Skip to main content
TrustRadius
F5 Advanced WAF

F5 Advanced WAF

Overview

What is F5 Advanced WAF?

F5 Networks offers the Advanced Web Application Firewall (WAF) to provide bot defense, advanced application protection, anti-bot SDK, and other features.

Read more
Recent Reviews

Great product at a great price

10 out of 10
August 27, 2021
We've been using F5's WAF for many years in our organization. We utilize it for all external facing applications, our ecommerce platform …
Continue reading
Read all reviews

Reviewer Pros & Cons

View all pros & cons

Video Reviews

1 video

Engineer for Cardinal Health Isn't Sugar Coating | F5 Advanced Web Application Firewall Review (WAF)
03:10
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is F5 Advanced WAF?

F5 Networks offers the Advanced Web Application Firewall (WAF) to provide bot defense, advanced application protection, anti-bot SDK, and other features.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

41 people also want pricing

Alternatives Pricing

What is Cloudflare?

Cloudflare, from the company of the same name in San Francisco, provides DDoS and bot mitigation security for business domains, as well as a content delivery network (CDN) and web application firewall (WAF).

Return to navigation

Product Details

What is F5 Advanced WAF?

F5's Advanced WAF is built on F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF redefines application security to address the most prevalent threats organizations face.

F5 Advanced WAF Features

  • Supported: In-Browser Data Encryption - Encrypts data at the app layer to protect against data-extracting malware and man-in-the-middle (MITM) attacks.
  • Supported: Behavioral DoS - Behavioral analytics and machine learning provide L7 DoS detection and mitigation.
  • Supported: API Protocol Security - Deploys security tools to secure REST/JSON, XML, and GWT APIs. Ingest OpenAPI files to automate configuration of API security.
  • Supported: OWASP Top 10 Defense - Complies with OWASP top 10 vulnerability mitigations.
  • Supported: Stolen Credential Protection - Protects against brute-force attacks that use stolen credentials.
  • Supported: Declaritive API-based deployment and configuration integrates into DevOps CI/CD pipelines.

F5 Advanced WAF Video

F5 DevCentral's John Wagnon provides an overview of F5 Advanced Web Application Firewall (Advanced WAF) that extends security beyond the basic protections traditional WAF's offer.

F5 Advanced WAF Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

F5 Networks offers the Advanced Web Application Firewall (WAF) to provide bot defense, advanced application protection, anti-bot SDK, and other features.

Imperva Web Application Firewall (WAF), Radware AppWall, and NetScaler ADC are common alternatives for F5 Advanced WAF.

The most common users of F5 Advanced WAF are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(22)

Reviews

(1-8 of 8)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
The web application firewall is a layer seven inspection engine to check for malicious traffic and malware and viruses that could be tunneled inside of a secure packet session. And the ASM module allows us to detect and block or allow conditions as needed to make the application function.
  • It is one of the better products that protects against the OAuth top 10. It will do SQL injection blocking, cross-site scripting, and other OAuth top 10 protections.
  • I'd like to see the licensing model streamlined instead of having this, plus, plus this, plus this to get a working product. I had to go back to the sales team several different times to get a fully deployed product.
It's well suited to be sitting on the edge, protecting the inbound traffic and securing the edge, making it less likely to have a data breach. And I would say it's less likely to be used on internal only traffic. It can be used there, but it's quite expensive to use that for everything inside of an organization.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use the F5 BIG-IP Advanecd WAF every day. It protects us every day against constant bad actors and their attacks, web scraping and just bad traffic probing. We are currently using 80% or more of its capabilities and allows us security responsible teams to have a good night sleep. We rely on it when it matters the most and gives us enough flexibility to work around and mitigate different attack vectors that we always see. We have a publicly facing web application and APIs that get all these undesired visits. Advanced WAF makes our day to day tasks a lot easier and gives us the priceless peace of mind our engineers need at night.
  • Brute Force Protection for critical endpoints
  • Session Tracking for all those bad actors that never want to leave
  • Threat Campaigns and attack signatures for known attack vectors
  • Custom rate limiting
  • Brute force protection not limited to critical POST endpoints
  • Better visibility of blocking and alerting events
Advanced WAF is well suited for protection against account enumeration attacks, protection against known and new increasing attack vectors through out of the box attack signatures and threat campaigns. Also, up to date and accurate IP intelligence database to block based on known IP reputation.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We have used F5 BIG-IP Advanced Web Application Firewall for protecting our apps both on prem and in the cloud. The enhanced features and granularity are far superior to native cloud WAFs. The ability to find the root cause of a session utilizing the SupportID is key in finding root cause for unexpected issues.
  • Policy Configuration
  • Root Cause Identification
  • The interface could be a little cleaner.
  • App Protect needs to mirror the ASM interface.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use this primarily as a web application firewall for many of our applications which includes a lot of endpoints.
  • So the product definitely is helping us for sudden attacks through DDOS, some injection ingestion into UI URLs, and definitely it's capturing those and I definitely see that as an advantage for us. They can stop the hackers from using our endpoints.
  • We would like to see more use of this product in such a way that we can insert JavaScript so that we can understand the bot detection very well. I understand that it does bot detection, with some constraints, but we have to expand that bot detection very well to do fraud detection much better just like Google Recapture.
  • Second is the WAF product. Sometimes we are getting false positives just because in the scope of the applications we had to stop certain headers, HTP headers, and we would like to see if there is some kind of a way to enhance the product to use machine learning to do this automatically or suggest to do it automatically in the future.
It's well-suited for UI-based applications. We found it less appropriate for APIs, not that good.
April 26, 2023

DDoS protection

Josué Ríos | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
ResellerIncentivized
I use to propose F5 WAF to protect applications and APIs, because nowadays there are many applications which have open source code or third code that make then more vulnerable and for the fact that there are many types of attacks like SQLi, XXS, DDoS, bad bots attacks, client side attack and many more.
  • prevent SQLi attacks
  • API Security
  • Bots attack protection
  • Client-side protection
  • DDoS Protection
  • RASP
It could be very suitable for all of those applications which use many APIs or microservices. It could not be appropriate to all of those applications which are not expose to the internet.
Score 10 out of 10
Vetted Review
Verified User
We've been using F5's WAF for many years in our organization. We utilize it for all external facing applications, our ecommerce platform as well as some internal applications. Through some fine tweaking we've made our environment highly scalable, resilient and secure. By far one of the best investments the enterprise has made and we plan on keeping these devices running for many years to come.
  • application filtering
  • application firewalling
  • Easier interface to configure rules and policies
Ecommerce web facing applications where PCI data may be in use.
August 26, 2021

Really Advanced WAF

Ilian Ivanov | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We are using F5 Advanced WAF to provide L7 protection for our premium clients.
  • OWASP Top 10 protection
  • Bot protection
  • Great Visibility
  • Detailed Control
  • DDoS L7
  • Integrated reporting
F5 WAF is a great tool to protect your internet facing applications.
Return to navigation