We changed our name from IT Central Station: Here's why
Network Engineer at a leisure / travel company with 10,001+ employees
Real User
Highly scalable but lacks support for back-to-back firewall architecture
Pros and Cons
  • "Azure Firewall's feature that I have found most valuable is its scalability."
  • "Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either."

What is most valuable?

Azure Firewall's feature that I have found most valuable is its scalability.

What needs improvement?

In terms of what could be improved, it lacks a couple of features which are available in the other marketplace products, but it is stable and it performs most of the basic functions that are expected from a normal firewall.

When we deployed we did not have a centralized management of multiple firewalls. Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either. 

Other features I would like to see are intrusion prevention, URL filtering, category-based URL filtering and other advanced features.

Overall, the configuration can definitely be improved.

In terms of the overall product architecture, if the management and the architecture of the product could support back-to-back firewall architectures so that I could use Azure Firewall in combination with another firewall, that would be one point which would help this product be used more and in a better way.

Again, if the Azure Firewall could be accommodated as a back-to-back firewall, meaning if it could work as a firewall which handles the inbound traffic from the internet, which is an NVA, or a network virtual appliance, and we could reroute the traffic to Azure Firewall, that would be good. But as of now, there is no routing options in Azure Firewall.

For how long have I used the solution?

I have been using Azure Firewall for eight months.

We are not using the latest version since we deployed it quite some time back.

What do I think about the stability of the solution?

Azure Firewall is quite stable.

What do I think about the scalability of the solution?

We have thousands of people using it.

How are customer service and technical support?

Technical support is okay.

How was the initial setup?

Azure Firewall has an easy installation.

What other advice do I have?

I would only recommend Azure Firewall depending on the requirements. If it is an enterprise that has basic requirements and needs to do packet filtering and a certain level of intrusion prevention, so for the level of IP whitelisting, it's a good product.

It is easy to manage and it is scalable.

On a scale of one to ten, I would give Azure Firewall a six because of the configuration issue.

In terms of NAT configuration, the configuration management is one issue. Another issue is intrusion prevention with the NAT configuration and the URL category-based filtering features. The ease of manageability and the ease of configuration of these features could be easier.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Christian Cutajar
Head of IT at NetRefer
Real User
Top 5
Good pricing, useful features, and satisfactory technical support
Pros and Cons
  • "The solution has many useful features. For example, the solution allows users to create virtual IP addresses."
  • "The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks."

What is our primary use case?

Basically, our organization is using the solution to inspect the traffic. I'm using the solution as the main defense system prior to de-traffication on the NGX layer (layer seven). Then, of course, we're forwarding to the Kubernetes cluster.

What is most valuable?

The solution has many useful features. For example, the solution allows users to create virtual IP addresses. 

What needs improvement?

The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks.

There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it.

In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.

For how long have I used the solution?

I've been using the solution for six months so far. It hasn't been too long.

What do I think about the stability of the solution?

The stability of the solution is excellent. It hasn't failed. There are no bugs, glitches, or crashes. It's reliable.

What do I think about the scalability of the solution?

Azure uses an on-premises environment. I wouldn't use it for scalability purposes. In terms of scalability, our organization is much more inclined towards Fortinet's Fortigate virtual appliance rather than the Azure Firewall.

How are customer service and technical support?

We provide services to our clients and help them maintain the product.

However, we have contacted technical support several times. We've submitted tickets and dealt with technical support directly. Occasionally, it takes a long period of time for them to get back to us. It does depend on the severity of the issues. In terms of feedback and output they've provided us, we have been very satisfied. They can just be a little slow.

Which solution did I use previously and why did I switch?

We use both Azure Firewall and Fortinet solutions, including Fortigate. I personally find that Azure doesn't offer the same capabilities. Fortinet is better.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the exact pricing, however, I do believe it is less expensive than Fortigate.

For Fortinet, we pay around $5,000 per year. It offers more, however. It, for example, also improves the intrusion detection system. We bought a Fortinet appliance two years ago and Azure Firewall didn't exist at the time.

What other advice do I have?

We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company.

I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,643 professionals have used our research since 2012.
Cloud Architect at a pharma/biotech company with 10,001+ employees
Real User
Top 5
Stable and can autoscale but requires more use cases
Pros and Cons
  • "The solution can autoscale."
  • "Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate."

What is our primary use case?

We mostly utilize the solution for effectively controlling the networks.

What is most valuable?

The ability to provide better control of the traffic is the solution's most valuable aspect.

The solution is stable.

The solution can autoscale.

The initial setup is pretty easy.

Technical support has been good to us so far.

What needs improvement?

The solution isn't missing features per se.

Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.

There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

The stability of the solution is good. We haven't had any issues. It's a managed service.

What do I think about the scalability of the solution?

The solution is autoscalable. It scales based on your deployment and/or based on your loads, due to the fact that it's a managed service. A company that expects to expand shouldn't have a problem scaling with this solution.

We have about 50-100 users on the solution currently. We may increase usage in the future.

How are customer service and technical support?

We've had some experience with technical support from Azure. We've found them to be quite good and are satisfied with the level of service that's been provided. I would say they ar knowledgeable and responsive to our queries.

Which solution did I use previously and why did I switch?

Before Azure Firewall, I used to work on a VPN-based firewall. 

How was the initial setup?

The solution doesn't have a complex installation process. It's pretty straightforward to implement. When we went forward with the solution we didn't face any setup issues.

Our initial deployment took about three months, and, now that it's a managed service, we've handed the deployment over to them.

I'm not sure how many staff members we used for deployment and how many handle any maintenance aspects.

What about the implementation team?

While we handled the initial implementation, we get Azure to handle the deployments for us. We didn't use a reseller or a consultant to assist with the deployment.

What other advice do I have?

We're just a customer at this time. We don't have any kind of special business relationship with Azure.

I'm not sure which version of the solution I'm currently using is.

I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Architect at a tech services company with 10,001+ employees
Real User
Top 20
Provides a good link to Azure and SQL servers but should have groupings for servers
Pros and Cons
  • "The solution should be capable of self-scaling, which is one of the features we like about it."
  • "It would be nice to be able to create groupings for servers and offer groups of IP addresses."

What is our primary use case?

We use the solution as an internal firewall device.

What is most valuable?

The solution provides a good link to Azure and SQL servers.

What needs improvement?

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

For how long have I used the solution?

We have been using Azure Firewall for around a year. 

What do I think about the stability of the solution?

The solution has the same stability as Azure.

What do I think about the scalability of the solution?

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

How are customer service and technical support?

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

How was the initial setup?

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

What about the implementation team?

We handled the initial setup internally. 

What's my experience with pricing, setup cost, and licensing?

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Which other solutions did I evaluate?

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

What other advice do I have?

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Rajneesh Kaur
Senior Security Analyst at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Provides DDoS protection but lacks a number of important security features
Pros and Cons
  • "Among the most valuable features are the DDoS protection that protects your virtual machines, the threat intelligence, and traffic filtering."
  • "Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."

What is our primary use case?

We're SaaS providers. We use these firewalls to route our traffic from our partner to us.

What is most valuable?

Among the most valuable features are the

  • DDoS protection which protects your virtual machines
  • threat intelligence 
  • traffic filtering.

What needs improvement?

If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.

For how long have I used the solution?

The cloud team in our company has been using Azure Firewall for about two years, but I'm in the security team and I've been using it for a year. We're using the regular version, not the Premium version.

What do I think about the stability of the solution?

The stability of Azure Firewall is fine. I've never seen it go down.

What do I think about the scalability of the solution?

There may be issues with the scalability, but I haven't tested it yet. When you test it in preview mode it's only around 3 to 3.5 Gbps.

How are customer service and support?

The support from Microsoft is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We started using it because we were new to the cloud and, at that time, we didn't have options. We started using whatever came with Azure. Now that we have started to grow, we have started exploring other options.

What about the implementation team?

We have different business units and each one has one person for deployment and maintenance of the solution.

Which other solutions did I evaluate?

We have looked at Azure Firewall Premium and at Palo Alto's firewalls.

When we did the comparison we found the regular version of Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.

We're looking at switching to Palo Alto virtual firewalls, but we want to make sure that what we switch to is compatible with our environment.

What other advice do I have?

Azure Firewall is fine, but it's not suitable for our organization and that's why we have decided to move away from it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Mina Aziz
Senior System Engineer at Effvision
Real User
Top 10
Good control over network permissions and the best for using with all Microsoft solutions
Pros and Cons
  • "The feature that I have found the most valuable is the control over the network permissions and the network."
  • "They can improve the pricing of Azure Firewall."

What is most valuable?

High availability is built in, so no additional load balancers are required and there's nothing you need to configure 

Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability

You can limit outbound HTTP/S traffic or Azure SQL traffic (preview) to a specified list of fully qualified domain names (FQDN) including wild cards. This feature doesn't require TLS termination.

You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections

Threat intelligence  -based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains

Inbound Internet network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks.

What needs improvement?

They can improve the pricing of Azure Firewall. 

For how long have I used the solution?

I have been using this solution for maybe one year. We are a gold partner with Microsoft.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. We have around 200 users, and we have around 10 members for maintenance.

How was the initial setup?

It is easy to set up. It took around 1 hour.

What's my experience with pricing, setup cost, and licensing?

Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it.

One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall. 

Which other solutions did I evaluate?

Azure Firewall is the best to use with all Microsoft solutions. I also use Fortinet, Sophos, and Cisco. It's about the client's priority, that is, what they request.

What other advice do I have?

I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. 

I would rate Azure Firewall an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
SajidKhan
Senior Network Security Engineer at a tech services company with 51-200 employees
MSP
Top 20
Good technical support but lacks machine learning and has a lot of limitations
Pros and Cons
  • "Microsoft's technical support is very good. They're quite knowledgable and responsive."
  • "The solution lacks artificial intelligence and machine learning. It might be in the roadmap. However, currently, it's not available."

What other advice do I have?

Features Azure Web App
Firewall
Fortiweb WAF F5-ASM Remarks
OWASP Top 10 Attack Yes Yes Yes Azure WAF supports only SQL and XSS protection
AI-based Machine Learning Threat Detection No Yes NO
Deep Integration into the Fortinet Security Fabric and
Third-Party Scanners
No Yes Yes
Solving the Challenge of False Threat Detections No Yes No FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies.
Advanced Graphical Analysis and Reporting No Yes Yes
Layer 7 server load balancing Yes Yes Yes
URL Rewriting Yes Yes Yes URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment.
https://docs.microsoft.com/en-...
Content Routing Yes Yes Yes
HTTPS/SSL Offloading Yes Yes Yes
HTTP Compression Yes Yes Yes
Caching Yes Yes Yes
Auto Scaling Yes Yes Yes
File upload scanning with AV and sandbox No Yes Yes
Built in Vulnerblity Scanner No Yes No
CAPTCHA and Real Browser Enforcement (RBE) No Yes Yes
HTTP RFC compliance Yes Yes Yes
Zero-day Attack Protection No Yes Yes
Security policy creation based on Server Technology No Yes Yes
Virtual Patching No Yes Yes
Geo IP analytic Yes Yes Yes
HTTP Denial of Service Yes yes Yes
Bot Protection Yes Yes Yes
Positive Security Model No Yes Yes
Bot Deception No Yes Yes
API Gateway No Yes Yes
Mobile API Protection No Yes Yes
JSON XML Protection No Yes Yes
Header Security No Yes Yes
Man-in-the-Middle No Yes Yes
No TLS 1.3 Support No Yes Yes
Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner.
FortiWeb is tested and validated by Gartner and NSS Labs.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Cloud Architect at a financial services firm with 1,001-5,000 employees
Real User
Easy to deploy and configure, but you need to have a defined IP range to associate it with your network
Pros and Cons
  • "I can easily configure it."
  • "You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."

What is our primary use case?

It is associated with our web resources, such as PaaS applications. I don't use it that much. I spend way more time working with function apps or something else on the Azure platform.

I am using its latest version.

What is most valuable?

I can easily configure it.

What needs improvement?

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

I don't get into any kind of real scale configuration. There might be bugs that I don't know because I just use the general configuration.

What do I think about the scalability of the solution?

I can't say about scalability, but we have 20,000 employees.

How are customer service and support?

I have not used their technical support.

Which solution did I use previously and why did I switch?

Most of the time, I've used Azure Firewall for cloud services. We also have AWS, and then, of course, we have hardware firewalls on-premise, but I haven't worked with anything.

How was the initial setup?

It is pretty straightforward for what I'm using it for.

What other advice do I have?

I would rate Azure Firewall a seven out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Azure Firewall Report and get advice and tips from experienced pros sharing their opinions.