We just raised a $30M Series A: Read our story

Azure Firewall OverviewUNIXBusinessApplication

Azure Firewall is the #18 ranked solution in our list of best firewalls. It is most often compared to Palo Alto Networks VM-Series: Azure Firewall vs Palo Alto Networks VM-Series

What is Azure Firewall?

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Azure Firewall Buyer's Guide

Download the Azure Firewall Buyer's Guide including reviews and more. Updated: October 2021

Azure Firewall Video

Pricing Advice

What users are saying about Azure Firewall pricing:
  • "The licensing module is good."
  • "It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
  • "The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."

Azure Firewall Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RH
Senior Security Operations and Cyber Risk Analyst at a financial services firm with 51-200 employees
Real User
Top 20
Good value for your money, good URL filtering, supports intrusion prevention, and is stable

Pros and Cons

  • "I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."
  • "For larger enterprises, they need to adjust the scalability."

What is our primary use case?

We use it to protect the Azure space and to be the bridge between on-premise and the cloud.

When I have had a site-to-site VPN set up and configured, and would use it to allow ordinary traffic from the on-premise device to the cloud and from other third-party suppliers to the Azure platform.

We also use it to provide connectivity to various network security groups that have been created within Azure.

How has it helped my organization?

I would say that this solution is really good compared to other solutions that we have had before. We would have used the FortiGate firewall in the Azure space. 

We find this process was quicker. It would get a faster turnaround time once we would generate and modify the firewall rules. Because of the visibility, we would have seen it. When compared to FortiGate, it would get a bit more visibility in terms of integration with the security center so that we would be able to review based on overall posture, see what needs to be fixed, or what changes need to be made. 

The turnaround time turns off rules and any gaps that exist would increase the turnaround time for that as well. It would also help us to increase our response time and reduce our attack surface by 20% so far.

What is most valuable?

With the recent upgrade to the premium version, it facilitates IP Groups, URL filtering, TLS inspection, IDPs, and the Web Categories.

Before using the premium version, a lot of our customers had concerns with the URL filter, where you would not be able to allow or block a specific URL. The feature set without a premium version would only allow you to do it via IP address, which is tedious.

At times, many of these vendors would be using some kind of CDN solution. It would be the case where multiple IPs appear, changing behind the URL when it would be easier if you're using the URL feature. The URL maps onto the IP address and it would be the easiest way to do that.

I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.

Many other vendors, when you do not have the license for the IP at some point, then you would be left not being able to do any prevention. The fact that the premium version includes this is good.

The TLS inspection allows you to decrypt the outbound traffic and encrypt data. Otherwise, we would have been using our third-party vendors, and whatever solution is within Azure.

With the various business units, we will be reaching out to other solutions there are in the web category to reduce the attack surface to see if this is a category that is alone or not.

The fact that Azure also ties into a security center is another good feature. You can also get rid of that visibility because of the tight integration with these Azure products.

What needs improvement?

We had an instance where it wasn't processing the rules and we had to engage Microsoft to resolve that issue. Microsoft Support needs to improve its response time.

For larger enterprises, they need to adjust the scalability. This is the only issue that I'm have found that it attributed to the two weeks of downtime we had experienced.

They need to offer either a scaled-up or scaled-out version or versions for larger enterprise companies.

This would greatly improve the solution.

For how long have I used the solution?

I have been using Azure Firewall for approximately two and a half years.

I have recently upgraded to the premium version.

What do I think about the stability of the solution?

Azure Firewall is pretty stable. 

I believe that they listen to various sponsors, which is why they were able to release the premium version. It is a more established firewall that vendors now have. 

I'm seeing where they have met up with the dynamics of the market, and I am expecting that they will be a leader sometime in the near future.

What do I think about the scalability of the solution?

They need to find a way to scale it out or scale it up a bit more. The scalability, it's okay, but it needs a lot more improvement. For a regular customer that's utilizing it, that's good, but for large enterprise companies, it is not as good.

The industry is telecoms. We have millions of customers. For that type of environment, they need better and more scalability.

We haven't totally assessed the premium version to see if the new features offer greater scalability. 

We utilize it across the cloud estate. We plan to expand our subscriptions. Most definitely, we will increase our usage.

Recently, we transitioned to the premium version, which will be extended to the other subscription once it has been rolled out across 32 countries, and with more instances, it will be rolled out across various continents.

How are customer service and technical support?

The turnaround time in resolving the issue where it wasn't processing the rules is an area that needs improvement. It wasn't resolved in a timely manner.

Microsoft support took a bit of time to assist us in resolving that issue. It created a bit of downtime for us and it was longer than we expected. 

I would say those would be the cons so far when utilizing it.

I would rate the Microsoft support a five out of ten because they did not respond in a timely manner and the impact it caused in terms of the downtime it created for us. We were down for a week or two during a high-impact period.

They were assisting us but it took a good amount of time to get it resolved when we needed to be putting out things daily. Two weeks is a long time for a fast-paced environment. 

Which solution did I use previously and why did I switch?

Previously, we were using FortiGate Firewall. We switched because of the migrating of the Security Center and the ease of use. The cost was also considered.

How was the initial setup?

The initial setup was straightforward.

We had another tool which was FortiGate. We migrated from FortiGate to the Azure Firewall.

It was a straightforward migration.

The deployment took approximately three to four weeks.

The implementation strategy would include copying over rules, ensuring that all the services are able to run, and also ensuring that both firewalls were running in parallel. Until we are sure that the Azure Firewall can handle the workload, both firewall products will continue to operate.

After that, we were able to power down the virtual appliance that was on the FortiGate Firewall.

We had it running for quite some time, approximately a month and a half. Because there were no issues, we stopped using the FortiGate Firewall altogether, once that process was complete.

We have a server team, a cloud team, and a network team to administer and maintain this solution. It's approximately eight to ten people, some are network security engineers, a network security manager, and network engineers.

What was our ROI?

There have been some cost benefits as well. When using another vendor in comparison where you bring your own license, the cost would have gone down. It's more cost-effective to use the Azure Firewall along with the premium version than using a third-party as an option from the marketplace. I would say that as well, where it gives you better spend in terms of OPEX. It's better value for your money.

What's my experience with pricing, setup cost, and licensing?

The licensing module is good. Pricing is one of the reasons we switched to this solution.

For smaller businesses, they could probably put one or two features from premium into the regular standard versions. For example, that URL filtering is a pain point for many customers. 

If they could find a way to scale down that URL and the IPs feature to include it in the standard version, then that would allow them to get more traction and more customers from the small to medium-sized business perspective.

Which other solutions did I evaluate?

We were using Check Point mostly. We had decided to move to FortiGate, and then we moved to Azure Firewall. 

We did not go with Check Point because of the premium features such as the URL filtering, and the TLS inspection included with Check Point cost a lot more. This was the reason we chose the Azure Firewall.

What other advice do I have?

It's a solid solution. I would tell anybody to definitely give it a try, and consider it as one of the options when looking for a firewall to use in Azure space.

I would say if they can go for the premium version upfront, rather than starting with the standard version, then trying to transition to a premium version. It addresses a lot of the issues and concerns in this space today. They should start with the premium rather than upgrade. Once they can afford it, go straight to premium.

I would rate Azure Firewall an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
JJ
Group Cloud Competency Center Manager at a transportation company with 10,001+ employees
Real User
Scalability and centralized filtering reduce the management overhead, but there should be a consistent service speed worldwide

Pros and Cons

  • "Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity."
  • "It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."

What is our primary use case?

We use it to do the network traffic filtering between our private network and a public network. So, it is a boundary. Because of our IDS and IPS needs, the advanced features are enabled in Azure Firewall.

There are two types of versions. In China, there is only the standard tier, but in the rest of the regions, there is the premium tier.

How has it helped my organization?

We have a centralized filtering capability because of Azure Firewall. So, our application teams don't need to take too much care of network filtering and network protection. It has helped a lot in reducing the management overhead for our application teams.

It has helped us a lot with compliance. Because of our local cybersecurity law needs, we need to have firewall filtering capability. Before Azure Firewall, we didn't have too many choices. For example, we only had ACL, but Azure Firewall is a real firewall. It can protect us from a lot of traffic. So, it is improving our security and bringing satisfaction to the security team.

From the viewpoint of our internal organization, it simplifies the work for our application teams. Because the Infra team has built a centralized shared firewall service, our application teams can have this kind of managed service from the Infra team. That's one of the benefits. It doesn't directly impact our customers or end-users outside our organizations, but it protects their personal data and information. It also improves their security level. So, overall, the end-users are getting served better.

What is most valuable?

Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity.

What needs improvement?

It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide. 

It is still not at par with traditional next-generation firewalls. It is still behind other network and firewall vendors such as Palo Alto. There are other advanced and leading products in the market, and Azure Firewall is still a follower. So, they can consider investing more in this product and make it a market leader like Azure.

For how long have I used the solution?

I have been using it for more or less two years.

What do I think about the stability of the solution?

We had a few critical incidents, and we did the investigation together with Microsoft. It seems there were some bugs in Azure Firewall shared cluster. So, at the very beginning, we had a few outages or critical incidents because of the product bugs, but since then, especially in the past few months, it seems very good.

What do I think about the scalability of the solution?

Scalability is a reason why we choose a cloud service like Azure Firewall. It can scale depending on the increase in your real traffic. In our case, we never reached the 20-gigabyte throughput limit, but we can have more instances in case the application or the network traffic grows. So, it can be scaled, and we don't need to take too much care of Azure capacity planning. 

The Infra team is a direct user of this firewall. They take care of its day-to-day management. There are, at the most, 10 people on this team. They build the pipeline, monitor its performance, and based on the service requests, add and modify the JSON templates. In terms of applications, there are maybe hundreds of applications that rely on the service from Azure Firewall. We are implementing Azure Firewall worldwide. So, our footprint is extending.

How are customer service and support?

I would rate them a seven out of 10.

Which solution did I use previously and why did I switch?

We didn't have any cloud solution previously. We deployed it from scratch.

How was the initial setup?

Its initial setup was pretty straightforward. With its native portal and User Guide, you can very quickly do the implementation. Its UI is very user-friendly. 

We made it an enterprise shared service for our use case. We studied and designed the cloud-native Azure Firewall service from scratch and packaged it as a standard service in our environment. We wanted to maintain the Azure service like the DNAT network rule and application rule. We wanted it to be always manageable in its lifecycle. So, we chose the infrastructure mode to manage our service. We have a delivery pipeline, and we also use the DevOps mode to maintain the Azure Firewall configuration in its lifecycle. For this part, the API is good, and the native Terraform and Ansible have relevant predefined modules. It is working fine. So, for this part, it is very good. It doesn't matter whether you are a junior technical guy or an advanced technical guy. You can always find a comfortable way to deploy, manage, and maintain it.

Its deployment is very quick. It takes a few minutes. In order to make it the deployer pipeline, you need to spend some time because you need to think about the integration, such as how to integrate with GitLab CI, and how to make Azure Workbook so that it can monitor the usage and user performance. We wanted it as a managed service. So, the duration also depends on your use case.

What about the implementation team?

We did it ourselves. For its deployment and maintenance, we have less than five people. They just monitor and respond to all instances. They also accept a service request to implement a new rule or modify the older version of a rule. We don't have to do any upgrades.

What was our ROI?

We pay based on the usage. So, it makes sense that at the very beginning, we know very well how are they charging. We use and pay for it. So, it is not a CapEx expense. It is an OPEX expense, so it is not the same logic as ROI.

What's my experience with pricing, setup cost, and licensing?

It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive.

Which other solutions did I evaluate?

We evaluated Palo Alto. If you want to have a Palo Alto firewall in the cloud, you need to deploy it as a virtual appliance. This part is not that easy because it requires two types of tech stack. You need an Azure computing license for the Palo Alto virtual appliance. In addition, scalability is your responsibility. It is not the responsibility of your core service provider. So, for maintenance, you need to spend more time and effort.

Azure provides a unified API or interface, whereas if you want to have a traditional firewall appliance implemented in the cloud, you need to take care of the API or interface so that it can be managed in an automated way.

What other advice do I have?

You should have a clear understanding of Azure Firewall. You should understand how Microsoft packages it as a service. If you don't understand how is it composed and how it works, it will bring some unexpected issues during your day-to-day operation. This is a major service from Microsoft, so the quality of Microsoft's product will directly impact the service you want to offer to your customer or users. If you understand it well and test it well, it will give you fewer surprises in the future.

I would rate Azure Firewall a seven out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
Vladimir Jirasek
Founder & CEO at Foresight Cyber Ltd
Real User
Top 5
Easy to set up, good integration, and the technical support is good

Pros and Cons

  • "The most valuable feature is the integration into the overall cloud platform."
  • "Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment."

What is our primary use case?

Azure Firewall makes up part of our security solution. We use it internally but we are a consulting company and also advise our customers on the use of it.

What is most valuable?

The most valuable feature is the integration into the overall cloud platform. The orchestration is very easy using automation with APIs and scripts.

What needs improvement?

Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group.

Tagging is supported but not on the instances, which is something that could be improved.

The selection of the internal resources into the ruleset could be improved.

Support for layer-seven application filtering should be added because it is not there yet, at all.

It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement.

The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.

For how long have I used the solution?

I have been using the Azure Firewall for about one year.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is very good and you don't have to think about sizing, as in the case of a traditional firewall where you have to think about the throughput. With Azure Firewall, it scales automatically.

We have customers ranging in size from small to enterprise-level organizations. One of them is a large company with 40,000 users on Azure Firewall.

How are customer service and technical support?

We use the customer support that our customer has access to. If they have enterprise support then we use it, whereas if they do not then we use standard support.

Personally, my experience with Microsoft support has been very good. Their professionals are very quick to respond and they have good feedback. They also have very good support forums and the documentation is fairly good. 

Which solution did I use previously and why did I switch?

I have experience with similar solutions by Palo Alto and Fortinet. With the inclusion of more advanced features, Azure Firewall will be on par with these products.

How was the initial setup?

The initial setup is straightforward and very easy.

What other advice do I have?

My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment.

There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable.

This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
ThomasZebar
Senior Azure Solution Architect at a tech company with 10,001+ employees
Real User
Top 10
Integrates nicely with Azure, and the SaaS deployment means you don't have to worry about patching or upgrades

Pros and Cons

  • "In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies."
  • "It needs a lot of improvement, especially on intruder detection. They are working hard on that."

What is most valuable?

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

What needs improvement?

It needs a lot of improvement, especially on intruder detection. They are working hard on that.

For how long have I used the solution?

I am an experienced Azure architect. I have more than 30 years in this field. I don't do operations anymore, although I know how to configure things.

I have just done the design on a project for General Electric, with Azure Firewall.

What do I think about the stability of the solution?

It's very stable. Microsoft will not put something out there that is unstable.

What do I think about the scalability of the solution?

Another big benefit of Azure Firewall is the scalability. You can grow it to meet the load of traffic. With a virtual appliance-based solution from Palo Alto or Cisco, you need to add another one to scale.

How are customer service and support?

Their tech support is great. They are very helpful. They can be involved in the design.

How was the initial setup?

The initial setup is a piece of cake. You just provision it. You need to know your requirements because there are two versions, Standard and Premium, which affect your costs.

What's my experience with pricing, setup cost, and licensing?

One of the benefits of Azure Firewall, while it is not mature yet, is that the total cost of ownership is much less than Palo Alto, Cisco, or any other brand.

When people look at the cost of Azure Firewall, they think, "Oh, it's pretty expensive." But when you base it on the total cost of ownership over a period of time, you have to look at the scalability and the fact that, if you already have Microsoft support, it is included for Azure Firewall automatically. When you add in the integration and the management, it comes out to much less than virtual appliances.

What other advice do I have?

I would highly recommend it if your design needs Azure Firewall. It might not need it. It might be that you could use an application firewall and that the application gateway will be more than enough.

They're working on a distributed solution so that it's not that you just have a virtual network and one firewall. They really want to have more than one entry point into your environment, with ways to orchestrate it, with the IP coming from a client to different firewalls. They are moving at the speed of light to realize a lot of strategic initiatives for Azure Firewall. It is one of the strategic items that Microsoft is working on.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
EW
Owner at a financial services firm with 1,001-5,000 employees
Real User
Top 5
Recently added features such as SD-WAN have greatly simplified operations

Pros and Cons

  • "Great security and connectivity."
  • "The interface could be improved, it's not very user friendly."

What is our primary use case?

We are currently working with Microsoft, trying to develop a new solution which is based on VeloCloud. It's an SD-WAN solution. This product has not been launched in China yet and we still have some work to do. I'm the company owner and five of my team use Azure Firewall. It's a startup team and I work with Microsoft directly.  

What is most valuable?

The most valuable features of the product are its great security and connectivity. 

What needs improvement?

The interface could be improved, it's not very user friendly. They are now trying to compete with a new Chinese domestic public cloud provider which has more features. It's difficult to find the ports on the current interface, but it's easier with this new provider. 

We're looking to provide a better routing, or something like an SD-WAN solution that can improve the user experience. I think that's something Azure can do as an additional feature. There are five Azure clouds: Two belong to the US government and one is worldwide. Then there is Germany Azure and China Azure. China Azure is barely able to communicate with the rest of the world, and that connectivity issue needs to be looked at in detail and a solution found.

For how long have I used the solution?

I've been using this product for three years. It's an online platform so you're always getting the latest version. 

What do I think about the stability of the solution?

It's a stable product. I've recently spent a lot of time on Palo Alto Firewalls and compared to that I would say that Azure Firewall is still a better firewall. They provide more and more features like SD-WAN or the cloud standard box feature.

How are customer service and technical support?

I'm satisfied with the technical support overall. I generally chat with the Microsoft team on the phone. 

Which solution did I use previously and why did I switch?

I'm still using Palo Alto, Cisco ASA, Fortinet, Check Point and Juniper. Basically I use all of them. For small businesses with one standard, though, I would recommend Azure Firewalls. It's quite simple and easy to implement the whole security policy. For medium and large enterprise companies, however, they already have their on-premise firewall devices implemented. Users are trying to centralize their firewall security management and they prefer it to using virtualized firewalls like Checkpoint Virtual Firewall or Fortinet Virtual Firewall. That way, they can leverage their user technology capability, and try using a single interface to manage those devices. 

How was the initial setup?

From the virtual machine perspective, it's quite easy to set up. You can choose the image file from the public market, and then you can setup. However, the account, the Microsoft Azure identity, the whole creation process was very complex and it is not that user friendly. Users usually use their Azure ID, as well as sometimes providing the live ID. That's a second ID, and it confuses people.

What other advice do I have?

The network firewall is a complex project, you have to review all the requirements. It's possible that sometimes the Azure Firewall won't be able to support some things because they customize their applications and they may not meet with the Azure Firewall's features. Each user has unique requirements on shaping or manipulating network traffic. I wouldn't recommend any product without doing the research.

I would rate this product an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Geo Thomas
Network Security Engineer at Diyar United Company
Real User
Top 20
Good threat intelligence, scalable, and good support

Pros and Cons

  • "The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."
  • "The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved."

What is our primary use case?

I have deployed Azure Firewall for a couple of my clients. They primarily use it for protecting their workloads and limiting incoming connections.

I also have a subscription but I use it primarily for testing.

What is most valuable?

The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats. It can easily detect threats and I have customers that have experienced this.

The malware signatures are updated automatically, which is helpful for new customers.

What needs improvement?

Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors.

The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved.

The visibility is much less with Azure Firewall than it is with other products.

For how long have I used the solution?

I have been working with Azure Firewall for two years.

What do I think about the scalability of the solution?

This is a firewall that I implement for my SMB customers. For example, one of my recent deployments was to a user base of between 300 and 500 people. In fact, it was their DR site, so there was no regular user traffic. The real-time users enter that site typically for maintenance.

 My enterprise clients normally choose to implement SonicWall NSV.

I have not had the opportunity to fully test the scalability but I can't see any limitations to it at this time.

How are customer service and support?

I have opened a couple of cases with Azure and the technical support was fine. There were no issues with it.

Which solution did I use previously and why did I switch?

I have experience with several other firewalls including FortiGate and Palo Alto.

Another product that I have sold to my enterprise customers is SonicWall NSV.

How was the initial setup?

Compared to other firewall products, the setup is complex. I have faced problems setting up the DNAT, and there are some issues with setting up the certificates. I have also had trouble with service tag issues.

The basic deployment takes one day or two days at the maximum. The fine-tuning, where we have to monitor and identify the proper traffic, takes place over two or three weeks. Fine-tuning is an extensive part of it. It is important that the configuration is set up correctly.

What about the implementation team?

We deploy this solution for our customers but they are responsible for the fine-tuning to their environment. I deploy it for our clients but I have another colleague who does it, as well.

What other advice do I have?

Overall, this is a good product and we will continue working with it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
DL
Network Engineer at a leisure / travel company with 10,001+ employees
Real User
Highly scalable but lacks support for back-to-back firewall architecture

Pros and Cons

  • "Azure Firewall's feature that I have found most valuable is its scalability."
  • "Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either."

What is most valuable?

Azure Firewall's feature that I have found most valuable is its scalability.

What needs improvement?

In terms of what could be improved, it lacks a couple of features which are available in the other marketplace products, but it is stable and it performs most of the basic functions that are expected from a normal firewall.

When we deployed we did not have a centralized management of multiple firewalls. Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either. 

Other features I would like to see are intrusion prevention, URL filtering, category-based URL filtering and other advanced features.

Overall, the configuration can definitely be improved.

In terms of the overall product architecture, if the management and the architecture of the product could support back-to-back firewall architectures so that I could use Azure Firewall in combination with another firewall, that would be one point which would help this product be used more and in a better way.

Again, if the Azure Firewall could be accommodated as a back-to-back firewall, meaning if it could work as a firewall which handles the inbound traffic from the internet, which is an NVA, or a network virtual appliance, and we could reroute the traffic to Azure Firewall, that would be good. But as of now, there is no routing options in Azure Firewall.

For how long have I used the solution?

I have been using Azure Firewall for eight months.

We are not using the latest version since we deployed it quite some time back.

What do I think about the stability of the solution?

Azure Firewall is quite stable.

What do I think about the scalability of the solution?

We have thousands of people using it.

How are customer service and technical support?

Technical support is okay.

How was the initial setup?

Azure Firewall has an easy installation.

What other advice do I have?

I would only recommend Azure Firewall depending on the requirements. If it is an enterprise that has basic requirements and needs to do packet filtering and a certain level of intrusion prevention, so for the level of IP whitelisting, it's a good product.

It is easy to manage and it is scalable.

On a scale of one to ten, I would give Azure Firewall a six because of the configuration issue.

In terms of NAT configuration, the configuration management is one issue. Another issue is intrusion prevention with the NAT configuration and the URL category-based filtering features. The ease of manageability and the ease of configuration of these features could be easier.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Christian Cutajar
Head of IT at NetRefer
Real User
Top 5
Good pricing, useful features, and satisfactory technical support

Pros and Cons

  • "The solution has many useful features. For example, the solution allows users to create virtual IP addresses."
  • "The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks."

What is our primary use case?

Basically, our organization is using the solution to inspect the traffic. I'm using the solution as the main defense system prior to de-traffication on the NGX layer (layer seven). Then, of course, we're forwarding to the Kubernetes cluster.

What is most valuable?

The solution has many useful features. For example, the solution allows users to create virtual IP addresses. 

What needs improvement?

The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks.

There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it.

In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.

For how long have I used the solution?

I've been using the solution for six months so far. It hasn't been too long.

What do I think about the stability of the solution?

The stability of the solution is excellent. It hasn't failed. There are no bugs, glitches, or crashes. It's reliable.

What do I think about the scalability of the solution?

Azure uses an on-premises environment. I wouldn't use it for scalability purposes. In terms of scalability, our organization is much more inclined towards Fortinet's Fortigate virtual appliance rather than the Azure Firewall.

How are customer service and technical support?

We provide services to our clients and help them maintain the product.

However, we have contacted technical support several times. We've submitted tickets and dealt with technical support directly. Occasionally, it takes a long period of time for them to get back to us. It does depend on the severity of the issues. In terms of feedback and output they've provided us, we have been very satisfied. They can just be a little slow.

Which solution did I use previously and why did I switch?

We use both Azure Firewall and Fortinet solutions, including Fortigate. I personally find that Azure doesn't offer the same capabilities. Fortinet is better.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the exact pricing, however, I do believe it is less expensive than Fortigate.

For Fortinet, we pay around $5,000 per year. It offers more, however. It, for example, also improves the intrusion detection system. We bought a Fortinet appliance two years ago and Azure Firewall didn't exist at the time.

What other advice do I have?

We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company.

I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Product Categories
Firewalls
Buyer's Guide
Download our free Azure Firewall Report and get advice and tips from experienced pros sharing their opinions.