F5 Big-IP Advanced Web Application Firewall Review
February 26, 2025

F5 Big-IP Advanced Web Application Firewall Review

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with F5 Big-IP Advanced Web Application Firewall

We have been tasked by the ISO to put a WAF in front of every service line. These include the Universities learning management systems, Splunk, OpenShift, OKD, Jenkins, apache/tomcat environments, etc. The business problem is meeting a new security policy, and having an avenue to immediately put in fixes for any critical security vulnerabilities. We're fairly happy with the frequency of updates to the policy signatures.

Pros

  • Extensive policy signatures
  • Fairly easy to use UI for navigating traffic learning settings
  • Relatively good filtering

Cons

  • The UI for events. E.g., clicking the "Accept" button does nothing.
  • Traffic learning suggestions are often very incorrect. We were originally suggested to use "Automatic" learning, and had to completely scrap the policy due to the suggestions.
  • "All in one" dashboard for viewing application URL/parameter overrides per policy.
  • We're an educational institution, so it's hard to state ROI.
Most* of it is very intuitive and easy to use. The "Help" section is fairly fantastic. See some of my other comments about things like the "Traffic Learning" section being wildly wrong sometimes, and also the event logs with UI buttons that don't do anything. Overall though, it's an excellent product.

Do you think F5 Big-IP Advanced WAF delivers good value for the price?

Not sure

Are you happy with F5 Big-IP Advanced WAF's feature set?

Yes

Did F5 Big-IP Advanced WAF live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of F5 Big-IP Advanced WAF go as expected?

Yes

Would you buy F5 Big-IP Advanced WAF again?

Yes

It is extremely good if you are very aware of the underlying application. If you are simply supporting reverse proxies that direct traffic to their underlying application, but you aren't as familiar with it, it gets irritating/complicating quickly. This is more of an organizational issue than anything, but still.

Additionally, for things where one VIP is supporting multiple applications (e.g., K8S clusters not using CIS), tuning a WAF policy as an all-in-one is quite complicated. That said, I did talk with an engineer who had some very valid suggestions.

Comments

More Reviews of F5 Big-IP Advanced WAF

  1. Home
  2. Web Application Firewalls
  3. F5 Big-IP Advanced WAF Reviews
  4. User Review of F5 Big-IP Advanced WAF