F5 BIG-IP Advanced Firewall Manager (AFM)

Network security policy management (NSPM) software

Network security software

Features
Ease of use
Ease of management
Quality of support
Affordability
Market presence

Take the quiz to check if F5 BIG-IP Advanced Firewall Manager (AFM) and its alternatives fit your requirements.

Get started

Pricing from

Contact the product provider

Free Trial

Free version unavailable

User corporate size

Small

Medium

Large

User industry

What is F5 BIG-IP Advanced Firewall Manager (AFM)

F5 BIG-IP Advanced Firewall Manager (AFM) is a network firewall module that runs on the BIG-IP platform to enforce L3–L4 security controls such as stateful packet filtering, network DDoS protections, and policy-based traffic handling. It is used by network and security teams to protect data center and edge ingress/egress traffic, often in environments already standardizing on BIG-IP for application delivery. AFM integrates with BIG-IP objects (e.g., virtual servers, VLANs, route domains) and supports centralized policy workflows when paired with F5’s management tooling.

High-throughput stateful firewalling

AFM provides stateful L3–L4 firewall capabilities designed for inline deployment on BIG-IP. It supports policy constructs commonly needed for north-south traffic control, including rule-based filtering and network-level protections. For organizations already using BIG-IP, this can consolidate network security controls onto the same traffic-handling tier. The module approach can reduce the need to introduce a separate appliance for basic network firewall functions at the edge.

Tight BIG-IP traffic integration

AFM policies can be applied in the context of BIG-IP configuration elements such as virtual servers and network segments, aligning security enforcement with how traffic is actually delivered. This enables security rules to follow application exposure patterns (e.g., specific listeners or VIPs) rather than only device-wide constructs. It also supports operational workflows where ADC and network security changes are coordinated. This integration is a practical differentiator versus tools that focus primarily on discovery or configuration auditing.

Automation and centralized management options

AFM supports programmatic configuration through BIG-IP automation interfaces, which can help standardize policy deployment across environments. In larger estates, it can be managed alongside other BIG-IP systems using F5’s centralized management products to improve consistency and reduce manual device-by-device changes. This is useful for teams that need repeatable deployments across multiple sites or tenants. The approach fits environments that treat network security policy as part of infrastructure-as-code workflows.

Primarily L3–L4 focus

AFM is centered on network-layer firewalling and related protections, not full next-generation firewall feature sets across all layers. Organizations needing deep application-layer security inspection, broad threat prevention bundles, or extensive cloud-native firewall services may require additional products. This can increase architectural complexity when requirements extend beyond network controls. Buyers should validate which security functions are provided by AFM versus other BIG-IP modules or separate security platforms.

BIG-IP platform dependency

AFM is not a standalone product; it requires the BIG-IP platform (hardware or virtual editions) and fits best where BIG-IP is already deployed. This dependency can raise total cost and operational overhead for organizations that only need a firewall function without ADC alignment. It can also limit flexibility if the organization prefers heterogeneous firewall vendors across sites. Platform lifecycle and capacity planning become part of the firewall decision.

Policy operations can be complex

Managing firewall rules in environments with many applications, segments, and change requests can become complex, especially when policies are tied to BIG-IP objects and multi-tenant constructs. Teams may need specialized BIG-IP expertise to design, troubleshoot, and audit rule behavior at scale. Centralized management can help, but it introduces additional components and governance processes. Organizations should plan for role separation, change control, and audit reporting requirements.

Seller details

F5, Inc.

Seattle, Washington, USA

1996

Public

https://www.f5.com/

https://x.com/f5

https://www.linkedin.com/company/f5/

Tools by F5, Inc.

F5 App Stack

›

F5 Distributed Cloud Platform

›

F5 NGINX Management Suite

›

F5 NGINX

›

F5 NGINX Ingress Controller

›

F5 Container Ingress Services

›

F5 Distributed Cloud CDN

›

F5 Distributed Cloud DNS

›

F5 Distributed Cloud DNS Load Balancer

›

F5 Distributed Cloud Network Connect

›

BIG-IP Carrier-Grade Network Address Translation (CGNAT)

›

F5 NGINX Plus

›

F5 BIG-IP Local Traffic Manager (LTM)

›

F5 Global Server Load Balancing (GSLB)

›

F5 Distributed Cloud Console

›

F5 Distributed Cloud Synthetic Monitoring

›

F5 Clouds Managed Private Cloud

›

F5 BIG-IP WAF AWS Deployment & Integration

›

F5 BIG-IQ Centralized Management

›

F5 Distributed Cloud API Security

›

Best F5 BIG-IP Advanced Firewall Manager (AFM) alternatives

Tufin Orchestration Suite

›

Netgate pfSense

›

Palo Alto Networks Next-Generation Firewalls

›

Palo Alto Networks Cloud NGFW

›

See all alternatives

›

Generative AI & LLM	AI code generation software AI image generators software AI video generators AI writing assistants Large language models (LLMs) software
Agents, autonomous & workflow automation	AI chatbots software AI customer support agents software Bot platforms software General-purpose AI agents
Vertical AI	Data science and machine learning platforms Machine learning software
Sales	CPQ software CRM software E-signature software Sales enablement software
Marketing	Email marketing software Marketing automation software SEO tools Social media management tools
Security	Antivirus software Firewall software Identity and access management (IAM) software
Analytics	Analytics platforms Data visualization tools
Collaboration & productivity	Collaborative whiteboard software Video conferencing software
Commerce	E-commerce platforms Payment processing software
Content management	Document management software Knowledge base software Website builder software
Customer service	Customer service automation software Customer success software Help desk software Live chat software
Development	Cloud platform as a service (PaaS) software
ERP	Accounting software ERP systems Expense management software Project management software
HR	Applicant tracking systems (ATS) Payroll software Time tracking software
IT infrastructure	Data warehouse solutions ETL tools Infrastructure as a service (IaaS) providers iPaaS software
IT management	Business process management software Robotic process automation (RPA) software Workflow management software

F5 BIG-IP Advanced Firewall Manager (AFM)

What is F5 BIG-IP Advanced Firewall Manager (AFM)

High-throughput stateful firewalling

Tight BIG-IP traffic integration

Automation and centralized management options

Primarily L3–L4 focus

BIG-IP platform dependency

Policy operations can be complex

Seller details

Tools by F5, Inc.

Best F5 BIG-IP Advanced Firewall Manager (AFM) alternatives

Popular categories

Generative AI & LLM

Agents, autonomous & workflow automation

Vertical AI

Sales

Marketing

Security

Analytics

Collaboration & productivity

Commerce

Content management

Customer service

Development

ERP

HR

IT infrastructure

IT management