We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"The interface is good."
"Rule groups are valuable."
"The tool’s stability is very good."
"The most valuable feature is that it is very easy to configure. It just takes a couple of minutes."
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"The tool helps manage microservices by providing developers with a platform to conduct tests and assessments on the web application. The custom domain option is one of the most valuable features I've found. This feature is incredibly helpful for the end-users of the web application. With the custom domain feature, you can change the lengthy link to a shorter, more memorable one. For example, instead of using a lengthy default link, you can customize it to something like imail.com, which is much easier to remember and share."
"Using policies to link and manage these URL-based routing configurations is also valuable."
"We chose this solution in the first place because it has access to Layer 7. I can control the requests and the content, which I can access on my network if I want to even if it's forbidden access to other external resources. If I want to monitor, for example, traffic, and apply this rule on Layer 7, I can do so. This was our main goal when implementing this application. We wanted to take advantage of the Gateway capabilities."
"Microsoft Azure Application Gateway gives us a lot of benefits, including domain mapping."
"I like the tool's stability and performance."
"It is a scalable solution...The installation phase of Microsoft Azure Application Gateway is very easy."
"Application Gateway automatically redirects unwanted users and takes care of the security aspect. It also handles the performance side of things, which is why we use it."
"The production is a valuable feature."
"We don't have much control over blocking, because the WAF is managed by AWS."
"They should work to define more threats, add more security, and make it more compliant with more security companies."
"We should be able to do proper whitelisting."
"Technical support for AWS WAF needs improvement."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"The setup is complicated."
"One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"In the next release, the solution could improve the integration with Service Mesh and other Azure Security Services."
"The configuration is very specific right now and needs to be much more flexible."
"The tool's pricing could be improved."
"The solution has many limitations. You cannot upgrade the VPN to the application gateway. So I started with version one, which has limited capabilities, and they provided version two. And unfortunately, I cannot upgrade from v one to v two like other services. So I have to decommission the version one and create a new one with version two. Also the version one was complex with the certificates uploading the SQL certificates."
"It does not have the flexibility for using public IPs in version 2."
"There is room for improvement in the pricing model."
"The pricing of the solution is a bit high. The solution should offer different pricing systems."
"We have encountered some issues with automatic redirection and cancellation, leading to 502 and 504 gateway errors. So, I experienced some trouble with containers."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 40 reviews. AWS WAF is rated 8.0, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". AWS WAF is most compared with Azure Web Application Firewall, F5 Advanced WAF, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Microsoft Azure Application Gateway is most compared with Citrix NetScaler, F5 Advanced WAF, Azure Front Door, Cloudflare Web Application Firewall and HAProxy. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.