Azure Firewall Reviews

We use Azure Firewall for designing infrastructure for big data integration applications or for applications on Kubernetes. The firewall is only on the edge of our architecture.

The problem we were trying to solve was mostly around configuration. Azure Firewall is a PaaS offering, so it's not about the technical aspects. We need, of course, to know what threats need to be protected against, who should have access to the firewall, and which applications do have access. We also have to look at how it fits with centralized management. We also must be able to state if the solution we provide as a firewall is compliant with the standards of the organization and for auditing.

We use it in a mission-critical environment. It's highly secured.

It has made our solution safer, more scalable, and less costly because we don't have to take care of the technical maintenance.

One of the best features is that it natively integrates with Azure Services and tools. When you have a third-party offering, that is not the case. But Azure Firewall provides a comprehensive and seamless security solution for your Azure resources. The flawless integration is really nice with the Azure AD, Azure Monitor, and Azure Bastion. Everything fits together. If you use Sentinel, it's also good for that.

You can use Azure Firewall in every technical area. It's not branch specific, rather it's more architecture specific. Palo Alto also has firewalls that protect cloud infrastructure, but Palo Alto firewalls are fully managed by Palo Alto, giving you room to configure it more like you want to configure it. That gives you more options for manual deployment. Sometimes this works great when it comes to scaling or performance and can be an advantage. It depends on the use case. The option for doing a more manual deployment with Azure Firewall should be improved.

It doesn't always fit our requirements and we have to configure it further.

Also, Azure has new versions including a premium firewall. But I would like to see them not put the premium features on Azure Firewall Premium alone because it is quite expensive. For example, we use intrusion detection and prevention systems but only mTLS (Mutual TLS) inspection, which is not in the standard Azure Firewall, but it is in the premium version.

High availability can also be an issue, so there are several reasons to go for the premium version, but the standard firewall is too modest. It's more for an SMB. If you want to scale you should go for Azure Firewall Premium.

I have been using Azure Firewall for about eight years.

It's a very stable solution.

It's very scalable because it's a PaaS solution. If you have only one event or a lot of events, it scales.

When we have a really in-depth question when we are working in production or other environments, we use Microsoft standard support. Sometimes it's very good, and sometimes it could be better.

There is also go-live support.

Positive

We used Palo Alto. We switched because we needed to do the configuration manually. Another issue was the pricing. Azure Firewall pricing is based on a pay-as-you-go model, while the Palo Alto pricing includes the cost of the VM-Series license. It's a different usage model. 

The best choice depends on your specific needs and the level of security features you require. If you need more security features, then Palo Alto would be the better one, but if you want simple management and a cost-effective solution, Azure Firewall is enough.

I also used Fortinet FortiGate. It is very popular for the same reasons that Palo Alto is. I have also used Check Point CloudGuard and some of my colleagues use Barracuda and Cisco. Nowadays it's mostly between Azure, Palo Alto, and Fortinet.

It's a PaaS offering, always on the cloud. It's tightly connected to Azure. It's quite simple when it comes to creating it, but the configuration, the fine-grain specific needs, is more difficult. If you have a standard way of working, it would work very well. But when you have different applications and integrations, Fortinet might be a better choice.

Our implementation strategy is based on designing the architecture for the application. Then we look at cost estimation so that it fits into the budget. Then we implement it and maintain it and evaluate it yearly.

There is functional maintenance involved but not technical maintenance because that is done by Azure. Things like upgrading the OS are handled by the Capgemini and Accenture technicians.

We made use of Accenture and Capgemini. The Accenture team had about eight people and Capgemini brought about four. My team was four architects.

It's worth the money, it's not expensive, but it depends on the requirements of the organization. When you are in a smaller organization with smaller applications, Azure Firewall will do the job. But when you are in a big organization with different needs, you should go for Fortinet or Palo Alto.

The pricing of Azure Firewall is pay-as-you-go. Fortinet also has a pay-as-you-go model, but Azure's pricing is higher and, with FortiGate, you also have the license.

It's not that the price is always better with Azure, but if you want a simple solution, one you don't have to think about too much, go for Azure Firewall. 

There are different pricing models and it also depends on how much data transfer you have. If you have a lot of data transfer, I would go for other firewalls. Azure Firewall is not the best firewall, but it's the easiest firewall.

My advice is to start by trying the Azure Firewall, and if it's not working out, then go for Azure Firewall Premium or for Palo Alto or Fortinet.

One use case for the product is providing a secure channel for data storage solutions. For example, I have used it to establish channel-based security, restricting IP or MAC address access to ensure data security.

The primary benefit of the platform is enhanced security. It offers continuous updates and protection against threats, which would otherwise require manual patching and maintenance if managed on-premises.

The most valuable feature of the solution is its VPN capability, which allows for secure communication.

The product pricing could be more competitive.

I have been using Azure Firewall for approximately two to three years.

I would rate the product stability as a seven or eight. It depends on how well it is configured and implemented within the organization's environment.

About 150 users have access to Azure Firewall in our organization. It is a scalable product. 

The setup was straightforward.

The return on investment is positive. The cost of cloud-based solutions can be significantly lower, offering a 50% reduction in costs.

I rate the product pricing a five out of ten. 

Azure Firewall integrates well with multiple platforms. For instance, I have successfully integrated it with AWS Firewall to facilitate secure data migration between Azure and AWS environments.

I recommend implementing it to secure your data. Despite the misconception that cloud environments are inherently secure, it is crucial to configure and manage your firewall properly. 

I rate it a ten out of ten. 

I use Azure Firewall as an edge and data center firewall. It is primarily used for data center and edge firewall purposes.

The features of Azure Firewall that I find most valuable include DNS inspection, forward proxy, and security, particularly on the edge.

I would like the premium and standard features to be available on the basic package. Additionally, it lacks some functionalities when compared to competitors like Check Point and Fortinet, such as WAF or load balancing.

I have been working with Azure Firewall for five years.

I would rate the stability of Azure Firewall around a six out of ten, which indicates that there is some room for improvement.

I would rate the scalability of Azure Firewall also around a six out of ten.

I would rate Microsoft's technical support for Azure around a five.

Neutral

Initially, the setup for Azure Firewall was simple, but it was costly.

I would rate the pricing of Azure Firewall around a seven, with one being high and ten being low.

Solutions like Fortinet and Check Point were mentioned as competitors.

I would rate the overall solution around six out of ten. Functionality-wise, I prefer Fortinet, as Azure Firewall lacks some functionalities from other vendors.

One of the notable advantages of Azure Firewall is its user-friendly interface, which closely resembles or shares similarities with other Azure components. The abundance of well-documented resources, extensive help features, and a wealth of examples further enhance the usability of Azure Firewall.

It could potentially be more cost-effective. There is room for further integration of AI into the system.

I have been working with it for approximately two years.

It ensures reliable availability.

At my previous workplace, we extensively deployed Azure Firewall with four units, effectively serving the security needs of a sizable user base exceeding a thousand individuals.

Previously, we utilized Fortinet, but we made the transition to Azure because  Microsoft introduced advanced features and Next Generation functionalities into Azure Firewall, and we anticipate a seamless shift to Microsoft Azure, leveraging the convenience of managing multiple products effortlessly through it.

Overall, I would rate it eight out of ten.

I've been using Azure Firewall for one or two customers in the UAE to protect against security threats. It protects the Azure infrastructure and PaaS, applications, network, and ports. It's the same as the things we configure with other firewalls.

With Azure firewall, I can extend the security posture from 67 percent to between 75 and 80 percent.

The security of Azure Firewall is okay for smaller and medium-sized organizations. It has been integrated with the virtual WAN, which is a good way to protect multi branches for connection either through ExpressRoute or VPN.

The dashboard is fine because it's simple and easy to use. For junior admins who are joining an organization and want to learn something, Azure Firewall is the best way to go, as it gives them all the flexibility. It's not so customized. Whereas with Palo Alto, for example, you have to understand firewalls, and the security aspects, in a more in-depth way. Azure Firewall is easy.

It is easy for me to protect specific ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites. There are many features which are good enough.

Also, the documentation is awesome, no doubt about it. 

For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall.

I have been using Azure Firewall for almost three years.

It's absolutely stable because it's Azure. It has the redundancy and the resilience of the Azure Infrastructure Services. I don't think there is downtime with this kind of service. It probably has 99.95 percent uptime.

It should be scalable. That has to do with the backend and Azure takes care of all of that. We have 300 to 400 users.

We have an Enterprise Agreement and that means Microsoft support would answer any calls within half an hour's time, max. They get in touch with us if there is anything that is crucial. It is based on the severity when we create the request.

A Microsoft Enterprise Agreement is the best. I worked on many problems and issues when I was working for a government organization that had an Enterprise Agreement, and I used to get calls immediately. The issues would be resolved within half a day or, at the maximum, one day.

Positive

I haven't worked with other firewalls.

The initial setup is straightforward. There is nothing complex about it. Within 20 minutes, you have the firewall up and running.

Two or three people are sufficient for deployment and maintenance in a small organization. One should be at least a SOC analyst who understands security, and one could be an Azure admin with good knowledge of the Azure infrastructure, PaaS, and security aspects.

Azure Firewall comes with Azure native services. We did not buy any kind of license for it. Whether you have a free subscription or a pay-as-you-go model, you can deploy the Azure Firewall service. For any type of third-party service, like Palo Alto, or Fortinet, or Check Point, we would need to buy a subscription or licenses based on the users, but here it comes with the tenant when you purchase it. You are not going to spend extra money on it. The amount that you use will determine how much you pay.

The pricing of Azure, compared to third-party vendors, is good because it's Azure-native. It's affordable.

It's a common firewall. I haven't faced any issues or problems with it. In Azure services itself, there are other security implementations provided, to do with DDoS protection on the networks. There are certain firewall rules as well and things that we can deploy at the subnet level and on the NIC level. Along with Azure Firewall, other security services have been implemented. It's okay for small and medium-sized organizations that cannot afford to buy a third-party vendor or security appliances to protect their perimeter. Azure Firewall should suffice for them.

Also, as cloud administrators or architects, we are the ones who take care of the protection. As long the end-user is connected with the application, they're fine. To them, it doesn't matter whether we're using Azure Firewall or a third-party appliance. They don't know what is going on at the infrastructure level. They just want the application and the performance to be good.

For small and medium-sized organizations that are not ready to invest in a third-party firewall, and clients who are not so concerned about data security, Azure Firewall is the best solution. If a company needs more protection of, say, their email service, they could go with Proofpoint, an IaaS, or PaaS. For one of our large organizations, where they have financial services and a retail business, they went for a third-party solution along with Azure Firewall.

Overall, I would rate Azure firewall at eight out of 10. There are many advanced features in the other firewalls that are not available in Azure.

We used Azure Firewall to secure our cloud layer and integrate our on-prem servers. We also used it to build the QDM level for integration. Azure Firewall offers multiple SKUs, including Standard and Premium. I have experience with the Standard SKU, but not the Premium one.

Overall, I had a good experience with Azure Firewall, but there are some downsides. 

FQDN integration, especially the ability to integrate with Azure Active Directory domain services.

Azure Firewall can integrate with Azure services to access application data. I've also integrated it with Azure Monitor.  

From an integration perspective, it's very helpful. We can monitor both network and cloud traffic, which is a definite plus.

There are some downsides. One is the lack of built-in VPN capability. You need a separate Azure VPN Gateway for that functionality. Many customers compare Azure Firewall to their existing on-premises firewalls, which often have VPN capabilities. 

Additionally, Azure Firewall has some limitations in terms of threat signature coverage. There is a separate service for threat signature tuning, but it's worth noting this potential downside.

I would appreciate it if Azure Firewall included built-in VPN capabilities. It would be beneficial if Azure Firewall could replicate features that are available in other firewalls.

I used it for one and a half years.  

I do have some experience with other Azure services, though I wouldn't consider myself an expert.

I haven't experienced any stability issues or downtimes.

I work with both SMBs and enterprises.

I haven't needed to contact Microsoft so far.

I work with clients from multiple sectors, including private and government. We gather their requirements and provide solutions tailored to their needs.

Sometimes, we have to choose between Azure Firewall and third-party firewall options on Azure.

I haven't worked with other cloud firewalls extensively, but Azure Firewall compares favorably in terms of features. People can compare it to platforms like AWS or GCP to see the feature differences.

It's straightforward. If you have experience with Azure, it's not complex at all.

The deployment time depends on the requirements. We can deploy the firewall itself in about half an hour to 20 minutes. The configuration time will vary based on the customer's specific needs. The provisioning process is quick because it integrates with multiple roles.

The configuration process is straightforward. There is nothing complex. 

It is affordable.

I would rate it an eight out of ten, where one is the worst and ten is the best.

We implemented Azure Firewall to secure edges and gain access control to the internet for BNS and Bitcoin. It's used to access the internet in a safe way. It allows us to access services from Azure via the firewall within Azure.

With this technology, we were able to handle different projects in a smaller amount of time. The time-to-market has been much better since we implemented this solution. We have more agility, take less time to implement, and are able to set up faster.

The firewall policy control, URL content control, and antivirus are all the most valuable aspects. Threat prevention is as well quite good. 

The development area and QA area could be improved. With those improvements, we can improve projects and take even less time to implement them.

I've been using the solution for five years.

It is very stable. I don't remember having a fall or failure in this service. 

It is a good solution in terms of scaling. If we need to support more traffic or more bandwidth, the solution grows automatically. It's configured to grow.

My company has an enterprise contract with Azure, and that contract gives us the right to access very specific, very high-level support. We always have good support and a high level of support with Azure from those that specialize in different areas of Azure.

Sometimes the support is delayed as sometimes we have to connect with support abroad. Sometimes we are limited as our people do not always know English and there can be a language barrier.

Positive

We did not use a different solution. This is the first solution we've used and we'll keep the same solution for now.

I do not have direct experience with technical support. My colleagues in operations were involved in the setup. My role was to define and decide what kind of service we needed.

The deployment was in different regions, including in the USA and Virginia. It was a combination of on-premises and hybrid cloud between the two regions. 

I don't recall the solution needing maintenance.

My colleague and partner implemented the product. 

I have not seen an ROI.

The solution is cheaper than other brands. My company has an enterprise contract and we finally got a good price with Azure.

We evaluated Check Point and Fortinet.

It's simpler to implement Azure. It's simpler in terms of handling the license. With the other providers, in order to get support, it is necessary to sign a contract. With Azure, it's different. It's more agile and simpler to get service. The support is embedded in the service.

I'd rate the solution nine out of ten.

The solution is very simple to implement. In terms of the security policy, it's good. Previously, we had to define how the solution was used and we had to configure it. It's necessary to define and have a good plan as the solution is very fast to implement. The velocity has to be contained via having a good plan. You need to be very clear and very detailed. Be prepared and plan everything in advance. 

I used it for two of my clients. One of the clients used it for Azure Virtual Desktop implementation and for blocking the internet for the other applications in the IaaS. The use case for the other clients was also similar. It was put in there for holding up traffic and filtering traffic.

It provided ease of maintenance. If a new firewall was needed, we only had to run the pipelines for this. So, the maintenance was very easy.

It reduced work by 30%. It saved maintenance and operational costs by 15%.

The HTTPS Inspection feature was useful where HTTPS traffic is scanned before it goes over the line.

Its interface is okay, and it is very adjustable. I like IP groups and other things that you can do with it.

Rules management could be better. You have all kinds of rules, and they can put something better in place there.

There should be better monitoring and logging. Currently, it is put in Sentinel. It should be more seamless and from the interface.

It has been about two years.

Its stability is very good.

It is scalable. It was used across multiple regions. One of them had about 3,000 users, and the other one had about 5,000 users.

Their technical support is good. I would rate them an eight out of ten.

Positive

We used a different solution. We had on-prem Palo Alto. 

I was involved in its setup. I deployed it with Bicep pipelines. The maintenance was also via pipelines. Its setup was straightforward, especially with Terraform and Bicep. It was done in 10 minutes to 15 minutes.

It is a one-man job, but that is not our advice. It is better to have three or four people who have knowledge of the firewall system. If you have only one person and that person is sick, then you have a problem. You block the internet, and sometimes, you have to open it. So, it is better to do it with a small team. If there are a lot of changes, two to three people should be fine.

In terms of maintenance, there is only the maintenance of new ports or IP addresses, but that's operational management. That's not firewall management as such.

Our clients have seen about 25% return on investment.

It is expensive, especially with the premium functions.

For one of the clients, it was very expensive. You have to use it more at an enterprise level, and there, it was not at an enterprise level. So, it was very costly, but security-wise, it was a very wise decision to use it that way. 

The solution of Palo Alto and the other one, whose name I don't remember, were IaaS-based, but we wanted a platform as a service, and Azure Firewall is that.

If you have an ecosystem based on, for instance, Palo Alto, it would be better to use a Palo Alto firewall because they have one way of working and one interface, but if you have a greenfield deployment or your on-prem is old or legacy, then I would advise going for Azure Firewall.

Its basic features were enough for us. The single sign-on experience was also okay. We had no problem with that. If required, we can use Privileged Identity Management or MFA. All these features are there within Azure.

I would rate it an eight out of ten.