F5 BIG-IP Virtual Edition - GOOD (PAYG, 200Mbps)
F5, Inc. | 16.1.5.1-0.13.7Linux/Unix, CentOS 7.3 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Fantastic protection for all PC’s
What do you like best about the product?
Great protection. User friendly and easy to load. Really filters things out.
What do you dislike about the product?
It can be hard to load at times but then will pickup.
What problems is the product solving and how is that benefiting you?
Fighting viruses and other problematic sites.
- Leave a Comment |
- Mark review as helpful
F5 AFM works but use F5 WAF instead
What do you like best about the product?
Ddos protection simple and out of the box. The concept of protection out of the box was very attractive.
What do you dislike about the product?
dDos protection broke our applications due to timeouts specified in our web application the two were not initially compatable. The URL filters were very hard to implement
What problems is the product solving and how is that benefiting you?
Provides protection to large scale attacks
Recommendations to others considering the product:
Be careful use the auto-learning functions and stick to it. Do not go too deep into URL filters as that can cause large sweeping impacts. Be careful if something breaks your application it maybe hard to find.
It could be hard to scale because we will be encrypting and decrypting. The connection through the API Gateway worked in no time, which was fantastic.
We use it primarily for WAF.
How has it helped my organization?
The ability to quickly set up. I understood it very quickly. I had some URLs which pointed to my load balancers, and inside there, I had to send an action to the API Gateway. I thought it was going to be a very complex thing for me to do, but that one rule that I had to create, it solved everything for me.
The connection through the API Gateway worked in no time, which was fantastic. From the perspective of us building it, once you have that one rule you can stamp it out. Also, it was easy for me to show operations, "Look how easy it is. There's nothing complex about it."
What is most valuable?
* iRules
* Simplicity
I was able to simply and quickly set up the WAF rules and security, and also set up easily complex policies and rules which gave me some great features to redirect. So, I had to integrate API Gateway into our WAF, because we're a healthcare company, and we have to maintain security. Therefore, they didn't want to have public endpoints that had not been inspected. The policy features inside the WAF rules were really easy for me to set up. What I thought was going to take me two months, I had done in about two weeks. Between Googling and F5 having great information, so instead of using traditional iRules, I used a policy thing that they recommended. It was much simpler and cleaner, and seemed to execute faster. It was a great feature.
The configuration and implementation of what I thought I was going to have to do was a lot simpler than I expected it to be. That was a plus.
What needs improvement?
People love them in security, but their costs are completely out of bounds. However, I'm not a security guy, so I don't necessarily know all the ins and outs of why our security team may have chosen this product versus other ones.
I am disappointed with the additional cost. 25 megabytes is low. If we get to a thousand, a gig, It is like three dollars an hour. While you can get a reduction in price, when I price them against anyone else, they are wildly overpriced.
I used GitHub for autoscaling CloudFormation, and I found two bugs and I submitted them. Their implementation in GitHub could be cleaner and allow for a bit more customization. We always end up customizing these things, so I found two bugs and I thought they were big bugs so I was surprised. This wasn't necessarily relative to product. It was more about the support role of GitHub and the way it was launching. However, the features that they said would work, did not.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It seems very stable. I've had no problems with stability at all. It's been rock solid, from the perspective of staying in line and working as expected.
I did individual testing. We were doing very small tests to start, 25 megabits. So, I was driving close to 25 megabits through it. Memory and CPU, I thought might be a bit of a concern, but overall it seemed good. It was doing what I needed it to do, and doing it well, so I didn't notice anything in my traffic.
What do I think about the scalability of the solution?
I haven't thought of production workloads on it yet. I don't know how the performance is going to be in terms of CPU memory, but I was told by other people because of what we're doing on it, it could be hard to scale. So, we may have to end up buying more because we will be encrypting and decrypting. We have to inspect that traffic, so that will be CPU intensive. Therefore, one instance may not be enough for us, as we may be spinning up multiples across Multi-AZs.
We will be just stacking our costs. Granted, it is virtualization, and you can only get so much out of it. However, I haven't put true production workloads through it. I have only done my testing, and I am concerned a bit about these factors and how they may drive our costs even more, because I will have to spin up more WAFs to accommodate for high CPU and memory loads.
What's my experience with pricing, setup cost, and licensing?
From a cost perspective, I agreed to analyze the standards in terms of load balancing. However, the cost that they have with AWS are almost prohibitive. I'm being forced to use F5 WAF. I would not simply use it based on cost. I agree that they have some great features, but for me, cost is key in terms of AWS.
This applies to buying in the AWS Marketplace. If you go to a simple WAF doing 25 megabits, and I'm paying for the instance cost as well, it is over a dollar an hour. You can add that up and ask for some discounts, but relative to other players, they are significantly more expensive.
We will need a lot of these, and it can be a real negative driver in terms of spend and how we will be able to move forward.
Purchasing though the AWS Marketplace was easy; it was a piece of cake. You go right in, and the options are there. It was nice you can pick the different kind of group you wanted and what type of security you wanted. It did put in a lot of information that would build a lot of the initial infrastructure for me in terms of supporting my load balancer and creating security. Granted, I destroyed it all, but it was nice and it was there. It gave me the ability to level set what I should create versus what they put in place. I could see what they're doing here and I can match it to my own criteria. What they put in the AWS Marketplace and came through with the license, it worked well.
We chose to go through the AWS Marketplace because you can do almost anything you are going to launch there. The first time you launch, you always grab from the market, particularly for PoCs, as it's just easier. There's no reason why I wouldn't go through the AWS Marketplace, because they've already have F5 WAF. It's exactly what I want and it's exactly what I needed, so I can go from there.
Which other solutions did I evaluate?
I am a fan of using AWS natively. It is much cheaper.
We also looked at Check Point and Barracuda, but they were not markedly cheaper. The whole reason to use AWS was its ability to create resources which have more economic scale. This has almost started to get lost with the prices that these companies are charging.
I started my PoC back in April, which is when I finished three PoCs across different deployments for F5. So, I'd probably been using the product for about eight months.
What other advice do I have?
The product works.
We have F5 all across our environment. We use them for both VPNs and for traditional load balancers. So, we have VIPRIONs and several different versions of on-premise F5 hardware, as well. From an operations team perspective, everything is easy to learn; seamless. The ability to get teams to focus on AWS F5 is easy because they already know everything there. From an operational perspective, it is a win-win because they already know how to work with the F5.
Using the product, applications are jittery. Initial setup is easy and pretty standard.
This is for remote access to an internal network of the organization to do all types of work. The requirement for VPN is secure with high performance.
How has it helped my organization?
Two issues found in using BIG-IP VPN compared with Cisco VPN:
* Performance: Two applications are being used: remote desktop (RDP or rdesktop) and VNC viewer. Comparisons are done on the same client machines (Windows 10 and Linux 16.04) over the same network. When using Cisco VPN, applications are working smoothly while occasionally jittery. When using F5 VPN, applications are quite jittery. Sometimes applications are useless (too slow to refresh the screen).
* Client support: Cisco VPN has more Clients supported than BIG-IP, e.g., BSD.
What is most valuable?
Still not clear why our IT decided to switch to F5 BIG-IP after two years experience. It appears as if there may be some advantage (possibly) related to security concerns (more secure?).
What needs improvement?
Performance is the first thing and most critical issue that needs improvement.
Supporting more Clients would be nice, but without improving performance, F5 will not widely be used for critical work. It killed an international meeting the first time that we used BIG-IP VPN.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Performance: Using the product, applications are jittery.
What do I think about the scalability of the solution?
No issues.
Which solutions did we use previously?
We used Cisco VPN. I am not sure why our IT forced us to switch to F5 without our feedback.
How was the initial setup?
Initial setup is easy and pretty standard. Setup is not much different from all other VPNs.
What about the implementation team?
In-house.
What's my experience with pricing, setup cost, and licensing?
Unless the price difference is large, this is not the primary concern for the product. The performance and product-related issues (secure for VPN, multi-function for network device, etc.) are the keys.
Which other solutions did I evaluate?
Along with load balancing, we perform a lot of packet inspections, URL rewriting, and SSL interceptions via iRule
We are using it primarily for load balancing. We also make great use of SSL interception (offloading and onloading), packet inspection, rewriting, and DNS wide IP.
How has it helped my organization?
It is a very good, flexible solution. It helps us to catch up on flaws in our partner solutions on top of its load balancing feature.
What is most valuable?
Along with load balancing, we perform a lot of packet inspections, URL rewriting, and SSL interceptions via iRule.
What needs improvement?
I would recommend that the cost be lowered.
User tracking: Needs to provide a visual interface to follow a customer's activity (from client to BIG-IP to SNAT IP to the chosen server, then back). Today, we are still performing packet captures.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
Not so far.
What do I think about the scalability of the solution?
Not so far.
How is customer service and technical support?
So far, we have not had to contact them.
Which solutions did we use previously?
We previously used Cisco ACE, which has very limited features.
How was the initial setup?
The initial setup is straightforward. The GUI interface is user-friendly.
Software upgrades have been performed by F5 teams.
What about the implementation team?
The initial migration was done by our technical team.
The last implementation was done by the F5 team. I would rate them as a nine out of 10. I am not giving a 10 because we encountered some difficulties with the software upgrade from version 11 to version 12.
What was our ROI?
ROI is four years.
What's my experience with pricing, setup cost, and licensing?
If you are planning to use security features, better to go for strong hardware and the best bundle license, which is great for web security.
Which other solutions did I evaluate?
Improves our program performance and security
We use it for local traffic management and for the application firewall. We are trying to deploy virtual appliances in AWS.
How has it helped my organization?
It has improved our program performance and security.
What is most valuable?
* The web application firewall.
* The configuration and integration into the AWS environment was pretty easy.
What needs improvement?
We would like to see load balancing between the cloud and the on-premise, a straightforward deployment feature.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
The stability is almost there. Sometimes it hangs or there are unpredictable performance issues.
What do I think about the scalability of the solution?
It's easier to scale.
How is customer service and technical support?
Technical support could be better.
What's my experience with pricing, setup cost, and licensing?
The price is high.
Which other solutions did I evaluate?
We looked at A10. When deciding whether to go with F5 or A10 it depends on the business requirements. Sometimes I propose one and sometimes I propose the other. It depends on the customer's requirements and budget. For our internal use we went with F5 because it's the best tool.
What other advice do I have?
The on-prem version and the AWS versions are almost the same.
In terms of the experience purchasing through AWS marketplace, because we are a partner, the way we purchase it from AWS is different. We don't buy directly from the market.
F5
What do you like best about the product?
I like that if handles firewall, active directory, logging controls, SSH, DDos
What do you dislike about the product?
They might not be flexible especially then we're talking about corner cases. We had very special problem to fix with them once. They came to our place, told us that the problem is peace of cake. Two years later the problem is till there
What problems is the product solving and how is that benefiting you?
We're small government agency. F5 helps us to keep our team small
Recommendations to others considering the product:
It's a no brainier for agencies and firms that take security seriously. You don't have to do a thing since F5 will handle it for you.
It is a central point of entry for our user base providing user authentication
We use it for brokering services.
How has it helped my organization?
It has made it a single entry point for all users, verging across all the VPCs. It is more of an SSO solution versus multitier user loggin.
What is most valuable?
* Central point of entry for our user base.
* User authentication
* PPI
* Integration with our website.
What needs improvement?
We would like to have integration into encryption and PKI integration with SafeNet. That is probably the key component in using External PKIs, letting people bring their PKIs with them. On the back-end, we have a SafeNet component. They are going to bring additional features in, so allowing integration with encryption and PKI, and tying it back into Microsoft AD in the back with an LDAP lookup for users.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
The stability seems fine. We provide fault tolerance with HA, so we have two of them up and running. We have built in integration. Therefore, we do not worry about workload issues
What do I think about the scalability of the solution?
It seems very scalable now. We have 200 users, going to about 10,000 within the next year. There are multiple VPCs and multiple AWS accounts.
How was the initial setup?
The integration and configuration of the product in our AWS environment seems to be pretty straightforward. There doesn't seem to be anything complex. We haven't needed anything additional, like Professional Services.
What about the implementation team?
We did use technical support on the original engineering.
What was our ROI?
We have seen ROI because we are not hosting it. We moved this to the cloud for our ingest, so our workload is moving to the cloud and Amazon.
What's my experience with pricing, setup cost, and licensing?
Purchasing through the AWS Marketplace was good. We chose to go through the AWS Marketplace because everything that we needed was a soft appliance. We needed something to work in Amazon, and this product was available there.
We have found the pricing and licensing on AWS to be competitive.
Which other solutions did I evaluate?
We looked at F5, Citrix, and VMware. We chose F5 because it has a better market name, seemed to be vendor-agnostic for providing capabilities that others didn't, and its reputation.
What other advice do I have?
Use F5. It has a good reputation. We experienced easy implementation and had an overall good experience.
It can determine if the system is going down, then route the traffic somewhere else
We are using it for load balancing and security.
When someone requests data through the load balancer, we pull the certificate name out to identify who that person is. This is one of the things that F5 does. We haven't able to replicate this so far with the Amazon products. That is why we are going to F5.
How has it helped my organization?
It has the ability to do the security work that we need along with the current thing which is supporting the load balancer. Therefore, it can determine if the system is going down, then route the traffic somewhere else.
It does what we need.
What is most valuable?
We had a problem where customers were doing transactions in our system, pulling health records, and the system had to be shut down for maintenance. Unfortunately, we wouldn't know that the system was being shut down, and we would lose that information. Then, the customer would get upset.
Using the F5, we were able to build rules to detect that the shutdown was occurring, then begin to route people elsewhere, so we didn't have any outages or downtime. This made customers a lot happier, and it made us a lot happier.
What needs improvement?
They could improve the product's ease of use. There has been a bit of complication on some things from the admin side. There is some confusion how to operate it.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
I don't think too much stress placed on it. In F5 Studio, the stability been very good.
What do I think about the scalability of the solution?
We run 14 servers. We get up to about half a million transactions an hour, and the scalability has been good. It has not been a problem.
How is customer service and technical support?
I would rate the technical support as a five out of ten. Our admin had to learn everything and do it himself. He seems to have had difficultly at times with the tech support. However, this may be a manifestation of the fact the government bought it, but didn't buy the support.
How was the initial setup?
The integration and configuration of this product were pretty good. Once you get going, it gets easier to use.
It works with Red Hat JBoss application server, and it integrates reasonably well.
What's my experience with pricing, setup cost, and licensing?
It is sort of a commodity product. A load balancer is a load balancer. What will be, at the end of the day, the cheapest option or have the best performance, that is what it will come down to. Can it do the necessary performance that we need, and if so, is there a cheaper alternative? If not, then we'll stick with what we have.
Which other solutions did I evaluate?
We also evaluated some free stuff on the AWS Marketplace, or some cheaper stuff. We also looked at the Amazon offerings, like the Elastic Load Balancing.
The customer wanted to take what they had on-premise and put it in Amazon: full stop. Because we could obtain the certifications for security and the existing Amazon products didn't do 100 percent of what F5 did, they didn't want us to change any code. They just wanted us to keep going the way we were. This is the reason why we pulled F5 over.
What other advice do I have?
Try doing a proof of concept or a prototype, before you go full in on a load balancer, to make sure it does everything you need.
It supports APIs and virtual additions for cloud and VMware
We use it for load balancing and routing.
How has it helped my organization?
It supports APIs and virtual additions for cloud and VMware.
It integrates with various firewall and networking devices along with application services, and it works fine.
What is most valuable?
* Routing
* Load balancing
What needs improvement?
* Cloud native integration should be provided.
* Native support for containers should be added to future releases, as this is the future of load balancing.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
The stability is great. We put our production load on it, which is very stressful.
What do I think about the scalability of the solution?
Scalability has been great. We have thousands of severs. F5 has scaled very well.
How is customer service and technical support?
They provide average enterprise technical support.
Which other solutions did I evaluate?
I also evaluated Cisco, but chose F5 because it had better features in terms of load balancing. I liked the various features in F5, including input/output routing, load balancing, and global load balancing.
What other advice do I have?
Explore the API support and integration with the open source products. Those are the key thing to analyze. F5 are the experts in their area.
showing 21 - 30