F5 BIG-IP Virtual Edition - GOOD (PAYG, 200Mbps)
F5, Inc. | 17.1.1.4-0.100.9Linux/Unix, CentOS 7.3 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Got rid of the product
What do you like best about the product?
The consistency of appearence; specifically- that when it shows up I can be alerted of potential threats on my computer.
What do you dislike about the product?
I dislike the quality of the browser when this pops up. I’d like to adjust it in my settings but I don’t know how to.
What problems is the product solving and how is that benefiting you?
I’m not solving any business problems per say; it’s moreso if managing my computer and my files to make sure that everything is safe and secure.
- Leave a Comment |
- Mark review as helpful
F5 AFM works but use F5 WAF instead
What do you like best about the product?
Ddos protection simple and out of the box. The concept of protection out of the box was very attractive.
What do you dislike about the product?
dDos protection broke our applications due to timeouts specified in our web application the two were not initially compatable. The URL filters were very hard to implement
What problems is the product solving and how is that benefiting you?
Provides protection to large scale attacks
Recommendations to others considering the product:
Be careful use the auto-learning functions and stick to it. Do not go too deep into URL filters as that can cause large sweeping impacts. Be careful if something breaks your application it maybe hard to find.
It could be hard to scale because we will be encrypting and decrypting. The connection through the API Gateway worked in no time, which was fantastic.
We use it primarily for WAF.
How has it helped my organization?
The ability to quickly set up. I understood it very quickly. I had some URLs which pointed to my load balancers, and inside there, I had to send an action to the API Gateway. I thought it was going to be a very complex thing for me to do, but that one rule that I had to create, it solved everything for me.
The connection through the API Gateway worked in no time, which was fantastic. From the perspective of us building it, once you have that one rule you can stamp it out. Also, it was easy for me to show operations, "Look how easy it is. There's nothing complex about it."
What is most valuable?
* iRules
* Simplicity
I was able to simply and quickly set up the WAF rules and security, and also set up easily complex policies and rules which gave me some great features to redirect. So, I had to integrate API Gateway into our WAF, because we're a healthcare company, and we have to maintain security. Therefore, they didn't want to have public endpoints that had not been inspected. The policy features inside the WAF rules were really easy for me to set up. What I thought was going to take me two months, I had done in about two weeks. Between Googling and F5 having great information, so instead of using traditional iRules, I used a policy thing that they recommended. It was much simpler and cleaner, and seemed to execute faster. It was a great feature.
The configuration and implementation of what I thought I was going to have to do was a lot simpler than I expected it to be. That was a plus.
What needs improvement?
People love them in security, but their costs are completely out of bounds. However, I'm not a security guy, so I don't necessarily know all the ins and outs of why our security team may have chosen this product versus other ones.
I am disappointed with the additional cost. 25 megabytes is low. If we get to a thousand, a gig, It is like three dollars an hour. While you can get a reduction in price, when I price them against anyone else, they are wildly overpriced.
I used GitHub for autoscaling CloudFormation, and I found two bugs and I submitted them. Their implementation in GitHub could be cleaner and allow for a bit more customization. We always end up customizing these things, so I found two bugs and I thought they were big bugs so I was surprised. This wasn't necessarily relative to product. It was more about the support role of GitHub and the way it was launching. However, the features that they said would work, did not.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It seems very stable. I've had no problems with stability at all. It's been rock solid, from the perspective of staying in line and working as expected.
I did individual testing. We were doing very small tests to start, 25 megabits. So, I was driving close to 25 megabits through it. Memory and CPU, I thought might be a bit of a concern, but overall it seemed good. It was doing what I needed it to do, and doing it well, so I didn't notice anything in my traffic.
What do I think about the scalability of the solution?
I haven't thought of production workloads on it yet. I don't know how the performance is going to be in terms of CPU memory, but I was told by other people because of what we're doing on it, it could be hard to scale. So, we may have to end up buying more because we will be encrypting and decrypting. We have to inspect that traffic, so that will be CPU intensive. Therefore, one instance may not be enough for us, as we may be spinning up multiples across Multi-AZs.
We will be just stacking our costs. Granted, it is virtualization, and you can only get so much out of it. However, I haven't put true production workloads through it. I have only done my testing, and I am concerned a bit about these factors and how they may drive our costs even more, because I will have to spin up more WAFs to accommodate for high CPU and memory loads.
What's my experience with pricing, setup cost, and licensing?
From a cost perspective, I agreed to analyze the standards in terms of load balancing. However, the cost that they have with AWS are almost prohibitive. I'm being forced to use F5 WAF. I would not simply use it based on cost. I agree that they have some great features, but for me, cost is key in terms of AWS.
This applies to buying in the AWS Marketplace. If you go to a simple WAF doing 25 megabits, and I'm paying for the instance cost as well, it is over a dollar an hour. You can add that up and ask for some discounts, but relative to other players, they are significantly more expensive.
We will need a lot of these, and it can be a real negative driver in terms of spend and how we will be able to move forward.
Purchasing though the AWS Marketplace was easy; it was a piece of cake. You go right in, and the options are there. It was nice you can pick the different kind of group you wanted and what type of security you wanted. It did put in a lot of information that would build a lot of the initial infrastructure for me in terms of supporting my load balancer and creating security. Granted, I destroyed it all, but it was nice and it was there. It gave me the ability to level set what I should create versus what they put in place. I could see what they're doing here and I can match it to my own criteria. What they put in the AWS Marketplace and came through with the license, it worked well.
We chose to go through the AWS Marketplace because you can do almost anything you are going to launch there. The first time you launch, you always grab from the market, particularly for PoCs, as it's just easier. There's no reason why I wouldn't go through the AWS Marketplace, because they've already have F5 WAF. It's exactly what I want and it's exactly what I needed, so I can go from there.
Which other solutions did I evaluate?
I am a fan of using AWS natively. It is much cheaper.
We also looked at Check Point and Barracuda, but they were not markedly cheaper. The whole reason to use AWS was its ability to create resources which have more economic scale. This has almost started to get lost with the prices that these companies are charging.
I started my PoC back in April, which is when I finished three PoCs across different deployments for F5. So, I'd probably been using the product for about eight months.
What other advice do I have?
The product works.
We have F5 all across our environment. We use them for both VPNs and for traditional load balancers. So, we have VIPRIONs and several different versions of on-premise F5 hardware, as well. From an operations team perspective, everything is easy to learn; seamless. The ability to get teams to focus on AWS F5 is easy because they already know everything there. From an operational perspective, it is a win-win because they already know how to work with the F5.
Using the product, applications are jittery. Initial setup is easy and pretty standard.
This is for remote access to an internal network of the organization to do all types of work. The requirement for VPN is secure with high performance.
How has it helped my organization?
Two issues found in using BIG-IP VPN compared with Cisco VPN:
* Performance: Two applications are being used: remote desktop (RDP or rdesktop) and VNC viewer. Comparisons are done on the same client machines (Windows 10 and Linux 16.04) over the same network. When using Cisco VPN, applications are working smoothly while occasionally jittery. When using F5 VPN, applications are quite jittery. Sometimes applications are useless (too slow to refresh the screen).
* Client support: Cisco VPN has more Clients supported than BIG-IP, e.g., BSD.
What is most valuable?
Still not clear why our IT decided to switch to F5 BIG-IP after two years experience. It appears as if there may be some advantage (possibly) related to security concerns (more secure?).
What needs improvement?
Performance is the first thing and most critical issue that needs improvement.
Supporting more Clients would be nice, but without improving performance, F5 will not widely be used for critical work. It killed an international meeting the first time that we used BIG-IP VPN.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Performance: Using the product, applications are jittery.
What do I think about the scalability of the solution?
No issues.
Which solutions did we use previously?
We used Cisco VPN. I am not sure why our IT forced us to switch to F5 without our feedback.
How was the initial setup?
Initial setup is easy and pretty standard. Setup is not much different from all other VPNs.
What about the implementation team?
In-house.
What's my experience with pricing, setup cost, and licensing?
Unless the price difference is large, this is not the primary concern for the product. The performance and product-related issues (secure for VPN, multi-function for network device, etc.) are the keys.
Which other solutions did I evaluate?
showing 1 - 4