Insights from F5 Distributed Cloud WAF (Web Application Firewall) Reviewers
Based on 62 verified reviews published in the last 18 months
TrustRadius Community Insights are summaries of user sentiment data from TrustRadius reviews and, when relevant, HG Insights data.
Overview
Synthesised from 62 reviews | Last Published June 17, 2026
F5 Distributed Cloud WAF is widely used by organizations to secure web applications and APIs against a diverse range of cyber threats, often serving as a critical first line of defense for internet-facing applications. In TrustRadius reviews, users deploy it across multi-cloud and hybrid environments for consistent protection, valuing its robust application security, particularly its Layer 7 DDoS defense, and simplified deployment and configuration.
Emerging positives include its effective bot protection and ability to limit false positives. However, reviewers frequently suggest enhancements in AI and automation for rule setup and detection, along with improvements to the user interface and dashboard usability, which some find complex. Despite these areas for refinement, the platform is generally seen as a valuable investment, significantly improving security posture and offering operational efficiencies.
Pros
Robust Layer 7 DDoS protection
Easy configuration and deployment for security policies
Effective prevention of security incidents and data breaches
Strong application protection against common threats like SQL injection and XSS
Efficient bot protection with limited false positives
Cons
Limited AI and automation for advanced rule setup and detection
Complex user interface and dashboard navigation
Initial configuration and deployment can require extensive knowledge
Search functionality within the GUI needs improvement
F5 Distributed Cloud WAF helped us from managing a legacy web application firewall that was on premises. It greatly expediated our ability to manage and configure our firewalls. We have a small team and it has made us more efficient. The scope was protecting a website and securing it. The F5 purchase was a great decision.
Pros
Ease of Use
Security
Role Based Access
Scalability
Cons
Modernize GUI
Dark Mode
Permissions by User
Likelihood to Recommend
The F5 Distributed Cloud WAF is great for hybrid or cloud accounts but even does well on-premises. For organizations that want the latest and greatest security with an abundance of features that focus on protecting your apps, website and organization. It prevents all types of threats. This is a great product and I would recommend it.
I moved web apps to a cloud-based F5 Distributed Cloud WAF (Web Application Firewall) versus virtual appliances that were difficult to manage.
Pros
Centralized management
Cloud agnostic
Likelihood to Recommend
F5 Distributed Cloud WAF (Web Application Firewall) is a great service to take advantage of moving on-prem app to the cloud without losing security policy management and visibility.
VU
Verified User
Administrator in Information Technology (1001-5000 employees)
Cyber attacks has been increased all over the world, so does in Bangladesh. Every organization has their own website or application to provide services to its users. Nowadays, web attack are increased a lot with new evading techniques and its very import to identify and block the attacks before it affects. We use this product to block web application attacks.
Pros
Defend brute forcing attacks
Defend SQL injection attacks
Defend common web attacks
Cons
Align with new evading techniques to prevent them
Improve User experience
Easy to use functionality
Likelihood to Recommend
It detects common web attacks including XSS, SQLi, brute forcing. But there are fields where it could be better like detect OOB attacks.
VU
Verified User
Consultant in Information Technology (51-200 employees)
We use F5 Distributed Cloud WAF as an extra layer to our security. Obviously, with our inbuilt applications, the code has its security piece. But if we can use the web application firewall at the layer seven-level, that can give us that extra level of protection. And a great use case for this was the recent Log4j problem. When Log4j was announced, F5 immediately updated their signatures, and we could apply them to a web application firewall. That gave us immediate protection in the short term while we tried to analyze our entire estate and patch. And then we could see requests instantly getting blocked for that Log4j piece.
Pros
Layer seven attacks are becoming far more common. Traditionally it was always layered three, layer four, where you get an additional firewall, but with the application layer attacks become more frequent, more popular, et cetera. So having the web application firewall protecting us, and then with the recent Log4j, that's the most recent use case when it gave us that instant level of protection whilst we remediated the Log4j that we had that and the F5 Distributed Cloud WAF was protecting us.
I have a great relationship with the account manager, my account manager, and I think he drives the best price possible, um, for me, and I'm happy with that price.
F5 Distributed Cloud WAF is always innovating and evolving.
We run a very competitive proof value where we run numerous competitors against each other, and then we evaluate from that and then make the selection, and F5 Distributed Cloud WAF was the winner.
Cons
I think, actually, and it's maybe a standard thing for F5 - the GUI is still a little bit dated. It's never really modernized, so it's not an F5 Distributed Cloud WAF thing. It's more of an F5 kind of piece, but the WAF is buried into that. So it's a little bit, although we do have the Silverline WAF, and that's a bit more modernized. But yeah, the overall UI interface could maybe be modernized a little bit.
Likelihood to Recommend
I would say it's an extra layer of security. As I always say, you can't put a price on cyber security.
A lot of companies, government organizations, or private enterprises, end up throwing money at cybersecurity after an event occurs. The reputational and other damage is too late. This product is great for layer 7 piece of security.
We use F5 in Rio de Janeiro State Government, secure web apps, balancing the traffic e obter fraturas like URL redirects. Now we are going to expand F5 BIG-IP in others entities to protect more web apps and systems. Additionally, we want to balance two and more sites for contingence.
Pros
Secure apps
URL redirects
Site balancing
Cons
Price
Database protection
API protection
Likelihood to Recommend
Datacenters redundancy, URL redirects, web application protection, strong support and great community. We can use on-premise at one site and virtual appliance on others site.
Verified User
Director in Information Technology (501-1000 employees)