F5 Big-IP Advanced WAF

Score9.3 out of 10

28 Reviews and Ratings

Community insights

TrustRadius Insights for F5 Big-IP Advanced Web Application Firewall are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Customizable Rules Tailored to Needs: Users have expressed satisfaction with the product's customizable rules, highlighting how they can adjust settings to meet their specific security requirements. For instance, users appreciate being able to define unique parameters for different types of threats.

Insightful CSOC Logs: The detailed logs provided for the Cyber Security Operations Center are highly valued by users for offering in-depth insights and valuable information necessary for proactive monitoring and swift response actions. These logs enable users to track potential security incidents effectively.

Effective Out-of-Box Rule Foundation: Users find the preconfigured rules effective as they serve as a robust starting point for setting up security configurations. This feature has been particularly useful for new users looking to establish a strong security framework quickly and efficiently.

Reviews

16 Reviews

Advanced Web Application Firewall Review

Rating: 9 out of 10

Incentivized

May 5, 2025

Use Cases and Deployment Scope

It helps us protect everything including our intranet, every company we have on Azure and also even an IBM Power 9AS/400 platform. So we have the left and also a full proxy for the non web application platform.

Pros

It provides us with a lot of flexibility for us to move from one data center to another transparently.
It provides us with the capabilities of doing VPN and using multifactor authentication and integrating with all the web platforms that we have in the company and Azure. So very flexible.

Cons

I believe that I haven't seen a version of F5 that works directly on Azure as a platform as a service as opposed to a VM. I believe that I have to provision the virtual edition on a virtual machine. I manage it as a virtual machine instead of a platform. I would like to see something that is self-provisioning and that I can use directly without having to have a machine that I have to manage and manage resources.

Likelihood to Recommend

I believe that in industrial environments like ours where we have to have bare metal devices near the production environment combined with hybrid cloud, that is a good platform. That's a good use case. It optimizes traffic. It helps us stay more secure in our data centers. Now with regards to that are fully operating in the cloud, I'm not really sure if we would make the same decision considering the option that I said to have something that is self-provision to avoid too much management of virtual machines on the cloud. So that's an area of improvement.

Adolfo Rodrguez

CIO in Information Technology at Nicaragua Sugar Estates Limited (501-1000 employees)

Vetted Review

F5 Big-IP Advanced Web Application Firewall Review

Rating: 8 out of 10

Incentivized

February 26, 2025

Use Cases and Deployment Scope

We have been tasked by the ISO to put a WAF in front of every service line. These include the Universities learning management systems, Splunk, OpenShift, OKD, Jenkins, apache/tomcat environments, etc. The business problem is meeting a new security policy, and having an avenue to immediately put in fixes for any critical security vulnerabilities. We're fairly happy with the frequency of updates to the policy signatures.

Pros

Extensive policy signatures
Fairly easy to use UI for navigating traffic learning settings
Relatively good filtering

Cons

The UI for events. E.g., clicking the "Accept" button does nothing.
Traffic learning suggestions are often very incorrect. We were originally suggested to use "Automatic" learning, and had to completely scrap the policy due to the suggestions.
"All in one" dashboard for viewing application URL/parameter overrides per policy.

Likelihood to Recommend

It is extremely good if you are very aware of the underlying application. If you are simply supporting reverse proxies that direct traffic to their underlying application, but you aren't as familiar with it, it gets irritating/complicating quickly. This is more of an organizational issue than anything, but still.

Additionally, for things where one VIP is supporting multiple applications (e.g., K8S clusters not using CIS), tuning a WAF policy as an all-in-one is quite complicated. That said, I did talk with an engineer who had some very valid suggestions.

Verified User

Team Lead in Engineering (10,001+ employees)

Vetted Review

F5 Big-IP Advanced Web Application Firewall review

Rating: 9 out of 10

Incentivized

May 9, 2024

Use Cases and Deployment Scope

Protect external facing web services, both traditional websites and APIs.

Pros

Customizable Rules
Detailed logs for CSOC
Good "out of box" rules

Cons

Need easier path from alerting to blocking mode.

Likelihood to Recommend

Well suited for on premise data center hosted applications. Less well suited for organizations with limited staff.

George Huang

Tech Engineer in Information Technology at Nationwide (501-1000 employees)

Vetted Review

Simple Review for F5 Big-IP Advanced Web Application Firewall

Rating: 9 out of 10

Incentivized

March 22, 2024

Use Cases and Deployment Scope

A great and simple AWAF onprem solution that is used to secure our Web Application.

Pros

Simple
Detail

Cons

Integration with other solution

Likelihood to Recommend

Use to secure all external applications that run in our organization.

Verified User

Manager in Information Technology (1001-5000 employees)

Vetted Review

F5 BIG-IP AWAF review

Rating: 10 out of 10

Incentivized

March 22, 2024

Use Cases and Deployment Scope

F5 AWAF gives application layer security protection that covers OWASP Top 10 Web & API, bot protection, mobile sdk, L7 DoS, etc. in addition to their network security/NGFW protection

Pros

OWASP Top 10 Protection
Bot Defense/Bot Protection
L7 DoS Protection
API Security
Mobile SDK

Cons

Mobile SDK integration, as i knew it is done by 3rd party / AppDome

Likelihood to Recommend

BIG-IP AWAF fits in any scenario for protection web application and API layer protection

Verified User

Professional in Information Technology (501-1000 employees)

Vetted Review

Reseller

F5 Advanced Web Application Firewall Review

Rating: 10 out of 10

Incentivized

February 16, 2024

Use Cases and Deployment Scope

The web application firewall is a layer seven inspection engine to check for malicious traffic and malware and viruses that could be tunneled inside of a secure packet session. And the ASM module allows us to detect and block or allow conditions as needed to make the application function.

Pros

It is one of the better products that protects against the OAuth top 10. It will do SQL injection blocking, cross-site scripting, and other OAuth top 10 protections.

Cons

I'd like to see the licensing model streamlined instead of having this, plus, plus this, plus this to get a working product. I had to go back to the sales team several different times to get a fully deployed product.

Likelihood to Recommend

It's well suited to be sitting on the edge, protecting the inbound traffic and securing the edge, making it less likely to have a data breach. And I would say it's less likely to be used on internal only traffic. It can be used there, but it's quite expensive to use that for everything inside of an organization.

Roger Bauer

Senior Systems Engineer in Information Technology at Cardinal Health (10,001+ employees)

Vetted Review

F5 Advanced WAF! More Advanced than you think

Rating: 10 out of 10

Incentivized

February 13, 2024

Use Cases and Deployment Scope

We use the F5 BIG-IP Advanecd WAF every day. It protects us every day against constant bad actors and their attacks, web scraping and just bad traffic probing. We are currently using 80% or more of its capabilities and allows us security responsible teams to have a good night sleep. We rely on it when it matters the most and gives us enough flexibility to work around and mitigate different attack vectors that we always see. We have a publicly facing web application and APIs that get all these undesired visits. Advanced WAF makes our day to day tasks a lot easier and gives us the priceless peace of mind our engineers need at night.

Pros

Brute Force Protection for critical endpoints
Session Tracking for all those bad actors that never want to leave
Threat Campaigns and attack signatures for known attack vectors

Cons

Custom rate limiting
Brute force protection not limited to critical POST endpoints
Better visibility of blocking and alerting events

Likelihood to Recommend

Advanced WAF is well suited for protection against account enumeration attacks, protection against known and new increasing attack vectors through out of the box attack signatures and threat campaigns. Also, up to date and accurate IP intelligence database to block based on known IP reputation.

Verified User

Engineer in Information Technology (5001-10,000 employees)

Vetted Review

F5 Big-IP Advanced Web Application Firewall has protected us against numerous threats.

Rating: 9 out of 10

Incentivized

February 13, 2024

Use Cases and Deployment Scope

We have used F5 Big-IP Advanced Web Application Firewall for protecting our apps both on prem and in the cloud. The enhanced features and granularity are far superior to native cloud WAFs. The ability to find the root cause of a session utilizing the SupportID is key in finding root cause for unexpected issues.

Pros

Policy Configuration
Root Cause Identification

Cons

The interface could be a little cleaner.
App Protect needs to mirror the ASM interface.

Likelihood to Recommend

Eric Evans

Security Architect in Information Technology at Evergy (1001-5000 employees)

Vetted Review

F5 Big-IP Advanced Web Application Firewall Review

Rating: 10 out of 10

Incentivized

February 9, 2024

Use Cases and Deployment Scope

Zero day mitigations

Pros

log4j
springs boot

Cons

Big IQ deployment of new signatures
Custom signature assistance
BigIQ capacity

Likelihood to Recommend

Child policy surgical deployment

amando aranas

VP at JPMC (5001-10,000 employees)

Vetted Review

F5 Big-IP Advanced Web Application Firewall Review

Rating: 7 out of 10

Incentivized

September 15, 2023

Use Cases and Deployment Scope

We use this primarily as a web application firewall for many of our applications which includes a lot of endpoints.

Pros

So the product definitely is helping us for sudden attacks through DDOS, some injection ingestion into UI URLs, and definitely it's capturing those and I definitely see that as an advantage for us. They can stop the hackers from using our endpoints.

Cons

We would like to see more use of this product in such a way that we can insert JavaScript so that we can understand the bot detection very well. I understand that it does bot detection, with some constraints, but we have to expand that bot detection very well to do fraud detection much better just like Google Recapture.
Second is the WAF product. Sometimes we are getting false positives just because in the scope of the applications we had to stop certain headers, HTP headers, and we would like to see if there is some kind of a way to enhance the product to use machine learning to do this automatically or suggest to do it automatically in the future.

Likelihood to Recommend

It's well-suited for UI-based applications. We found it less appropriate for APIs, not that good.

Verified User

Analyst in Information Technology (1001-5000 employees)

Vetted Review

Loading Reviews List....

Video reviews

View playlist