Azure Firewall Reviews

One of the notable advantages of Azure Firewall is its user-friendly interface, which closely resembles or shares similarities with other Azure components. The abundance of well-documented resources, extensive help features, and a wealth of examples further enhance the usability of Azure Firewall.

It could potentially be more cost-effective. There is room for further integration of AI into the system.

I have been working with it for approximately two years.

It ensures reliable availability.

At my previous workplace, we extensively deployed Azure Firewall with four units, effectively serving the security needs of a sizable user base exceeding a thousand individuals.

Previously, we utilized Fortinet, but we made the transition to Azure because  Microsoft introduced advanced features and Next Generation functionalities into Azure Firewall, and we anticipate a seamless shift to Microsoft Azure, leveraging the convenience of managing multiple products effortlessly through it.

Overall, I would rate it eight out of ten.

When we started using Azure Firewall, we learned quickly that it couldn't do much. As I remember, it was essentially a layer 3 or layer 4 firewall that couldn't distinguish recognized applications and things like that. But it was inexpensive compared to the Palo Alto stuff we were looking at, so we wound up staying with the firewall. Mainly it was just inspecting ports between virtual machines.

Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense

I've been using Azure Firewall for probably about a year.

Azure Firewall wasn't scalable at all, but it did what it's supposed to do.

I honestly don't remember interfacing a lot with Azure support. I think that we were dealing with a third party, maybe. But I've been dealing with AWS for the last year, and it's a totally different experience in a good way. Their support is outstanding.

Setting up Azure Firewall was easy because all you were doing was configuring source, destination, port, and action. However, there was something weird. You have to number your rules set, and depending on your numbering system, that's how you would have to apply the filtering of the logic of the policy. And in that sense, it's a little bit quirky. I don't think that most firewalls work that way. It just reads the policy, and the algorithm is based on it filtering down through the policies until it hits a truth or a match. And then it makes a decision based on that.

Azure's cost-effectiveness is its major advantage. 

Each company will prioritize what it wants to work on. Azure may outperform AWS in some areas, but after working with the two platforms for roughly the same amount of time, I've found AWS friendlier and more sophisticated overall. AWS just seems to be a better platform for me, honestly.

I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. 

Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I  had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet."

They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.

We are a technical services company and we are in the data center space. We provide different solutions, including firewalls such as Azure Firewall, to our clients depending on their needs.

We have a large customer base that is global in scope and we provide hosting services as well as managed services. We have solutions deployed in both public cloud and private cloud environments. 

We typically use this solution in the perimeter layer, although we do have some use cases where we handle East-west traffic.

The Layer four features are okay and meet my business needs.

Security is playing a vital role these days, and the layer seven features such as IPS and malware protection are helpful in that regard.

The interface is fair and has not given us any challenges.

This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this.

In the next release, I would like to see the inclusion of more next-generation firewall features.

So far, we have not seen any problems with stability.

We are currently exploring the scalability and availability. It has a number of extensions available to increase the bandwidth, throughput, scale-up, and scale-out points.

We have not been in contact with technical support.

We have experience with Palo Alto, Check Point, FortiGate, and Cisco firewalls. Azure Firewall is more scalable than these other solutions.

There are no big challenges when it comes to implementing this solution.

It takes approximately two hours to deploy.

We have a lot of resources in this space, so we take care of the implementation and deployment on our own.

This is a solution that I recommend for internet-facing network traffic.

When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less.

Overall, I would rate this solution a seven out of ten.

I have deployed Azure Firewall for a couple of my clients. They primarily use it for protecting their workloads and limiting incoming connections.

I also have a subscription but I use it primarily for testing.

The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats. It can easily detect threats and I have customers that have experienced this.

The malware signatures are updated automatically, which is helpful for new customers.

Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors.

The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved.

The visibility is much less with Azure Firewall than it is with other products.

I have been working with Azure Firewall for two years.

This is a firewall that I implement for my SMB customers. For example, one of my recent deployments was to a user base of between 300 and 500 people. In fact, it was their DR site, so there was no regular user traffic. The real-time users enter that site typically for maintenance.

 My enterprise clients normally choose to implement SonicWall NSV.

I have not had the opportunity to fully test the scalability but I can't see any limitations to it at this time.

I have opened a couple of cases with Azure and the technical support was fine. There were no issues with it.

I have experience with several other firewalls including FortiGate and Palo Alto.

Another product that I have sold to my enterprise customers is SonicWall NSV.

Compared to other firewall products, the setup is complex. I have faced problems setting up the DNAT, and there are some issues with setting up the certificates. I have also had trouble with service tag issues.

The basic deployment takes one day or two days at the maximum. The fine-tuning, where we have to monitor and identify the proper traffic, takes place over two or three weeks. Fine-tuning is an extensive part of it. It is important that the configuration is set up correctly.

We deploy this solution for our customers but they are responsible for the fine-tuning to their environment. I deploy it for our clients but I have another colleague who does it, as well.

Overall, this is a good product and we will continue working with it.

I would rate this solution a nine out of ten.

I've been using Azure Firewall for one or two customers in the UAE to protect against security threats. It protects the Azure infrastructure and PaaS, applications, network, and ports. It's the same as the things we configure with other firewalls.

With Azure firewall, I can extend the security posture from 67 percent to between 75 and 80 percent.

The security of Azure Firewall is okay for smaller and medium-sized organizations. It has been integrated with the virtual WAN, which is a good way to protect multi branches for connection either through ExpressRoute or VPN.

The dashboard is fine because it's simple and easy to use. For junior admins who are joining an organization and want to learn something, Azure Firewall is the best way to go, as it gives them all the flexibility. It's not so customized. Whereas with Palo Alto, for example, you have to understand firewalls, and the security aspects, in a more in-depth way. Azure Firewall is easy.

It is easy for me to protect specific ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites. There are many features which are good enough.

Also, the documentation is awesome, no doubt about it. 

For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall.

I have been using Azure Firewall for almost three years.

It's absolutely stable because it's Azure. It has the redundancy and the resilience of the Azure Infrastructure Services. I don't think there is downtime with this kind of service. It probably has 99.95 percent uptime.

It should be scalable. That has to do with the backend and Azure takes care of all of that. We have 300 to 400 users.

We have an Enterprise Agreement and that means Microsoft support would answer any calls within half an hour's time, max. They get in touch with us if there is anything that is crucial. It is based on the severity when we create the request.

A Microsoft Enterprise Agreement is the best. I worked on many problems and issues when I was working for a government organization that had an Enterprise Agreement, and I used to get calls immediately. The issues would be resolved within half a day or, at the maximum, one day.

Positive

I haven't worked with other firewalls.

The initial setup is straightforward. There is nothing complex about it. Within 20 minutes, you have the firewall up and running.

Two or three people are sufficient for deployment and maintenance in a small organization. One should be at least a SOC analyst who understands security, and one could be an Azure admin with good knowledge of the Azure infrastructure, PaaS, and security aspects.

Azure Firewall comes with Azure native services. We did not buy any kind of license for it. Whether you have a free subscription or a pay-as-you-go model, you can deploy the Azure Firewall service. For any type of third-party service, like Palo Alto, or Fortinet, or Check Point, we would need to buy a subscription or licenses based on the users, but here it comes with the tenant when you purchase it. You are not going to spend extra money on it. The amount that you use will determine how much you pay.

The pricing of Azure, compared to third-party vendors, is good because it's Azure-native. It's affordable.

It's a common firewall. I haven't faced any issues or problems with it. In Azure services itself, there are other security implementations provided, to do with DDoS protection on the networks. There are certain firewall rules as well and things that we can deploy at the subnet level and on the NIC level. Along with Azure Firewall, other security services have been implemented. It's okay for small and medium-sized organizations that cannot afford to buy a third-party vendor or security appliances to protect their perimeter. Azure Firewall should suffice for them.

Also, as cloud administrators or architects, we are the ones who take care of the protection. As long the end-user is connected with the application, they're fine. To them, it doesn't matter whether we're using Azure Firewall or a third-party appliance. They don't know what is going on at the infrastructure level. They just want the application and the performance to be good.

For small and medium-sized organizations that are not ready to invest in a third-party firewall, and clients who are not so concerned about data security, Azure Firewall is the best solution. If a company needs more protection of, say, their email service, they could go with Proofpoint, an IaaS, or PaaS. For one of our large organizations, where they have financial services and a retail business, they went for a third-party solution along with Azure Firewall.

Overall, I would rate Azure firewall at eight out of 10. There are many advanced features in the other firewalls that are not available in Azure.

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

It needs a lot of improvement, especially on intruder detection. They are working hard on that.

I am an experienced Azure architect. I have more than 30 years in this field. I don't do operations anymore, although I know how to configure things.

I have just done the design on a project for General Electric, with Azure Firewall.

It's very stable. Microsoft will not put something out there that is unstable.

Another big benefit of Azure Firewall is the scalability. You can grow it to meet the load of traffic. With a virtual appliance-based solution from Palo Alto or Cisco, you need to add another one to scale.

Their tech support is great. They are very helpful. They can be involved in the design.

The initial setup is a piece of cake. You just provision it. You need to know your requirements because there are two versions, Standard and Premium, which affect your costs.

One of the benefits of Azure Firewall, while it is not mature yet, is that the total cost of ownership is much less than Palo Alto, Cisco, or any other brand.

When people look at the cost of Azure Firewall, they think, "Oh, it's pretty expensive." But when you base it on the total cost of ownership over a period of time, you have to look at the scalability and the fact that, if you already have Microsoft support, it is included for Azure Firewall automatically. When you add in the integration and the management, it comes out to much less than virtual appliances.

I would highly recommend it if your design needs Azure Firewall. It might not need it. It might be that you could use an application firewall and that the application gateway will be more than enough.

They're working on a distributed solution so that it's not that you just have a virtual network and one firewall. They really want to have more than one entry point into your environment, with ways to orchestrate it, with the IP coming from a client to different firewalls. They are moving at the speed of light to realize a lot of strategic initiatives for Azure Firewall. It is one of the strategic items that Microsoft is working on.

Basically, our organization is using the solution to inspect the traffic. I'm using the solution as the main defense system prior to de-traffication on the NGX layer (layer seven). Then, of course, we're forwarding to the Kubernetes cluster.

The solution has many useful features. For example, the solution allows users to create virtual IP addresses. 

The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks.

There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it.

In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.

I've been using the solution for six months so far. It hasn't been too long.

The stability of the solution is excellent. It hasn't failed. There are no bugs, glitches, or crashes. It's reliable.

Azure uses an on-premises environment. I wouldn't use it for scalability purposes. In terms of scalability, our organization is much more inclined towards Fortinet's Fortigate virtual appliance rather than the Azure Firewall.

We provide services to our clients and help them maintain the product.

However, we have contacted technical support several times. We've submitted tickets and dealt with technical support directly. Occasionally, it takes a long period of time for them to get back to us. It does depend on the severity of the issues. In terms of feedback and output they've provided us, we have been very satisfied. They can just be a little slow.

We use both Azure Firewall and Fortinet solutions, including Fortigate. I personally find that Azure doesn't offer the same capabilities. Fortinet is better.

I'm not sure of the exact pricing, however, I do believe it is less expensive than Fortigate.

For Fortinet, we pay around $5,000 per year. It offers more, however. It, for example, also improves the intrusion detection system. We bought a Fortinet appliance two years ago and Azure Firewall didn't exist at the time.

We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company.

I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.

We use the solution as an internal firewall device.

The solution provides a good link to Azure and SQL servers.

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

We have been using Azure Firewall for around a year. 

The solution has the same stability as Azure.

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

We handled the initial setup internally. 

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten.