to challenges with the user interface and navigation, citing complexity in advanced policy configuration. Despite these areas for improvement, the product generally provides a positive return on investment by protecting critical assets.

Pros

Robust protection against DDoS attacks
Effective detection and blocking of malicious bot activity
Comprehensive API protection
Simplified application security through unified policy management
Reduced total cost of ownership due to cloud-native architecture

Cons

User interface and navigation complexity
Challenging advanced policy configuration and tuning
Limited customizability and detail in reporting and dashboards
General ease of use could be improved for some users

Read Full Review Insights

View All Reviews

F5 Distributed Cloud WAF (Web Application Firewall) Reviews

182 Reviews

f5 revision [...]

Rating: 10 out of 10

Incentivized

June 8, 2026

Use Cases and Deployment Scope

Prevention of abuse of unauthorized methods or attacks on financial applications

Prevencion de abuso de metodos no permitidos o ataques a Las aplicaciones financieras

Pros

Blocking of unauthorized methods
Blocking a List of Non-Allowed Countries
blocking known attack signatures
Bloqueo de metodos no permitidos
Bloqueo de una LISTA de Paises no permitidos
bloqueo de firmas de ataques conocidas

Cons

To block IP reputation, add a whitelist.
para bloqueo por reputacion de IP, agregar una LISTA blanca

Likelihood to Recommend

Highly suitable for applications that are exposed to high-traffic internet, financial applications, applications that require authentication, that need to be secure, that must use data encryption, that must be protected from attacks; less suitable for internal applications.

Muy apropiado para aplicaciones que estan expuestas a Internet con mucho trafico, aplicaciones financieras, que requieren autenticarse, que requieren que sean seguras, que deben utilizar cifrado de datos, que se deben proteger de ataques, menos apropiado para aplicaciones internas.

This review was originally written in Spanish and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.

Verified User

Manager in Information Technology (1001-5000 employees)

Vetted Review

1 year of experience

Let be helped by the best.

Rating: 9 out of 10

Incentivized

June 8, 2026

Use Cases and Deployment Scope

In our organization, F5 Distributed Cloud WAF (Web Application Firewall) has been useful for detecting and preventing attacks on our services and for implementing our security policies.

Pros

Prevent attacks.
Filter content.

Cons

Likelihood to Recommend

If asked, I think I am likely to recommend F5 Distributed Cloud WAF (Web Application Firewall) to a colleague because, in my experience, F5 Distributed Cloud WAF (Web Application Firewall) is well-suited to analyze SQL Injection and XSS.

Verified User

Manager in Information Technology (10,001+ employees)

Vetted Review

5 years of experience

F5 Distributed Cloud WAF (Web Application Firewall) Review

Rating: 10 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

The main benefits observed were increased protection for digital services, a reduced attack surface, simplified security management, and improved availability of critical applications for end users.

Os principais beneficios observados foram o aumento da protecao does services digitalis, a reducao de superficie de ataque, a simplificacao da gestao de seguranca e a melhoria da disponibilidade das aplicacoes criticas para os usuarios finais.

Pros

Advanced protection against web threats
API Security and Bot Controls
Centralized management in hybrid and multi-cloud environments
Operational visibility and incident response
Protecao avancada contra amecas web
Seguranca de APIs e controls de bots
Gestao centralizada em ambient es hibridos e multinuvem
Visibilidade operational e resposta a incidentes

Cons

Learning curve and usability
Custom reports and dashboards
Simplification of event investigation
Curva de aprendizado e usabilidade
Relatorios e dashboards personalizados
Simplificacao da investigacao de eventos

Likelihood to Recommend

The F5 Distributed Cloud WAF is particularly suitable for organizations that deploy web applications and Internet-critical APIs, especially in hybrid and multi-cloud environments.

O F5 Distributed Cloud WAF e particularmente adequado para organizations que expoem aplicacoes web e APIs criticas a Internet, especialmente em ambientes hibridos e multinuvem.

This review was originally written in Portuguese and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.

Raimundo Lima

Coordenador in Information Technology at Prefeitura de Fortaleza (10,001+ employees)

Vetted Review

10 years of experience

F5 Distributed Cloud WAF (Web Application Firewall)

Rating: 10 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

Primarily for the protection of our clients' web applications and portals, as they constantly seek the most comprehensive security for both new developments and existing public-facing portals which represent an attack surface and require robust security due to their corporate profiles.

Principalmente para la proteccion de aplicaciones y portales web de nuestros clients ya que Ellos siempre estan buscando la seguridad mas completa para sus nuevos desarrollos y actuales portales que son publicos y son un area de ataque y debido al perfil de sus empresas requieren una seguridad muy completa

Pros

Portal protection
Web applications
new app developments and releases
Proteccion de portales
Aplicaciones web
nuevos desarrollos y publicaciones de apps

Cons

Maintaining meticulous management of parameters
A more intuitive platform
El tener minuciosa administracion de parametros
Una plataforma mas intuitiva

Likelihood to Recommend

Web application protection

Protección de app webs

This review was originally written in Spanish and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.

Mayra Mendoza Palomares

Ingenieria en Telecomunicaciones in Engineering at Cuallisys (11-50 employees)

Vetted Review

1 year of experience

View profile

F5 Distributed Cloud WAF (Web Application Firewall) Review

Rating: 9 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

to protect web servers

para proteger servidores web

Pros

service protection
dos protection
bot protection
proteccion de servicios
proteccion dos
proteccion bot

Cons

better visibility
bot
mayor visibilidad

Likelihood to Recommend

for better application protection

para una mejor proteccion de aplicativos

This review was originally written in Spanish and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.

Verified User

Engineer in Engineering (11-50 employees)

Vetted Review

6 years of experience

F5 Distributed Cloud WAF (Web Application Firewall) Review

Rating: 10 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

I use it to protect the company's dynamic website and other applications

lo utilizo para proteger la pagina web dinamica de la compania y otras aplicaciones

Pros

I like the DNS protection.
DDoS protection
Header protection
me gusta la proteccion de dns
la proteccion contra ddos
proteccion de los header

Cons

I like all the features and the ease of use and understanding.
Me gusta todos lo features y la facilidad de uso y comprension

Likelihood to Recommend

I like the diversity of protection features, the ease of use and how easy it is to understand.

Me gusta la diversidad de feature de proteccion la facilidad de uso y lo facil de comprender

This review was originally written in Spanish and has been translated into English using a third-party translation tool. While we strive for accuracy, some nuances or meanings may not be perfectly captured.

Rafael Ovalle

CISO in Information Technology at Bandex (201-500 employees)

Vetted Review

2 years of experience

F5 Distributed Cloud - a view from an InfoSec standpoint

Rating: 9 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

We use it to protect our & our clients web applications. The WAAP solution is one of the bests for its ability to be as simple to use or as granular as our needs require it.

What I personally love about it is the ease to create new infrastructure and configure domains, routes and rules to protect any web app or API. WAAP is a necessity on todays landscape and the ability to summon it on the cloud in an cloud agnostic solution is really a blessing.

Pros

Cloud agnostic. I like that no matter where the Web app lives, it can be protected with F5 WAAP.
Easy creation of F5 infrastructure and deployment.
Ability to give our clients or developers visibility on statistics about their web app performance and traffic events on f5.
Many services all can be used and seen on one central dashboard. Since is cloud. We dont need diferent tools or logon into many others dashboard to work. Like WAP, DNS, CDN, load balancing. All is intigrated into one dashboard.

Cons

User roles. Current API groups and Elements are not clear nor intuitive to use. Is very difficult to give granular level access to users on each service. For example. Access to import TLS certificates but not able to do or see anything else.
GUI overall is a bit clunky. Load Balancer configuration window could be better organized. Or streamline.
Lack of built in global dashboard and reports. Something useful would be a Global report listing the status of all TLS certificates imported and in use on the platform. Same with the status of WAF on Load Balancers.

Likelihood to Recommend

Best suited for web apps no matter where is built on. Cloud or on-premises. Being cloud agnostic is a huge advantage. Not so well suited is to protect web apps that are not public internet facing. Application we are inside VPNs exposed only to a handful of clients. Even though is not impossible, with the use of Customer edges we can provide the WAAP capabilities, is a bit of a pain to have to deal with that extra layer of setting up a customer edge.

Juan Carlos Cruz

Cyber Security Specialist in Information Technology at Evertec (1001-5000 employees)

Vetted Review

2 years of experience

View profile

F5 2026 Review - [...]

Rating: 9 out of 10

Incentivized

May 21, 2026

Use Cases and Deployment Scope

We used the F5 Distributed Cloud WAF (Web Application Firewall) to onboard and protect the application from DDOS and external attacks

Pros

DDOS Protection

Cons

Reporting and advisory

Likelihood to Recommend

If asked, I think I am likely to tell a colleague that Onboarding to the F5 Distributed Cloud WAF (Web Application Firewall) was accelerated to achieve 100% protection from the DDOS. SiImplified onboarding and comprehensive adoption of F5 Distributed Cloud WAF (Web Application Firewall) across the organisation were the key success factors.

Verified User

Vice-President in Information Technology (10,001+ employees)

Vetted Review

5 years of experience

review

Rating: 8 out of 10

Incentivized

May 21, 2026

Use Cases and Deployment Scope

In our organization, we use F5 Distributed Cloud WAF (Web Application Firewall) to protect our internet-facing web applications and APIs (Application Programming Interface). the F5 Distributed Cloud WAF (Web Application Firewall) platform helps us strengthen application security posture.

Pros

helps maintain security posture

Likelihood to Recommend

If asked, I think I am likely to recommend F5 Distributed Cloud WAF (Web Application Firewall) to a colleague for, in my experience, centralized management

Verified User

Engineer in Information Technology (11-50 employees)

Vetted Review

1 year of experience

F5 Masterclass

Rating: 9 out of 10

Incentivized

May 21, 2026

Use Cases and Deployment Scope

we are working on highly sir gapped environment where we control national payment system, F5 Distributed Cloud WAF (Web Application Firewall) helped us secure the app and highly sensitive data perfectly.

Pros

Encryption/decryption is lightening fast
Control over app visibility is amazing
Protection from OWASP top 10 is commendable
API security works perfectly.

Cons

Support for PQC and deployment procedures
Zero day, probably.
No compromise on Latency.

Likelihood to Recommend

In the multi cloud environments, Control over the traffic and visibility is desirable. As said, We cannot control security unless we know what is going on where F5 Distributed Cloud WAF (Web Application Firewall) perfectly fine.

Verified User

Engineer in Information Technology (201-500 employees)

Vetted Review

2 years of experience

Loading Reviews List....

Video reviews

View playlist

F5 Distributed Cloud - a view from an InfoSec standpoint

Rating: 9 out of 10

Incentivized

June 6, 2026

Use Cases and Deployment Scope

Pros

Cloud agnostic. I like that no matter where the Web app lives, it can be protected with F5 WAAP.
Easy creation of F5 infrastructure and deployment.
Ability to give our clients or developers visibility on statistics about their web app performance and traffic events on f5.
Many services all can be used and seen on one central dashboard. Since is cloud. We dont need diferent tools or logon into many others dashboard to work. Like WAP, DNS, CDN, load balancing. All is intigrated into one dashboard.

Cons

User roles. Current API groups and Elements are not clear nor intuitive to use. Is very difficult to give granular level access to users on each service. For example. Access to import TLS certificates but not able to do or see anything else.
GUI overall is a bit clunky. Load Balancer configuration window could be better organized. Or streamline.
Lack of built in global dashboard and reports. Something useful would be a Global report listing the status of all TLS certificates imported and in use on the platform. Same with the status of WAF on Load Balancers.

Likelihood to Recommend

Juan Carlos Cruz

Cyber Security Specialist in Information Technology at Evertec (1001-5000 employees)

Vetted Review

2 years of experience

View profile