My main use case for F5 Advanced WAF is to protect applications and support application delivery, and sometimes we use LTM for load balancing.

A specific scenario where I used F5 Advanced WAF for application delivery was in our banking environment called IDFC First Bank, where we had a critical internet-facing web application used by internet teams and partners that handled sensitive data, and both security and performance were equally important. The application was exposed to the internet and started receiving SQL injections and cross-site attempts, along with automated bot traffic hitting login and search pages. Simultaneously, the traffic load increased, causing slow response times during peak hours, resulting in uneven traffic distribution to the backend servers. We configured the virtual server and pool on F5, enabled health monitors to ensure traffic was sent only to healthy backend servers, and used a load balancing algorithm to distribute traffic. The result was improved application availability, faster response times, and no single backend server overload.

This scenario stands out because it clearly shows how F5 LTM and WAF work together, with LTM focusing on availability and performance, while WAF focuses on security and threat protections, delivering a secure application delivery. The final outcome was that LTM ensures smooth and optimized traffic flow, and F5 Advanced WAF ensures strong application security, keeping the application stable, fast, and secure even during high traffic. It worked reliably in production with 2,000 or more users.

From my hands-on experience with F5 Advanced WAF in the banking production environment, some of the best features that really stand out are those that help reduce risk without breaking applications. One major strength is its Behavioral and Automatic Learning capabilities, which allow the WAF to understand normal application behavior and help create policies based on real traffic, minimizing manual effort and false positives. Another notable feature is the Advanced Attack Signature database that is very strong and regularly updated, effectively blocking SQL injections, cross-site scripting, command injections, and file inclusion attacks while allowing selective enabling or disabling of signatures to avoid blocking genuine traffic. Additionally, the Bot Protection feature is critical for the login page and API, helping stop automated login attempts, control scraping, and manage abnormal request rates, which ultimately reduces unnecessary loads on the backend server and improves overall stability. Finally, the strong visibility and logging properties provide detailed event logging and reporting, allowing the security team to see which attacks were blocked, which parameters or URLs triggered them, and source behavior patterns.

In my day-to-day activities, if I had to pick one feature I rely on the most within F5 Advanced WAF, it would be the Behavioral Learning with policy tuning, as the biggest challenge in application security, especially in the banking sector, is avoiding false positives. Applications frequently change, new parameters are added, and user behavior can evolve. This feature allows me to review newly learned parameter URLs and fine-tune enforcement so genuine users are not impacted, confidently moving policies from staging to blocking mode, saving significant time and preventing unnecessary production issues. In a large environment, security teams cannot manually write rules for everything, so this learning engine provides a baseline, allowing us to apply engineering judgment on top of it, which makes F5 Advanced WAF usable in real life. From a daily operation point of view, F5 Advanced WAF stands out because it is practical, stable, and predictable once properly tuned, which is exactly what you want in a critical enterprise environment.

F5 Advanced WAF has a clear and measurable positive impact in our organization, particularly regarding our security posture, application stability, and operational efficiency. After implementing F5 Advanced WAF, we saw a significant reduction in web-based attacks such as SQL injection, cross-site scripting, and automated malicious traffic, allowing us to block real threats before they reached the backend server. With proper use of behavioral learning and tuning, false positives are greatly reduced, leading to minimal impact on genuine users and fewer application outages caused by security controls. This created higher confidence when running the policy in blocking mode, which was a big win for both the application and security team. Strong visibility and faster incident response through detailed logging and reporting help our team quickly identify patterns, perform faster root cause analyses, and support audit and compliance requirements, ultimately reducing investigation time and improving overall response efficiency.

After implementing F5 Advanced WAF in the enterprise banking environment, we saw measurable improvements across security and operations, including reduced web attacks, decreased false positives over time, improved application stability, faster incident response investigations, and operational efficiencies.

F5 Advanced WAF performs well overall, but I have noticed some points that could enhance the solution. Initially, policy tuning could be simpler, as while the learning engine is powerful, initial tuning still requires experienced engineers, which can be challenging for new teams due to the complexity of options and parameters. A more guided and simple tuning workflow would help reduce the learning curve. Additionally, tighter native integration with SIEM or SOAR tools would simplify correlation and investigations for security teams, although log exports are available. Overall, these are not blockers, merely enhancement opportunities, and once tuned, F5 Advanced WAF is very stable and reliable; improving usability, reporting, and onboarding would make it even more effective for larger environments.

I have been using F5 Advanced WAF for more than four years; I can say I have 4.5 years of experience in WAF implementations such as F5.

F5 Advanced WAF has been very reliable and consistent for us; in our on-premise enterprise setup, it has been stable and predictable in day-to-day operations without any unexpected crashes or WAF-related downtime in production. It runs on F5 BIG-IP and is truly integrated with F5 LTM, providing strong stability once deployed in proper high availability. After initial tuning, it continues to run smoothly even during high traffic periods.

We did not previously use a different solution; this is the first project for our organization.

We have seen a clear return on investment after deploying F5 Advanced WAF, primarily in terms of time and risk reduction. Time savings in daily operations come from the automatic learning and signature update reducing the need for constant manual rule management, allowing the security and network teams to spend significantly less time handling false positive application-related escalations. Incident investigation time was reduced because logs clearly indicate what was blocked and why, leading to faster resolution and more efficient use of existing engineers. A large volume of malicious traffic was blocked at the WAF layer, preventing issues from reaching the backend servers, which reduced emergency troubleshooting and application team involvement, ultimately lowering operational stress and incident cost savings without requiring additional security tools. This saved costs on hardware, licensing, integrations, and support effects, with the realistic ROI summarized as time saved in tuning, troubleshooting, and investigation, reduced risk of security incidents in a regulated environment, and improved operational efficiency by consolidating security and load balancing.

F5 Advanced WAF is on the higher side in terms of pricing, which is justified for enterprise and banking environments, although it is premium compared to many others, especially when bundled with LTM and additional features. For organizations that already use the F5 ecosystem, the value makes sense since you get security and application delivery on the same platform. The initial setup cost is moderate to high, mainly due to the application or platform costs, licensing, and the skilled engineers required for deployment and tuning—it is not a plug-and-play solution. Licensing is capacity-driven, so you need careful planning based on traffic volume and use cases, and adding features such as Bot Protection impacts costs; once licensing is clear and sized correctly, there are no surprises. Overall, while not inexpensive, it is enterprise-grade and well-suited for large environments with critical applications, delivering solid ROI over time, particularly in banking and regulated enterprises.

Before choosing F5 Advanced WAF, we evaluated other options such as Akamai, which is a cloud-based solution and not recommended for critical data in a cloud environment since it does not provide an on-premise solution.

If someone is looking into using F5 Advanced WAF, my advice is to spend time on learning and tuning, and do not rely on blocking mode on day one; it is essential to run the application in learning mode, understand traffic patterns, and tune policies properly to avoid false positives in production. Also, it depends on size and platform; while F5 Advanced WAF scales well, correct sizing of hardware and licensing based on traffic volume is crucial. Proper capacity planning upfront saves performance issues later, and having skilled resources is important; this is an enterprise-grade solution, not plug-and-play, so ensure you have experienced F5 engineers or proper training during initial deployment and tuning. F5 Advanced WAF is an excellent choice for large enterprises and regulated environments, but success depends on proper design, tuning, and ongoing review; when implemented correctly, it delivers strong security with stable performance.

Overall, F5 Advanced WAF is a strong, dependable enterprise solution that works best when seen as a long-term security platform rather than a quick add-on; once properly designed, sized, and tuned, it runs quietly in the background and effectively does its job without constant attention. It has met our expectations and proven to be a reliable choice for protecting business-critical applications. I have provided an overall review rating of eight out of ten for F5 Advanced WAF.

Our primary use cases for F5 Advanced WAF in our system include F5 LTM, F5 WAF, and F5 DNS GTM for one of our applications.

The features of F5 Advanced WAF that I find most valuable include advanced WAF capabilities, bot detection, DDoS features, and all the top ten attacks we have configured with the WAF.

Machine learning and automated threat detection features have helped our security strategy because we initially used them during our application learning mode. It provides us with one hundred percent accurate application learning to reduce false positives, and it has been very helpful.

In terms of additional features I would like to see from them in the future, I think the GTM is a bit complicated to configure, which I observed. Otherwise, LTM and WAF are straightforward. I faced problems during the GTM configuration. The LTM and ASM are very simple to configure and manage. There is excellent clarity in the LTM and the WAF. Whenever something goes wrong or we have to whitelist anything, it clearly indicates where to go and where I have to make modifications. It is very simple and we get comprehensive information.

I have been working with this solution for three to four years.

My experience with the technical support from F5 is that on the technical side, we sometimes face issues with reachability and availability. Regarding technical support overall, I am not completely satisfied with F5. We are facing problems. I would rate the technical support at five out of ten.

Both response time and availability need to be improved. Technical skill on the support side also needs improvement.

I switched from Radware to F5 Advanced WAF after COVID, which was two to three years ago.

Overall, I believe it has been a good decision to switch because I do not think any other product available on the market can compete with F5 at this time.

The initial setup of F5 Advanced WAF is very straightforward.

Regarding the price, I think the cost is a bit higher compared to others. Earlier we were using Radware, and compared to Radware, it is very high. However, it is providing more features than Radware. The WAF side is very familiar and we can easily understand it. It is not complicated, and the features are at a very granular level compared to Radware and other WAF solutions.

To assess the effectiveness of DDoS mitigation in F5 Advanced WAF, we checked internally using JMeter, on which we wrote a script and tried multiple users at the same time. The DDoS feature blocked all that traffic according to our threshold. We tested this internally.

The ability to enforce granular policy adjustments has helped my organization with compliance adherence because in the last three to four months, we put our application in blocking mode. We have not configured granular level settings; we have configured at a high level currently. Going forward, we will be planning to add additional security in the WAF.

I have not used advanced analytics and traffic insights features. I also have not used vulnerability management features, as we have different solutions for that.

From my perspective, whatever we have used of F5 Advanced WAF, I do not think it needs improvement because I am currently satisfied with the features provided. We just need to work more on the WAF. If there is anything that needs attention, we will definitely let you know.

Currently, ten to twelve people are using it in my company. I would rate this solution an eight out of ten.

I am working with an integration and security company that collaborates with various vendors. I am currently dealing with F5 Advanced WAF.

The whole mechanism of F5 Advanced WAF is effective. It contains the logic of both negative and positive security combined, providing added value to the company I work with to protect their applications.

I do not have anything in mind right now that needs improvement. Generally, it works well. If we need any specific feature, we approach F5 directly.

I have probably used it for ten years or so.

I do not need them much because my team is professional. If there is a bug, the support is usually understanding and resolves issues.

The price is affordable and satisfactory.

One of the best features is the bot protection capabilities. I rate the product eight out of ten.

F5 Advanced Web Application Firewall (AWAF) is primarily used in financial sectors like banking to secure web applications against advanced threats, ensuring compliance with industry regulations. Our Key use cases include:

1. Protection Against OWASP Top 10: Safeguarding banking applications from SQL injection, XSS, and other common vulnerabilities.
2. Bot Mitigation: Detecting and blocking malicious bots to prevent account takeovers, credential stuffing, and fraud.
3. DDoS Protection: Defending against application-layer DDoS attacks to ensure service availability.
4. PCI DSS Compliance: Enforcing security policies to meet compliance standards for protecting sensitive customer data.
5. API Security: Securing APIs used in banking platforms from abuse and unauthorized access.
6. Threat Intelligence: Leveraging threat intelligence to identify and mitigate zero-day attacks.
7. Application Traffic Control: Managing and monitoring application traffic to ensure optimal performance and security.

These use cases help financial institutions maintain secure and resilient applications, critical for trust and compliance.

F5 Advanced WAF has significantly enhanced our organization's security posture by protecting critical banking applications against sophisticated threats. It ensures compliance with regulatory standards, improves customer trust through robust bot mitigation, and enhances application performance by mitigating DDoS attacks and securing APIs. Additionally, it provides real-time threat intelligence and streamlined security management, reducing downtime and operational risks.

1. Ease of Deployment: Simplify initial setup and policy configuration.
2. UI Enhancements: Improve user interface for better navigation and usability.
3. Integration: Enhance compatibility with third-party tools like SIEMs and DevOps pipelines.
4. Performance Optimization: Reduce latency during high traffic volumes.

Suggested Features for Next Release:

1. AI-Driven Threat Detection: Advanced machine learning for proactive defense.
2. Comprehensive API Protection: Extended support for GraphQL and WebSocket APIs.
3. Cloud-Native Integration: Better functionality in hybrid and multi-cloud environments.
4. Automated Policy Suggestions: AI-based recommendations for policy tuning.

It's been two years that I've been working with this solution.

I am not experiencing any significant instability.

F5 AWAF offers excellent scalability, enabling organizations to protect applications seamlessly across on-premises, cloud, and hybrid environments. It can handle increasing traffic volumes with minimal latency, ensuring consistent security for both small-scale deployments and enterprise-grade architectures. With its ability to integrate into CI/CD pipelines and auto-scale in cloud environments, F5 AWAF supports dynamic application growth without compromising performance or protection.

Customer service is very responsive. If the issue persists beyond my local support capabilities, I open a ticket with F5, and they respond quickly. I rate their technical support 9 out of 10.

Not now just I have checked the comparision and collect reviews from peerspoot and Quadrant

The initial setup experience is straightforward, and I did not face any complexities. I recommend deploying the F5 AWAF solution on a single appliance with LTM.

F5 is relatively less expensive compared to other solutions as F5 is considered the best.

Not Now

I rate F5 eight to nine out of ten. I recommend F5 to customers who require a robust solution and have the budget for it. However, for customers looking for modest pricing, I would not recommend the F5 solution.

I'd rate the solution eight out of ten.

The primary use case for F5 Advanced WAF is to protect applications that are exposed to the internet. It is used to protect applications from known attacks, such as cross-site scripting and DDoS attacks.

F5 offers a versatile solution that can be integrated with APM in cases where integration with an external IDB is needed. It is useful for authentication backup if the on-prem directory service is unavailable.

Additionally, its WAF functionality is valuable for protecting applications from attacks. It is a versatile and strong solution that's easy to understand and deploy.

The DDoS capabilities should be enhanced. More advanced features related to DDoS would be beneficial.

I have been working with F5 Advanced WAF since 2017, which is almost eight years.

The stability is high. It's a robust product with high availability, ensuring no disruptions for end-users if a node failure is detected. Our deployments are based on high availability clustering.

F5 Advanced WAF is highly scalable, both in its physical and virtual forms. Its scalability is based on the search, making it adaptable for various needs.

The support from F5 is excellent, with resources readily available online. The quality of support depends on the service SLA purchased, with various levels of service provided.

The initial setup of F5 Advanced WAF is straightforward and easy to understand. Without prior training, I could build and publish applications using just the documentation.

For standard and straightforward deployments, the implementation can be handled by a single person or a team based on the customer's size. Professional service can simplify the process significantly.

The pricing is not cheap; I rate it a six out of ten.

While it reflects the advanced capabilities of the product, reconsideration of the pricing is suggested.

For reverse proxy solutions, F5 Advanced WAF is the best choice.

Overall, I rate the solution an eight out of ten.

The primary use case is to secure the organization's applications from web-based attacks, securing both web applications and APIs.

The product is used to secure web applications and has the ability to use API templates and bot protection features, such as blocking requests or presenting CAPTCHA pages to end users. We also implement Swagger files for API security and use custom profiles for device ID threshold management.

The main improvement needed is related to IP intelligence. Once we start receiving traffic from repetitive IP addresses, we have to report it to the SOC team to block it at the layer four level. Users would like to have an additional IP intelligence license to handle this within WAF itself without needing to engage with the SOC team.

The solution has been used for three years.

Customer service and support depend on the level of support subscribed to, such as silver or platinum support, which determines the response time.

Deploying the solution involves an application learning and blocking phase. The process includes collecting application data, creating policies, and applying them to lower testing environments like QA or dev before moving to UAT and production. The learning phase is used to handle false positives and fine-tune the policies before going live.

The in-house team manages and supports the WAF, handling incidents reported by end users when legitimate traffic is blocked. They update the policies to prevent the recurrence of similar blocks.

The pricing and support service levels affect response times from customer service, depending on whether the support level is silver, platinum, etc.

We are exploring cloud-based solutions like Azure WAF and AWS WAF.

I rate F5 Advanced WAF an eight out of ten.

I was in charge of the F5 on-premises solution, where I published several applications for certificate verification and protected various applications. Additionally, I was working with botnets.

F5 Advanced WAF is a comprehensive community platform with a strong commitment, making it valuable for businesses. The capabilities on GitHub are highly appreciated, allowing me to count on F5 for reliability.

I would like to see improved features in the F5 Advanced WAF solution, especially with a focus on enabling Kubernetes fully. The database needs better service discussions and updates on communication. Additional improvements could also be made in asset management for the data.

I've been working with F5 for what seems like a lengthy period.

F5 is logistics-oriented, ensuring that the Webpack performs well in making every single case for the Stereo platform.

F5 is scalable, especially for Stellar and virtualization processes. Customers can scale efficiently.

F5's technical support team is commendable. They are professional and take high-priority prompts seriously.

My experience includes comparing F5 with FortiWeb. F5 provides more security capabilities for applications than FortiWeb.

The initial setup of the F5 Advanced WAF solution involves multiple stages and might require revisiting configurations based on customer needs. The setup can be complex compared to other options.

I am part of the deployment and implementation team, and we follow a strategy that involves providing quality assurance to ensure data integrity and server protection. Collaboration and dialogue with customers are part of the implementation.

Customers have shown consistent ROI with F5 solutions, especially when daily requests come in for assistance.

The user interface and sub-management prices can be a concern, however, they generally align with the industry's needs.

I recommend the F5 Advanced WAF solution for everyone with critical applications. Security needs to be embedded within the full visualization pipeline, allowing significant savings. I rate F5 Advanced WAF at a nine out of ten.

We use this solution for load balancing and web application firewall (WAF) services. We use the solution standalone and not integrated with other solutions.

It provides web application security and reduces bot attacks.

The web attack signatures are very important for detecting attacks, and the bot detection capability is an important feature that works well with F5 Advanced WAF.

The product could be more user-friendly for administrators. The user interface could be easier.

I have been using it for almost three years.

The solution is very stable. I would rate its stability as nine out of ten.

Very scalable. We use this solution for multiple customers and across data centers.

The solution offers good support. That said, sometimes it takes too much time to reach the right person.

I have also worked with Citrix NetScaler and F5 products, depending on customer needs.

The initial configuration is not too difficult, but subsequent configurations can be complex because they depend on customer needs.

I don't have direct knowledge of the pricing. From what I know, it is not too expensive compared to other solutions.

I am familiar with F5 and Citrix NetScaler solutions.

I recommend this product to others because of its effectiveness in mitigating threats.

I'd rate the solution eight out of ten.

We use the solution for load balancing and web application firewall (WAF) balancing. We operate in a data center and use it for web application security and services.

The solution provides strong web security, particularly against web attacks, and has effective bot detection that helps reduce bot attacks.

Web attack signatures are very important for detecting web attacks. The bot detection feature is also crucial in reducing bot attacks.

The product could be more user-friendly, particularly the user interface for administrators. Additionally, configuration can be quite complex and needs improvement to be less complex.

I've been using it for almost three years.

The product is very stable. From one to ten, I would rate its stability at a nine out of ten.

The solution is scalable. We use it for multiple customers and data centers, and I would rate its scalability as nine.

The customer service is good. That siad, sometimes it takes too long to reach the right person. I would rate their effectiveness as an eight.

I am familiar with Citrix NetScaler and F5.

The initial setup was not too challenging. Post-initial configurations can be complex.

Two to three engineers are typically involved in maintenance operations.

I don't know the exact pricing. It is not the cheapest yet not the most expensive. It depends on needs, budget, and vision.

I have experience with Citrix solutions.

I recommend this product to others.

I'd rate the solution eight out of ten.

We use F5 Advanced WAF to restrict attacks on our remote access VPN. We've implemented geolocations. Our APIs are exposed over the Internet, so we've utilized F5 Advanced WAF to protect those APIs, and it's integrated with our other applications.

The WAF solution works perfectly fine. If we face any issues, we get hotfixes from the solution experts. It is a little bit difficult to engage with a solution expert firsthand, but once they're engaged, they do whatever is best to resolve the issue.

We faced a lot of outside attacks on our VPNs and APIs, so the geolocation feature works perfectly fine for us. We use iRules as well. Our internal access VPN is advertised from a Cisco firewall, and above that, we have an F5 LTM. We have written some iRules on it to minimize the effects of attacks.

We are a PCI DSS-compliant organization, and we have a lot of security balance to improve our infrastructure. So we use this software to meet those requirements. It works well. So, F5 helped to meet compliance and regulatory requirements.

It's pretty smooth. Whichever load we put on it, we've observed minimal chances of the WAF exploiting the memory or sessions hanging.

The bot protection aspect works perfectly fine. All the solutions and features are renewed and they're working well. I don't see anything that can be improved.

We also leveraged AI initiatives.

Support is a little slow, but the solution itself is great. If I compare F5 and Fortinet, the main issue is the support. With Fortinet, it takes less time to engage a support engineer and get things sorted compared to F5.

I have been using F5 Advanced WAF since last January.

I work for a US-based firm, and the project I deal with relies heavily on F5 and F5 LTMs.

I work on both F5 BIG-IP cloud and on-premises and F5 LTM.

It is a stable product.

The physical hardware is not as scalable. We have to decide which version is best for us to procure because it is a costly device. So we try our best to get all the juice out of one box.

There's around 2500 users getting services from the F5. In my team, we are twelve engineers who are managing the infrastructure.

Support is a little slow, but the solution itself is great. If I compare F5 and Fortinet, the main issue is the support. With Fortinet, it takes less time to engage a support engineer and get things sorted compared to F5.

I'll give F5 a five because it is difficult to engage an engineer and get the issue sorted. For Fortinet, I'd give them a nine.

The initial setup process of the F5 WAF product is straightforward. There isn't an issue in setting up from scratch. We use F5 with the cloud as well, especially in Azure and AWS.

The deployment took around half an hour for an engineer to get the basic infrastructure done.

It is not difficult to manage bug fixes, upgrades, and everything. It doesn't take much time. The dashboards are good. All the basic information is given to us on the first page, and it's easy to manage.

It brings a return on investment.

It is a little bit costly, but it has all the features that are required.

I would recommend F5 Advanced WAF to other users looking to implement it.

My advice:

A lot of organizations are financially constrained when buying devices. So if the organization is capable of maintaining and managing a device like F5, we suggest F5. Otherwise, we suggest other solutions, like Fortinet or Citrix.

Overall, I would rate it an eight out of ten because of the support.