F5 Advanced WAF: Web App Firewall Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

F5 Advanced WAF: Bottom line

F5 is rated highly by analyst firms, testing labs, and users alike. Especially for those requiring advanced bot protection, app-layer DDoS protection, and encryption of sensitive data and credentials, F5 Advanced WAF should be high on the list.

F5 Advanced WAF: Product Description

F5 Advanced WAF identifies and blocks attacks. From application-layer encryption to protection against credential and data theft to L7 DDoS detection that uses machine learning and behavioral analytics, Advanced WAF offers:

  • Protection from web exploits and application vulnerabilities (CVEs)
  • Bot protection
  • Protection from credential attacks
  • Real-time threat intelligence and reputation
  • L7 DDoS mitigation based on machine learning and behavioral analytics
  • API Security

Previously, F5 only offered WAF as a module from a larger suite. This new product is standalone.

See our complete list of Top Web Application Firewall Vendors

F5 WAF Features Rated

Security: Good. NSS Labs graded F5 top on security effectiveness at 98.11% and in fourth place on block rate at 94%.

“The product works great for protecting web sites at an application layer,” said a security engineer in the finance industry. “It goes above and beyond what a traditional firewall can do and protect against common threats and also new threats.”

Performance: Very good. NSS Labs scored it above all but one competitor on performance at 31,000 connections per second (CPS) and 36,540 transactions per second. According to F5, it can scale from 25 Mbps (Virtual Edition) to an 8-blade chassis that supports 5M L7 requests per second and 140 Gbps L4/L7 per blade.

Gartner said: “Reference customers scored F5 very highly for performance and for the quality of the security modules, including protections against injection attacks, DDoS and API security.”

Value: Fair. NSS Labs found F5’s 3-year TCO to be $327,176 which translated to $6.60 per CPS, more expensive than some competitors. However, the tests were based on the previous version of F5 WAF, and cloud versions are available that should bring TCO down significantly.

Implementation: Good. Deployment options vary from the complex to the simple. F5 Advanced WAF leverages the same inline full proxy architecture as existing F5 BIG-IP solutions. Its carrier-grade VIPRION chassis is another approach that requires skilled implementation. Other deployment scenarios such as L2 Transparent (non-proxy) are supported. Simpler implementation options are in the cloud via F5 Silverline WAF Express, click to run WAF in Microsoft Azure Security Center, and as part of a larger solution in BIG-IP Cloud Edition.

Gartner said about the previous version of F5 WAF: “New clients often report that they get confused with the management interface. They like the flexibility, but the learning curve is quite extensive in order to leverage all capabilities.” However, easier implementation paths are now available.

Management: Best in class. F5 Advanced WAF management interface is now web-based and purpose-built for security practitioners so the policy configuration, logging, alerting, violation severity and analysis are all there as you would expect. The same functionality is accessible via REST API for those who would rather use their automation and UIs to manage and consume F5 security solutions.

Gartner added that the large and scalable Big-IP platform portfolio allows F5 customers to bundle WAF with strong access management or load-balancing features, and to build an architecture with single-pass decryption, mirroring to other security solutions, unified learning, policy building and central visibility.

“The solution was quick to deploy and it’s easy to manage,” said a systems manager in the telecom industry.

Support: Very good. F5 has support centers for partners and customers in APAC, Japan, EMEA, and North America that enable in-region support in several languages through native-speaking support engineers. Additionally, the F5 WebSupport Portal provides access by allowing customers to quickly create new support cases, receive an automated case number, read case details and updates, upload troubleshooting attachments, and more.

Cloud features: Very good. Silverline WAF Express is F5’s lower-priced offering, which comes without managed services. Higher-priced cloud offerings are also available that provide more services. Gartner said Silverline is starting to be mentioned by clients as a candidate for cloud-based WAF services. It provides an API for WAF configuration management that is feature-complete, and integrates with AWS and Microsoft Azure platforms.


Markets and Use Cases

There are three main use cases for Advanced WAF:

  • Advanced bot protection: Behavior analytics in F5 Advanced WAF can detect threats that signature-based approaches miss or incorrectly block (false positives). F5 Advanced WAF also enables bot protection in cases where JavaScript cannot be used, such as with mobile apps. Behavior analytics augments existing protection against bots: client transaction and server latency monitoring, resource-intensive URL monitoring, proactive bot defense, and CAPTCHA challenges.
  • Account Takeover: F5 Advanced WAF uses app-layer encryption through its DataSafe solution to protect sensitive data and credentials. This extra layer can mitigate generic keyloggers and credential capture tools at the browser level.
  • App-layer Denial of Service (L7 DDoS): F5 Advanced WAF baselines normal traffic, builds and enforces real-time DDoS signatures for new app-layer (L7) attacks. Stress detection reduces false positives and ensures mitigation action only occurs when an attack is impactful. Advanced WAF can differentiate between benign and malicious bots, web scrapers, and brute force hacking attempts.

Security Qualifications

Common Criteria, FIPS, PCI.


Advanced WAF is available as a purpose-built appliance, a cloud-ready virtual appliance, or part of the F5?Silverline service.


Pricing starts at $1.33 /hr for Pay as You Go on AWS and $7,495.00 for a Virtual Edition perpetual license. NSS Labs gave it a three-year TCO of $142,590 and a TCO per CPS of $6.52

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis