Andrey Grozdev - PeerSpot reviewer
Cloud Consultant at Thobey
Real User
Top 20
Secures Azure network infrastructure with its user-friendly interface, extensive documentation, high availability, and integration of advanced features
Pros and Cons
  • "One of the notable advantages of Azure Firewall is its user-friendly interface, which closely resembles or shares similarities with other Azure components."
  • "There is room for further integration of AI into the system."

How has it helped my organization?

One of the notable advantages of Azure Firewall is its user-friendly interface, which closely resembles or shares similarities with other Azure components. The abundance of well-documented resources, extensive help features, and a wealth of examples further enhance the usability of Azure Firewall.

What needs improvement?

It could potentially be more cost-effective. There is room for further integration of AI into the system.

For how long have I used the solution?

I have been working with it for approximately two years.

What do I think about the stability of the solution?

It ensures reliable availability.

Buyer's Guide
Azure Firewall
April 2024
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.

What do I think about the scalability of the solution?

At my previous workplace, we extensively deployed Azure Firewall with four units, effectively serving the security needs of a sizable user base exceeding a thousand individuals.

Which solution did I use previously and why did I switch?

Previously, we utilized Fortinet, but we made the transition to Azure because  Microsoft introduced advanced features and Next Generation functionalities into Azure Firewall, and we anticipate a seamless shift to Microsoft Azure, leveraging the convenience of managing multiple products effortlessly through it.

What other advice do I have?

Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Network Administrator at a government with 201-500 employees
Real User
The features are so limited that it's pretty much a protocol-filtering product
Pros and Cons
  • "Azure's cost-effectiveness is its major advantage."
  • "Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that."

What is our primary use case?

When we started using Azure Firewall, we learned quickly that it couldn't do much. As I remember, it was essentially a layer 3 or layer 4 firewall that couldn't distinguish recognized applications and things like that. But it was inexpensive compared to the Palo Alto stuff we were looking at, so we wound up staying with the firewall. Mainly it was just inspecting ports between virtual machines.

What needs improvement?

Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense

For how long have I used the solution?

I've been using Azure Firewall for probably about a year.

What do I think about the scalability of the solution?

Azure Firewall wasn't scalable at all, but it did what it's supposed to do.

How are customer service and support?

I honestly don't remember interfacing a lot with Azure support. I think that we were dealing with a third party, maybe. But I've been dealing with AWS for the last year, and it's a totally different experience in a good way. Their support is outstanding.

How was the initial setup?

Setting up Azure Firewall was easy because all you were doing was configuring source, destination, port, and action. However, there was something weird. You have to number your rules set, and depending on your numbering system, that's how you would have to apply the filtering of the logic of the policy. And in that sense, it's a little bit quirky. I don't think that most firewalls work that way. It just reads the policy, and the algorithm is based on it filtering down through the policies until it hits a truth or a match. And then it makes a decision based on that.

What's my experience with pricing, setup cost, and licensing?

Azure's cost-effectiveness is its major advantage. 

Which other solutions did I evaluate?

Each company will prioritize what it wants to work on. Azure may outperform AWS in some areas, but after working with the two platforms for roughly the same amount of time, I've found AWS friendlier and more sophisticated overall. AWS just seems to be a better platform for me, honestly.

What other advice do I have?

I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. 

Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I  had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet."

They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Azure Firewall
April 2024
Learn what your peers think about Azure Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.
Manager - Network & Security at a tech services company with 501-1,000 employees
MSP
Easy to deploy and scales well, but next-generation firewall features should be added
Pros and Cons
  • "The Layer four features are okay and meet my business needs."
  • "This solution is not mature when it comes to handling perimeter traffic like internet browsing."

What is our primary use case?

We are a technical services company and we are in the data center space. We provide different solutions, including firewalls such as Azure Firewall, to our clients depending on their needs.

We have a large customer base that is global in scope and we provide hosting services as well as managed services. We have solutions deployed in both public cloud and private cloud environments. 

We typically use this solution in the perimeter layer, although we do have some use cases where we handle East-west traffic.

What is most valuable?

The Layer four features are okay and meet my business needs.

Security is playing a vital role these days, and the layer seven features such as IPS and malware protection are helpful in that regard.

The interface is fair and has not given us any challenges.

What needs improvement?

This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this.

In the next release, I would like to see the inclusion of more next-generation firewall features.

What do I think about the stability of the solution?

So far, we have not seen any problems with stability.

What do I think about the scalability of the solution?

We are currently exploring the scalability and availability. It has a number of extensions available to increase the bandwidth, throughput, scale-up, and scale-out points.

How are customer service and technical support?

We have not been in contact with technical support.

Which solution did I use previously and why did I switch?

We have experience with Palo Alto, Check Point, FortiGate, and Cisco firewalls. Azure Firewall is more scalable than these other solutions.

How was the initial setup?

There are no big challenges when it comes to implementing this solution.

It takes approximately two hours to deploy.

What about the implementation team?

We have a lot of resources in this space, so we take care of the implementation and deployment on our own.

What other advice do I have?

This is a solution that I recommend for internet-facing network traffic.

When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less.

Overall, I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Network Security Engineer at Diyar United Company
Reseller
Top 20
Good threat intelligence, scalable, and good support
Pros and Cons
  • "The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."
  • "The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved."

What is our primary use case?

I have deployed Azure Firewall for a couple of my clients. They primarily use it for protecting their workloads and limiting incoming connections.

I also have a subscription but I use it primarily for testing.

What is most valuable?

The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats. It can easily detect threats and I have customers that have experienced this.

The malware signatures are updated automatically, which is helpful for new customers.

What needs improvement?

Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors.

The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved.

The visibility is much less with Azure Firewall than it is with other products.

For how long have I used the solution?

I have been working with Azure Firewall for two years.

What do I think about the scalability of the solution?

This is a firewall that I implement for my SMB customers. For example, one of my recent deployments was to a user base of between 300 and 500 people. In fact, it was their DR site, so there was no regular user traffic. The real-time users enter that site typically for maintenance.

 My enterprise clients normally choose to implement SonicWall NSV.

I have not had the opportunity to fully test the scalability but I can't see any limitations to it at this time.

How are customer service and support?

I have opened a couple of cases with Azure and the technical support was fine. There were no issues with it.

Which solution did I use previously and why did I switch?

I have experience with several other firewalls including FortiGate and Palo Alto.

Another product that I have sold to my enterprise customers is SonicWall NSV.

How was the initial setup?

Compared to other firewall products, the setup is complex. I have faced problems setting up the DNAT, and there are some issues with setting up the certificates. I have also had trouble with service tag issues.

The basic deployment takes one day or two days at the maximum. The fine-tuning, where we have to monitor and identify the proper traffic, takes place over two or three weeks. Fine-tuning is an extensive part of it. It is important that the configuration is set up correctly.

What about the implementation team?

We deploy this solution for our customers but they are responsible for the fine-tuning to their environment. I deploy it for our clients but I have another colleague who does it, as well.

What other advice do I have?

Overall, this is a good product and we will continue working with it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
BalamuruganSarangapani - PeerSpot reviewer
Sr. Technical Consultant - Cloud Delivery at a tech services company with 501-1,000 employees
Real User
Top 10
Provides good protection for small and medium-sized organizations
Pros and Cons
  • "It is easy for me to protect certain ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites."
  • "For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall."

What is our primary use case?

I've been using Azure Firewall for one or two customers in the UAE to protect against security threats. It protects the Azure infrastructure and PaaS, applications, network, and ports. It's the same as the things we configure with other firewalls.

How has it helped my organization?

With Azure firewall, I can extend the security posture from 67 percent to between 75 and 80 percent.

What is most valuable?

The security of Azure Firewall is okay for smaller and medium-sized organizations. It has been integrated with the virtual WAN, which is a good way to protect multi branches for connection either through ExpressRoute or VPN.

The dashboard is fine because it's simple and easy to use. For junior admins who are joining an organization and want to learn something, Azure Firewall is the best way to go, as it gives them all the flexibility. It's not so customized. Whereas with Palo Alto, for example, you have to understand firewalls, and the security aspects, in a more in-depth way. Azure Firewall is easy.

It is easy for me to protect specific ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites. There are many features which are good enough.

Also, the documentation is awesome, no doubt about it. 

What needs improvement?

For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall.

For how long have I used the solution?

I have been using Azure Firewall for almost three years.

What do I think about the stability of the solution?

It's absolutely stable because it's Azure. It has the redundancy and the resilience of the Azure Infrastructure Services. I don't think there is downtime with this kind of service. It probably has 99.95 percent uptime.

What do I think about the scalability of the solution?

It should be scalable. That has to do with the backend and Azure takes care of all of that. We have 300 to 400 users.

How are customer service and support?

We have an Enterprise Agreement and that means Microsoft support would answer any calls within half an hour's time, max. They get in touch with us if there is anything that is crucial. It is based on the severity when we create the request.

A Microsoft Enterprise Agreement is the best. I worked on many problems and issues when I was working for a government organization that had an Enterprise Agreement, and I used to get calls immediately. The issues would be resolved within half a day or, at the maximum, one day.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I haven't worked with other firewalls.

How was the initial setup?

The initial setup is straightforward. There is nothing complex about it. Within 20 minutes, you have the firewall up and running.

Two or three people are sufficient for deployment and maintenance in a small organization. One should be at least a SOC analyst who understands security, and one could be an Azure admin with good knowledge of the Azure infrastructure, PaaS, and security aspects.

What's my experience with pricing, setup cost, and licensing?

Azure Firewall comes with Azure native services. We did not buy any kind of license for it. Whether you have a free subscription or a pay-as-you-go model, you can deploy the Azure Firewall service. For any type of third-party service, like Palo Alto, or Fortinet, or Check Point, we would need to buy a subscription or licenses based on the users, but here it comes with the tenant when you purchase it. You are not going to spend extra money on it. The amount that you use will determine how much you pay.

The pricing of Azure, compared to third-party vendors, is good because it's Azure-native. It's affordable.

What other advice do I have?

It's a common firewall. I haven't faced any issues or problems with it. In Azure services itself, there are other security implementations provided, to do with DDoS protection on the networks. There are certain firewall rules as well and things that we can deploy at the subnet level and on the NIC level. Along with Azure Firewall, other security services have been implemented. It's okay for small and medium-sized organizations that cannot afford to buy a third-party vendor or security appliances to protect their perimeter. Azure Firewall should suffice for them.

Also, as cloud administrators or architects, we are the ones who take care of the protection. As long the end-user is connected with the application, they're fine. To them, it doesn't matter whether we're using Azure Firewall or a third-party appliance. They don't know what is going on at the infrastructure level. They just want the application and the performance to be good.

For small and medium-sized organizations that are not ready to invest in a third-party firewall, and clients who are not so concerned about data security, Azure Firewall is the best solution. If a company needs more protection of, say, their email service, they could go with Proofpoint, an IaaS, or PaaS. For one of our large organizations, where they have financial services and a retail business, they went for a third-party solution along with Azure Firewall.

Overall, I would rate Azure firewall at eight out of 10. There are many advanced features in the other firewalls that are not available in Azure.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Azure Solution Architect at a tech company with 10,001+ employees
Real User
Integrates nicely with Azure, and the SaaS deployment means you don't have to worry about patching or upgrades
Pros and Cons
  • "In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies."
  • "It needs a lot of improvement, especially on intruder detection. They are working hard on that."

What is most valuable?

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

What needs improvement?

It needs a lot of improvement, especially on intruder detection. They are working hard on that.

For how long have I used the solution?

I am an experienced Azure architect. I have more than 30 years in this field. I don't do operations anymore, although I know how to configure things.

I have just done the design on a project for General Electric, with Azure Firewall.

What do I think about the stability of the solution?

It's very stable. Microsoft will not put something out there that is unstable.

What do I think about the scalability of the solution?

Another big benefit of Azure Firewall is the scalability. You can grow it to meet the load of traffic. With a virtual appliance-based solution from Palo Alto or Cisco, you need to add another one to scale.

How are customer service and support?

Their tech support is great. They are very helpful. They can be involved in the design.

How was the initial setup?

The initial setup is a piece of cake. You just provision it. You need to know your requirements because there are two versions, Standard and Premium, which affect your costs.

What's my experience with pricing, setup cost, and licensing?

One of the benefits of Azure Firewall, while it is not mature yet, is that the total cost of ownership is much less than Palo Alto, Cisco, or any other brand.

When people look at the cost of Azure Firewall, they think, "Oh, it's pretty expensive." But when you base it on the total cost of ownership over a period of time, you have to look at the scalability and the fact that, if you already have Microsoft support, it is included for Azure Firewall automatically. When you add in the integration and the management, it comes out to much less than virtual appliances.

What other advice do I have?

I would highly recommend it if your design needs Azure Firewall. It might not need it. It might be that you could use an application firewall and that the application gateway will be more than enough.

They're working on a distributed solution so that it's not that you just have a virtual network and one firewall. They really want to have more than one entry point into your environment, with ways to orchestrate it, with the IP coming from a client to different firewalls. They are moving at the speed of light to realize a lot of strategic initiatives for Azure Firewall. It is one of the strategic items that Microsoft is working on.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Head of IT at NetRefer
Real User
Good pricing, useful features, and satisfactory technical support
Pros and Cons
  • "The solution has many useful features. For example, the solution allows users to create virtual IP addresses."
  • "The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks."

What is our primary use case?

Basically, our organization is using the solution to inspect the traffic. I'm using the solution as the main defense system prior to de-traffication on the NGX layer (layer seven). Then, of course, we're forwarding to the Kubernetes cluster.

What is most valuable?

The solution has many useful features. For example, the solution allows users to create virtual IP addresses. 

What needs improvement?

The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks.

There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it.

In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.

For how long have I used the solution?

I've been using the solution for six months so far. It hasn't been too long.

What do I think about the stability of the solution?

The stability of the solution is excellent. It hasn't failed. There are no bugs, glitches, or crashes. It's reliable.

What do I think about the scalability of the solution?

Azure uses an on-premises environment. I wouldn't use it for scalability purposes. In terms of scalability, our organization is much more inclined towards Fortinet's Fortigate virtual appliance rather than the Azure Firewall.

How are customer service and technical support?

We provide services to our clients and help them maintain the product.

However, we have contacted technical support several times. We've submitted tickets and dealt with technical support directly. Occasionally, it takes a long period of time for them to get back to us. It does depend on the severity of the issues. In terms of feedback and output they've provided us, we have been very satisfied. They can just be a little slow.

Which solution did I use previously and why did I switch?

We use both Azure Firewall and Fortinet solutions, including Fortigate. I personally find that Azure doesn't offer the same capabilities. Fortinet is better.

What's my experience with pricing, setup cost, and licensing?

I'm not sure of the exact pricing, however, I do believe it is less expensive than Fortigate.

For Fortinet, we pay around $5,000 per year. It offers more, however. It, for example, also improves the intrusion detection system. We bought a Fortinet appliance two years ago and Azure Firewall didn't exist at the time.

What other advice do I have?

We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company.

I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Technical Architect at a tech services company with 10,001+ employees
Real User
Provides a good link to Azure and SQL servers but should have groupings for servers
Pros and Cons
  • "The solution should be capable of self-scaling, which is one of the features we like about it."
  • "It would be nice to be able to create groupings for servers and offer groups of IP addresses."

What is our primary use case?

We use the solution as an internal firewall device.

What is most valuable?

The solution provides a good link to Azure and SQL servers.

What needs improvement?

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

For how long have I used the solution?

We have been using Azure Firewall for around a year. 

What do I think about the stability of the solution?

The solution has the same stability as Azure.

What do I think about the scalability of the solution?

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

How are customer service and technical support?

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

How was the initial setup?

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

What about the implementation team?

We handled the initial setup internally. 

What's my experience with pricing, setup cost, and licensing?

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Which other solutions did I evaluate?

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

What other advice do I have?

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Azure Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2024
Buyer's Guide
Download our free Azure Firewall Report and get advice and tips from experienced pros sharing their opinions.