We just raised a $30M Series A: Read our story
SV
Cloud Architect at a pharma/biotech company with 10,001+ employees
Real User
Top 5
Stable and can autoscale but requires more use cases

Pros and Cons

  • "The solution can autoscale."
  • "Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate."

What is our primary use case?

We mostly utilize the solution for effectively controlling the networks.

What is most valuable?

The ability to provide better control of the traffic is the solution's most valuable aspect.

The solution is stable.

The solution can autoscale.

The initial setup is pretty easy.

Technical support has been good to us so far.

What needs improvement?

The solution isn't missing features per se.

Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.

There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

The stability of the solution is good. We haven't had any issues. It's a managed service.

What do I think about the scalability of the solution?

The solution is autoscalable. It scales based on your deployment and/or based on your loads, due to the fact that it's a managed service. A company that expects to expand shouldn't have a problem scaling with this solution.

We have about 50-100 users on the solution currently. We may increase usage in the future.

How are customer service and technical support?

We've had some experience with technical support from Azure. We've found them to be quite good and are satisfied with the level of service that's been provided. I would say they ar knowledgeable and responsive to our queries.

Which solution did I use previously and why did I switch?

Before Azure Firewall, I used to work on a VPN-based firewall. 

How was the initial setup?

The solution doesn't have a complex installation process. It's pretty straightforward to implement. When we went forward with the solution we didn't face any setup issues.

Our initial deployment took about three months, and, now that it's a managed service, we've handed the deployment over to them.

I'm not sure how many staff members we used for deployment and how many handle any maintenance aspects.

What about the implementation team?

While we handled the initial implementation, we get Azure to handle the deployments for us. We didn't use a reseller or a consultant to assist with the deployment.

What other advice do I have?

We're just a customer at this time. We don't have any kind of special business relationship with Azure.

I'm not sure which version of the solution I'm currently using is.

I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
DL
Technical Architect at a tech services company with 10,001+ employees
Real User
Top 20
Provides a good link to Azure and SQL servers but should have groupings for servers

Pros and Cons

  • "The solution should be capable of self-scaling, which is one of the features we like about it."
  • "It would be nice to be able to create groupings for servers and offer groups of IP addresses."

What is our primary use case?

We use the solution as an internal firewall device.

What is most valuable?

The solution provides a good link to Azure and SQL servers.

What needs improvement?

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

For how long have I used the solution?

We have been using Azure Firewall for around a year. 

What do I think about the stability of the solution?

The solution has the same stability as Azure.

What do I think about the scalability of the solution?

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

How are customer service and technical support?

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

How was the initial setup?

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

What about the implementation team?

We handled the initial setup internally. 

What's my experience with pricing, setup cost, and licensing?

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Which other solutions did I evaluate?

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

What other advice do I have?

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,529 professionals have used our research since 2012.
KI
Manager - Network & Security at a tech services company with 501-1,000 employees
MSP
Top 20
Easy to deploy and scales well, but next-generation firewall features should be added

Pros and Cons

  • "The Layer four features are okay and meet my business needs."
  • "This solution is not mature when it comes to handling perimeter traffic like internet browsing."

What is our primary use case?

We are a technical services company and we are in the data center space. We provide different solutions, including firewalls such as Azure Firewall, to our clients depending on their needs.

We have a large customer base that is global in scope and we provide hosting services as well as managed services. We have solutions deployed in both public cloud and private cloud environments. 

We typically use this solution in the perimeter layer, although we do have some use cases where we handle East-west traffic.

What is most valuable?

The Layer four features are okay and meet my business needs.

Security is playing a vital role these days, and the layer seven features such as IPS and malware protection are helpful in that regard.

The interface is fair and has not given us any challenges.

What needs improvement?

This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this.

In the next release, I would like to see the inclusion of more next-generation firewall features.

What do I think about the stability of the solution?

So far, we have not seen any problems with stability.

What do I think about the scalability of the solution?

We are currently exploring the scalability and availability. It has a number of extensions available to increase the bandwidth, throughput, scale-up, and scale-out points.

How are customer service and technical support?

We have not been in contact with technical support.

Which solution did I use previously and why did I switch?

We have experience with Palo Alto, Check Point, FortiGate, and Cisco firewalls. Azure Firewall is more scalable than these other solutions.

How was the initial setup?

There are no big challenges when it comes to implementing this solution.

It takes approximately two hours to deploy.

What about the implementation team?

We have a lot of resources in this space, so we take care of the implementation and deployment on our own.

What other advice do I have?

This is a solution that I recommend for internet-facing network traffic.

When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less.

Overall, I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Rajneesh Kaur
Senior Security Analyst at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Provides DDoS protection but lacks a number of important security features

Pros and Cons

  • "Among the most valuable features are the DDoS protection that protects your virtual machines, the threat intelligence, and traffic filtering."
  • "Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."

What is our primary use case?

We're SaaS providers. We use these firewalls to route our traffic from our partner to us.

What is most valuable?

Among the most valuable features are the

  • DDoS protection which protects your virtual machines
  • threat intelligence 
  • traffic filtering.

What needs improvement?

If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.

For how long have I used the solution?

The cloud team in our company has been using Azure Firewall for about two years, but I'm in the security team and I've been using it for a year. We're using the regular version, not the Premium version.

What do I think about the stability of the solution?

The stability of Azure Firewall is fine. I've never seen it go down.

What do I think about the scalability of the solution?

There may be issues with the scalability, but I haven't tested it yet. When you test it in preview mode it's only around 3 to 3.5 Gbps.

How are customer service and support?

The support from Microsoft is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We started using it because we were new to the cloud and, at that time, we didn't have options. We started using whatever came with Azure. Now that we have started to grow, we have started exploring other options.

What about the implementation team?

We have different business units and each one has one person for deployment and maintenance of the solution.

Which other solutions did I evaluate?

We have looked at Azure Firewall Premium and at Palo Alto's firewalls.

When we did the comparison we found the regular version of Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.

We're looking at switching to Palo Alto virtual firewalls, but we want to make sure that what we switch to is compatible with our environment.

What other advice do I have?

Azure Firewall is fine, but it's not suitable for our organization and that's why we have decided to move away from it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Mina Aziz
Senior System Engineer at Effvision
Real User
Top 10
Good control over network permissions and the best for using with all Microsoft solutions

Pros and Cons

  • "The feature that I have found the most valuable is the control over the network permissions and the network."
  • "They can improve the pricing of Azure Firewall."

What is most valuable?

High availability is built in, so no additional load balancers are required and there's nothing you need to configure 

Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability

You can limit outbound HTTP/S traffic or Azure SQL traffic (preview) to a specified list of fully qualified domain names (FQDN) including wild cards. This feature doesn't require TLS termination.

You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections

Threat intelligence  -based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains

Inbound Internet network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks.

What needs improvement?

They can improve the pricing of Azure Firewall. 

For how long have I used the solution?

I have been using this solution for maybe one year. We are a gold partner with Microsoft.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. We have around 200 users, and we have around 10 members for maintenance.

How was the initial setup?

It is easy to set up. It took around 1 hour.

What's my experience with pricing, setup cost, and licensing?

Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it.

One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall. 

Which other solutions did I evaluate?

Azure Firewall is the best to use with all Microsoft solutions. I also use Fortinet, Sophos, and Cisco. It's about the client's priority, that is, what they request.

What other advice do I have?

I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. 

I would rate Azure Firewall an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
SajidKhan
Senior Network Security Engineer at a tech services company with 51-200 employees
MSP
Top 20
Good technical support but lacks machine learning and has a lot of limitations

Pros and Cons

  • "Microsoft's technical support is very good. They're quite knowledgable and responsive."
  • "The solution lacks artificial intelligence and machine learning. It might be in the roadmap. However, currently, it's not available."

What other advice do I have?

Features Azure Web App
Firewall
Fortiweb WAF F5-ASM Remarks
OWASP Top 10 Attack Yes Yes Yes Azure WAF supports only SQL and XSS protection
AI-based Machine Learning Threat Detection No Yes NO
Deep Integration into the Fortinet Security Fabric and
Third-Party Scanners
No Yes Yes
Solving the Challenge of False Threat Detections No Yes No FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies.
Advanced Graphical Analysis and Reporting No Yes Yes
Layer 7 server load balancing Yes Yes Yes
URL Rewriting Yes Yes Yes URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment.
https://docs.microsoft.com/en-...
Content Routing Yes Yes Yes
HTTPS/SSL Offloading Yes Yes Yes
HTTP Compression Yes Yes Yes
Caching Yes Yes Yes
Auto Scaling Yes Yes Yes
File upload scanning with AV and sandbox No Yes Yes
Built in Vulnerblity Scanner No Yes No
CAPTCHA and Real Browser Enforcement (RBE) No Yes Yes
HTTP RFC compliance Yes Yes Yes
Zero-day Attack Protection No Yes Yes
Security policy creation based on Server Technology No Yes Yes
Virtual Patching No Yes Yes
Geo IP analytic Yes Yes Yes
HTTP Denial of Service Yes yes Yes
Bot Protection Yes Yes Yes
Positive Security Model No Yes Yes
Bot Deception No Yes Yes
API Gateway No Yes Yes
Mobile API Protection No Yes Yes
JSON XML Protection No Yes Yes
Header Security No Yes Yes
Man-in-the-Middle No Yes Yes
No TLS 1.3 Support No Yes Yes
Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner.
FortiWeb is tested and validated by Gartner and NSS Labs.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
DJ
Cloud Architect at a financial services firm with 1,001-5,000 employees
Real User
Easy to deploy and configure, but you need to have a defined IP range to associate it with your network

Pros and Cons

  • "I can easily configure it."
  • "You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."

What is our primary use case?

It is associated with our web resources, such as PaaS applications. I don't use it that much. I spend way more time working with function apps or something else on the Azure platform.

I am using its latest version.

What is most valuable?

I can easily configure it.

What needs improvement?

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

I don't get into any kind of real scale configuration. There might be bugs that I don't know because I just use the general configuration.

What do I think about the scalability of the solution?

I can't say about scalability, but we have 20,000 employees.

How are customer service and support?

I have not used their technical support.

Which solution did I use previously and why did I switch?

Most of the time, I've used Azure Firewall for cloud services. We also have AWS, and then, of course, we have hardware firewalls on-premise, but I haven't worked with anything.

How was the initial setup?

It is pretty straightforward for what I'm using it for.

What other advice do I have?

I would rate Azure Firewall a seven out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Velizar-Todorov
IT Senior Architect, Infrastructure and Cloud Solutions at a government with 501-1,000 employees
Real User
Top 5
Stable and scalable with outstanding technical support

Pros and Cons

  • "The solution is very stable. When comparing it to other environments, it's actually quite impressive."
  • "We find it's different implementing it region-to-region. It might help if it was universal across all regions."

What is our primary use case?

On-premise to cloud <-> Cloud to on-premise

How has it helped my organization?

Managed service.

What is most valuable?

Scalability, multi-zone and FQDN TAgs.

What needs improvement?

In a future release, it could be empowered by combining with Azure Private DNS and Front Door.

For how long have I used the solution?

We've been using the solution for 1 year

What do I think about the stability of the solution?

The solution is very stable. When comparing it to other environments, it's actually quite impressive.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

We deal with technical support on a regular basis. I'd rate the service we've received ten out of most of the support tickets. 

Which solution did I use previously and why did I switch?

We use several solutions.

What's my experience with pricing, setup cost, and licensing?

Unfortunately, I don't handle the finances or payments for the solution, so I can't compare to others.

Which other solutions did I evaluate?

FortiGate - also nice solution...

What other advice do I have?

We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary.

The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Azure Firewall Report and get advice and tips from experienced pros sharing their opinions.