I plan to use them both. In my case I run ASM and LTM on the same BigIP engine, so I only unencrypt, decrypt one to do both cookie based persistence, uri based pool decisions, and now the ability to do WAF. We also use Akamai for performance enhancement, and are looking into whether it is the right idea economically to purchase their WAF services as well. I don't see these as competing products, more complementary. If you have Akamai hosting your web layer, then its certainly reasonable to think about using their WAF also at that layer, but if you aren't using Akamai for all your websites, then you would need ASM to protect those that aren't "Akamaized" Even for those that are "Akamaized" you could consider their WAF to be the wider mesh net, just catching the big, obvious fish, and do more granular protection with your local ASM