F5 Big-IP and Shape integration:
Good question indeed! My initial response was that it will still have a place, but as you say, they both now rougly do the same, and with Shape now much better integrated in the system, it makes more sense to use just the one. Would be good to have someone pitch in on this.
Also, would the same count for brute force mitigation? Or will that stay around as a Shape-lite option maybe? (...or the other way around? 😉
I have read somewhere that for login web pages/URL and sign-up (account creation web pages) then it is much better to use Shape security but there is not much info if the Advanced WAF bot profile or the Shape security should be used for the other pages. Maybe where we want CAPTCHA (not that advanced bots don't bypass that 🙂 ) the Advanced WAF is needed as Shape can't do that but I am just guessing:
For now I will see it till someone shares more info that more important URL pages like login web pages/URL and sign-up pages to use Shape if the customer wants shape but to maybe pay less and if the custome has no issue to use Shape for everything then only use the Bot profile for the CAPTCHA if it is a requirement.
I am refering to this web page but it is not from F5 and it was made in 2020 but is still a great article: