Advanced protection has reduced web attacks and improves application performance and operations
What is our primary use case?
F5 Rules for AWS WAF provides advanced protection for web applications hosted on AWS against application layer attacks. I primarily use these rules to detect and block common threats such as SQL injection, cross-site scripting, remote code execution attempts, and other OWASP Top 10 vulnerabilities. F5 Rules for AWS WAF managed rule sets enhance AWS WAF's native capabilities by providing continuously updated threat intelligence and more granular signature-based detection.
In addition, I use these rules to handle automated and bot-driven attacks and traffic by identifying suspicious request patterns and reducing the unwanted traffic reaching the origin. This helps improve both security and application performance. From an operational perspective, the rules are initially deployed in count mode to analyze the traffic behavior, followed by tuning and gradual enforcement in block mode to minimize false positives and avoid business impact.
How has it helped my organization?
One of the key outcomes was a 35 to 45% reduction in malicious application layer traffic reaching the origin, particularly from SQL injection, XSS, and automated bot attackers. This significantly reduced the load on backend systems. I also noticed an improvement in application stability with fewer performance degradation incidents during attack spikes.
In some cases, response times improved due to reduced unnecessary traffic hitting the application layer. From an operational standpoint, the use of managed rule sets helped to reduce manual effort by approximately 25 to 35%, as many common attack patterns were automatically detected and mitigated without requiring constant rule creation. Additionally, by properly tuning the rules, I was able to keep false positives at a minimal level while maintaining strong protection, which improved the overall user experience and reduced support tickets related to access issues. Overall, these improvements contributed to a better security posture, improved performance, and more efficient day-to-day operations.
What is most valuable?
One of the best features of F5 Rules for AWS WAF is the advanced, continuously updated threat intelligence provided by F5. F5 Rules for AWS WAF rule sets are highly effective in detecting and mitigating OWASP Top 10 attacks such as SQL injection, XSS, and command injection, which significantly strengthens application security. Another key feature is the ease of integration with AWS WAF, allowing organizations to deploy enterprise-grade protection without additional infrastructure.
F5 Rules for AWS WAF can be quickly enabled and tested in count mode, which helps in safely evaluating their impact before enforcing them in block mode. F5 Rules for AWS WAF flexibility in tuning and customization is also a major advantage. Security teams can create exclusions, adjust the sensitivity, and combine F5 Rules for AWS WAF with custom AWS WAF rules to align with application-specific requirements and reduce false positives. Additionally, the visibility provided through AWS WAF logging and metrics helps in identifying attack patterns and making data-driven security decisions.
What needs improvement?
One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process. While F5 Rules for AWS WAF is powerful, fine-tuning it to match specific application behavior can sometimes be complex and time-consuming, especially for teams without deep WAF expertise. Another improvement could be enhanced visibility and reporting.
Although AWS WAF provides logs, having more intuitive and built-in dashboards or clearer categorization of rule triggers would make it easier to quickly identify and analyze attack patterns. Additionally, expanding the capabilities around bot management and behavior analysis would be beneficial compared to some dedicated bot management solutions. More advanced detection techniques could further strengthen the protection against sophisticated automated traffic. Finally, providing more predefined templates or best practice recommendations for different application types would help speed up the deployment and reduce the initial configuration effort.
For how long have I used the solution?
I have been using F5 Rules for AWS WAF for around one year in enterprise environments.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is highly stable in my experience. Since F5 Rules for AWS WAF operates within AWS managed infrastructure, I have not observed any major disruption or performance issues related to the rule sets themselves. F5 Rules for AWS WAF is consistently updated and applied without impacting application availability, and it handles high traffic volumes effectively, even during attack scenarios.
Additionally, once properly tuned, F5 Rules for AWS WAF runs reliably with minimal intervention, which further contributes to operational stability. Overall, F5 Rules for AWS WAF has proven to be dependable for enterprise-level deployments.
What do I think about the scalability of the solution?
F5 Rules for AWS WAF is highly scalable, as it operates on top of AWS's native infrastructure. Since AWS WAF itself is designed to automatically scale with the incoming traffic, F5 Rules for AWS WAF inherited the capability without requiring any manual intervention. In my experience, F5 Rules for AWS WAF handles traffic spikes and high request volumes efficiently, including during attack scenarios such as bot surges or application layer attacks.
There is no need for additional capacity planning or hardware provisioning, which makes it very suitable for dynamic and growing environments. Overall, the scalability is seamless and aligns well with cloud-native architectures, making it ideal for enterprise applications with variable traffic patterns.
How are customer service and support?
My customer support experience has been generally positive, especially when working through F5 and AWS together. For critical issues, the response time is quite good, and the support teams are knowledgeable in handling rule tuning, false positives, and other security-related incidents. One of the strengths is the availability of detailed documentation and predefined rule sets, which reduce the dependency on support for most common use cases.
However, for more advanced tuning or complex scenarios, I occasionally rely on vendor support, and they have been responsive and helpful. Overall, the support is reliable, but having more proactive recommendations or faster turnaround for complex cases would make it even better.
Which solution did I use previously and why did I switch?
Prior to using F5 Rules for AWS WAF, I was primarily relying on the default AWS managed rule sets and some custom WAF rules for application protection. While this provided a basic level of security, I found that they lacked the depth and advanced threat intelligence needed to effectively handle more sophisticated attacks and evolving threat patterns.
I switched to F5 managed rules to enhance my detection capabilities, especially for OWASP Top 10 vulnerabilities and more complex attack signatures. The continuous updates and better coverage helped me to improve my security posture. Additionally, using F5 Rules for AWS WAF reduced the need for frequent manual rule creation and tuning, making operations more efficient and scalable for enterprise environments.
How was the initial setup?
I purchased and deployed F5 Rules for AWS WAF through AWS Marketplace, which made the onboarding and integration process straightforward and efficient.
What about the implementation team?
The implementation was carried out in-house, leveraging my existing team with experience in AWS services and security.
What was our ROI?
I have seen a clear return on investment after implementing F5 Rules for AWS WAF. From a security perspective, I observed around 35 to 45% reduction in malicious application layer traffic reaching the origin, which helped protect the backend systems and reduce risk exposure. In terms of operational efficiency, the use of managed rules reduced manual effort by approximately 35 to 45% as many common threats were automatically detected and mitigated without requiring continuous rule creation and monitoring.
This also translated into time savings for the security team, allowing them to focus more on proactive security improvements rather than reactive incident handling. Additionally, by reducing unnecessary traffic and attack load, I saw improvements in application stability and performance, indirectly contributing to better user experience and reduced downtime risk. Overall, the combination of reduced manual effort, improved security posture, and better application performance has delivered a strong return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing and licensing has been generally positive. Since F5 Rules for AWS WAF is available through the AWS Marketplace, the licensing model is straightforward and aligns well with AWS's pay-as-you-go approach. There is no significant setup cost involved, as it is a managed service that can be quickly integrated into the existing AWS WAF configuration without additional infrastructure.
This makes the initial deployment cost-effective and easy to manage. From a pricing perspective, while it may appear slightly premium compared to basic rule sets, the value it provides in terms of advanced threat protection, reduced manual effort, and improved application stability justifies the cost. Overall, the pricing is reasonable for enterprise environments, especially when considering the security benefits and operational efficiency it delivers.
Which other solutions did I evaluate?
Before choosing F5 Rules for AWS WAF, I evaluated multiple options, including the default AWS managed rule sets, other AWS Marketplace alternatives, and other third-party WAF solutions such as Cloudflare and Akamai. The default AWS rules were easy to use but lacked the advanced threat coverage and depth in detection. Other third-party solutions provided strong capabilities, but integrating them into my existing AWS native architecture required additional effort and complexity.
I chose F5 Rules for AWS WAF because it offered a good balance between advanced threat intelligence, seamless integration with AWS WAF, and ease of deployment through AWS Marketplace. This allowed me to enhance security without adding operational overhead or changing my existing architecture significantly.
What other advice do I have?
I would advise not relying only on the default rule sets in blocking mode immediately. It is better to start in monitoring or count mode, analyze the traffic patterns, then gradually move to enforcement. Additionally, I recommend investing time in proper rule tuning, especially for critical applications such as login, APIs, or payment flows because false positives can impact business functionality if not handled carefully. Finally, ensure that logging and visibility are properly enabled from day one, so you can continuously improve the rule set based on real traffic and evolving threats. I would rate this solution as an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Managed security rules have protected our public e‑commerce sites and simplified ongoing defense
What is our primary use case?
We are providing support to our end customers who have e-commerce websites that need to be exposed to the public, and for a secure way around, we thought of getting them exposed via the Application Load Balancer to make sure it is exposed at Layer 7 only. While making sure it will be protected, we started using AWS WAF services, where we found that we can utilize a WAF rule set from Marketplace. We started using it, and I got the chance to be part of one of the summits where I heard of F5 Rules for AWS WAF. Since then, I have been using their rule sets for bot protection, web exploit OWASP rules, common vulnerabilities and exposures, and API security, which is a use case we are using to configure these rule sets.
We are using AWS WAF, which has been integrated with the Application Load Balancer to ensure that our Application Load Balancer is secure while it gets publicly exposed.
We thought of starting to use F5 Rules for AWS WAF primarily for DDoS protection nowadays, as AWS native rule sets also provide some protection for DDoS. I found that it demands continuous improvement in these rule sets. Previously, we used native rule sets, but these continuous demands were not listed in it, which led us to an unsecure environment. Now, using F5 Rules for AWS WAF for bot protection, I found that they continuously perform vulnerability scans while these rules come into action. This continuous improvisation ensures that I can build trust against these rules instead of other third-party rule sets.
What is most valuable?
I really appreciate the way F5 Rules for AWS WAF generate reports proactively to show the number of exploits that come in and what remediation has been followed to block such exploits, mainly in the OWASP rule sets.
It has generated value toward us because since these e-commerce websites could become exposed to the public in an unsecure manner, which really no one wants. Now, looking at these rule sets, they ensure that our origin or our application content and code, as well as the application itself or its API, are secure enough, always.
What needs improvement?
An area for improvement I see is that while everything is in good shape, I demand continuous improvisation of these rule sets. However, I am accepting of this. To stay safer from a security perspective, continuous improvisation in these security rules is required to ensure we are always up to date with new attacks.
For how long have I used the solution?
I have been using F5 Rules for AWS WAF in the last two years and I found it to be a good choice compared to other products.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable.
What do I think about the scalability of the solution?
Scalability is not a challenge with F5 Rules for AWS WAF, as they are configured within the AWS WAF service, which is reliable and redundant. We have not faced any challenges with the rule set scalability, and that is a positive aspect.
How are customer service and support?
I have reached out to customer support multiple times, especially while configuring rule sets for the first time. The support provided was excellent. I appreciate the assistance; they clearly explained everything, how to configure these rule sets, and what the best options are based on my use case, which helped us shortlist what is required.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used AWS native rule sets and Fortinet rule sets. We switched to F5 Rules for AWS WAF because we found it more competitive. They continuously improve their security rules and keep adding vulnerability protection to their existing rule sets, ensuring we are protected and our applications are safe.
We mainly evaluated AWS native rule sets prior to F5 Rules for AWS WAF.
What was our ROI?
It has absolutely saved money for our security team and time. There are two ways: either we write our own rule sets, which demands significant time, or we can use a more mature tool like F5 Rules for AWS WAF, which has already created these rule sets for perfect use cases like we are using for our end customers. Using F5 Rules for AWS WAF saves us time spent on developing security rules ourselves.
What's my experience with pricing, setup cost, and licensing?
From the pricing perspective, I found it to be comparable to other marketplace rules available in AWS Marketplace. It has competitive pricing.
What other advice do I have?
I advise anyone looking for a great tool to secure their public-facing applications to start using F5 Rules for AWS WAF. These are managed rule sets, so you do not need to worry about continuous improvements or ensuring your application is secure; F5 Rules for AWS WAF will take care of that and is always making the necessary improvements in these rule sets to ensure security.
I am very impressed with the rule sets and the continuous engineering from their security team to ensure the required rule set availability. I really appreciate the fantastic job they are doing.
F5 Rules for AWS WAF can be integrated with AWS CloudFront, Application Load Balancer, Lambda, and API Gateway. I am satisfied with all these services as they are our intermediary points for services exposed to the public or globally.
I gave this product a rating of ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Application layer protection has improved traffic control and supports my initial security testing
What is our primary use case?
I have been using F5 Rules for AWS WAF for a short time and want to discover more about it.
My main use case with F5 Rules for AWS WAF is testing it out.
I don't have a quick specific example of what I'm testing at this moment.
For now, I don't have anything else to add about my testing experience so far.
What is most valuable?
The best features F5 Rules for AWS WAF offers, from what I've seen or read so far, are application layer protection.
I am referring to application layer protection with F5 Rules for AWS WAF, which stands out to me as using something similar to iRules to protect applications.
F5 Rules for AWS WAF has positively impacted our organization for security through the implementation of traffic rules in our application.
I have noticed specific benefits such as easy management with F5 Rules for AWS WAF, but I think that it's too early to provide a definitive assessment because I started using it only a few days ago.
What needs improvement?
I don't know how F5 Rules for AWS WAF can be improved because I have only been using it for a few days.
I don't have anything to add about the needed improvements for F5 Rules for AWS WAF at this time.
For how long have I used the solution?
I have been working in my current field for about two years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable in my experience so far.
What do I think about the scalability of the solution?
From what I've seen, F5 Rules for AWS WAF's scalability is stable for now.
How are customer service and support?
I have not had any experience with customer support for F5 Rules for AWS WAF yet.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
I had a great experience with the pricing, setup cost, and licensing.
What about the implementation team?
My company does not have a business relationship with this vendor other than being a customer.
What was our ROI?
It's too early to talk about a return on investment with F5 Rules for AWS WAF.
What's my experience with pricing, setup cost, and licensing?
I had a great experience with the pricing, setup cost, and licensing.
Which other solutions did I evaluate?
I did not evaluate other options before choosing F5 Rules for AWS WAF as it was my first time.
What other advice do I have?
It's too early to provide my experience or advice to others looking into using F5 Rules for AWS WAF.
I don't have any additional thoughts about F5 Rules for AWS WAF before we wrap up.
I found this interview at AWS re:Invent.
I gave this review a rating of 8.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
F5 AFM is powerful and advanced software based firewall
What do you like best about the product?
F5 advanced firewall is software based firewall solution to provide network security. It can provide real-time visibility in to network traffic and can block traffic real-time. It also has intrusion prevention which is advanced security feature. It can be deployed in a wide range of network environment.
What do you dislike about the product?
It is premium product but still having some performance related issues. Overall its a powerful device with great features.
What problems is the product solving and how is that benefiting you?
It provides the advanced network security in large networks. Better GUI interface for quick setup and configuration. Really advanced firewall in industry.
"Firewall Manager for Data Center"
What do you like best about the product?
As i am working with ISP Company i need to deal with firewalls.F5 Advanced Firewall Manager are most effective network-level security for enterprises and service providers.Connect securely to VPN within quick time.Connection times are fast and reliable.Web properties and applications in balance and maintain high accessibility level."
What do you dislike about the product?
I think cost is little bit high as compare to other firewall manager.
What problems is the product solving and how is that benefiting you?
*Connection times are fast and reliable.
*It provides full SSL visibility,as well as network-layer and session-layer security.
*Advanced Firewall Manager gives fast and secure access as well as it is high performance firewall.
Recommendations to others considering the product:
Secure protection for data center and cloud,Highly recomended.
Got rid of the product
What do you like best about the product?
The consistency of appearence; specifically- that when it shows up I can be alerted of potential threats on my computer.
What do you dislike about the product?
I dislike the quality of the browser when this pops up. I’d like to adjust it in my settings but I don’t know how to.
What problems is the product solving and how is that benefiting you?
I’m not solving any business problems per say; it’s moreso if managing my computer and my files to make sure that everything is safe and secure.
Protection within an APP
What do you like best about the product?
This worked perfectly when remoting in form home. The system ensured protection for both my computer and computer remoting into. The benefit of protecting the companies data, and business, requires thinking about app security first and they excelled. Working for the company 5 years, in a manager role, we never has any security issues using this app. Easy to get in touch with people in support when there are issues. This is also available in any cloud which is a huge benefit as well.
What do you dislike about the product?
There were times it was difficult to log in, not sure if it came from f5 or that company I was working for. The system was slow at times too. This is great for companies with impertinent information. I don't have to many dislikes regarding this app since it was a huge positive for the company.
What problems is the product solving and how is that benefiting you?
This allowed us to work from home and provide service to our customers. Helped connect us to our customers! As our mission statement reflected as always on and this app allowed us to hit our mission statement. This also solves problems for people that need to work from home due to illness or any issues of the sort. There is also a ton of training and information on their website for more information regarding best practices, how to use, and environmental concerns.
Recommendations to others considering the product:
I think you're doing a great job, the only feedback is to make it faster!
F5 has a lot of potential
What do you like best about the product?
When running smoothly, F5 is awesome. I’m able to access all of the files needed for my business, which is a must have. Makes me feel like I’m in the office sometimes even though I work remotely.
What do you dislike about the product?
F5 has a lot to offer but it could use some improvements. Although it has improved a lot, the constant disconnection hurts as I work remotely and rely on it. I have determined through multiple sources that it is not my ISP but, in fact, F5.
What problems is the product solving and how is that benefiting you?
Definitely great because as soon as we login, we have access to all of the applications we need to do our job. Also great to have as a remote user. Without it, I cannot do my job.
