We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"This is not a product that you need to install. You just use it."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The most valuable features are the geo-restriction denials and the web ACL."
"AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through."
"Azure Application Gateway's most valuable feature is ease of use. The configuration is straightforward. It isn't difficult to adjust the size of your instances in the settings. You can do that with a few clicks, and the configuration file is the same way. You can also set rules and policies with minimal time and effort."
"Application Gateway automatically redirects unwanted users and takes care of the security aspect. It also handles the performance side of things, which is why we use it."
"The most valuable features of Microsoft Azure Application Gateway are the policies, the data store they are using, and the cloud platform it operates on."
"The most valuable feature of the solution is traffic management."
"We use the product in front-end and back-end applications to do the load balancing smartly."
"We find it valuable because it is compatible with our existing Azure solution."
"The solution provides great automation and it is easy to upgrade service."
"The production is a valuable feature."
"We need more support as we go global."
"The technical support does not respond to bugs in the coding of the product."
"We don't have much control over blocking, because the WAF is managed by AWS."
"We should be able to do proper whitelisting."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications."
"The serverless product from AWS WAF could be improved. For example, they have only one serverless series, Lambda, but they should extend and improve it. Additionally, the firewall rules are not very easy to configure."
"We haven't faced any problems with the solution."
"The pricing of the solution is a bit high. The solution should offer different pricing systems."
"It could be more stable, and support could be better. It would also be better if they offered more features. For example, it lacks security features. Before we used another English solution, and we realized that some of the rules were not set up correctly and passed through the Application Gateway's English controllers. But the problem, in this case, is if you send ten rules, for example, six rules hit some issues. IP address blocking could be better. The rules, for example, don't work properly. If you have one issue, one rule or another rule will not work. This sounds like total madness to me."
"It could be easier to change servicing."
"Application Gateway’s limitation is that the private and the public endpoint cannot use the same port."
"It takes a lot of time for a certificate to update in the system. That is a huge drawback, affecting the load-balancing side. And when there are changes to the load balancing, it affects the end-user."
"The security of the product could be adjusted."
"Needs easier integration with the existing SIAM."
"The solution could improve by increasing the performance when doing updates. For example, if I change the certificate it can take 30 minutes. Other vendors do not have this type of problem."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 40 reviews. AWS WAF is rated 8.0, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". AWS WAF is most compared with Azure Web Application Firewall, F5 Advanced WAF, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Microsoft Azure Application Gateway is most compared with Citrix NetScaler, F5 Advanced WAF, Azure Front Door, Cloudflare Web Application Firewall and HAProxy. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.