Azure Firewall Review

Easy to set up, good integration, and the technical support is good


What is our primary use case?

Azure Firewall makes up part of our security solution. We use it internally but we are a consulting company and also advise our customers on the use of it.

What is most valuable?

The most valuable feature is the integration into the overall cloud platform. The orchestration is very easy using automation with APIs and scripts.

What needs improvement?

Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group.

Tagging is supported but not on the instances, which is something that could be improved.

The selection of the internal resources into the ruleset could be improved.

Support for layer-seven application filtering should be added because it is not there yet, at all.

It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement.

The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.

For how long have I used the solution?

I have been using the Azure Firewall for about one year.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is very good and you don't have to think about sizing, as in the case of a traditional firewall where you have to think about the throughput. With Azure Firewall, it scales automatically.

We have customers ranging in size from small to enterprise-level organizations. One of them is a large company with 40,000 users on Azure Firewall.

How are customer service and technical support?

We use the customer support that our customer has access to. If they have enterprise support then we use it, whereas if they do not then we use standard support.

Personally, my experience with Microsoft support has been very good. Their professionals are very quick to respond and they have good feedback. They also have very good support forums and the documentation is fairly good. 

Which solution did I use previously and why did I switch?

I have experience with similar solutions by Palo Alto and Fortinet. With the inclusion of more advanced features, Azure Firewall will be on par with these products.

How was the initial setup?

The initial setup is straightforward and very easy.

What other advice do I have?

My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment.

There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable.

This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
**Disclosure: My company has a business relationship with this vendor other than being a customer: partner
More Azure Firewall reviews from users
...who compared it with Cisco ASA NGFW
Add a Comment
Guest