2020-01-16T08:44:00Z

What needs improvement with Azure Firewall?


Please share with the community what you think needs improvement with Azure Firewall.

What are its weaknesses? What would you like to see changed in a future version?

Guest
77 Answers

author avatar
Top 5Real User

Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group. Tagging is supported but not on the instances, which is something that could be improved. The selection of the internal resources into the ruleset could be improved. Support for layer-seven application filtering should be added because it is not there yet, at all. It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement. The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.

2020-05-07T08:21:03Z
author avatar
Top 5Real User

There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive.

2020-04-06T08:22:00Z
author avatar
Top 5Real User

The interface could be improved, it's not very user friendly. They are now trying to compete with a new Chinese domestic public cloud provider which has more features. It's difficult to find the ports on the current interface, but it's easier with this new provider. We're looking to provide a better routing, or something like an SD-WAN solution that can improve the user experience. I think that's something Azure can do as an additional feature. There are five Azure clouds: Two belong to the US government and one is worldwide. Then there is Germany Azure and China Azure. China Azure is barely able to communicate with the rest of the world, and that connectivity issue needs to be looked at in detail and a solution found.

2020-03-18T06:06:03Z
author avatar
Top 5Real User

The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks. There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it. In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.

2020-03-16T06:56:08Z
author avatar
Vendor

I think that their customer support could be improved with a faster response time. I think the product could be made more customizable, I'd like to see that in the next release.

2020-02-11T06:18:00Z
author avatar
Top 5Real User

In a future release, it could be empowered by combining with Azure Private DNS and Front Door.

2020-01-22T12:45:00Z
author avatar
Top 10Real User

This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this. In the next release, I would like to see the inclusion of more next-generation firewall features.

2020-01-16T08:44:00Z
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: May 2020.
442,986 professionals have used our research since 2012.