Azure Firewall Reviews

We're SaaS providers. We use these firewalls to route our traffic from our partner to us.

Among the most valuable features are the

• DDoS protection which protects your virtual machines
• threat intelligence 
• traffic filtering.

If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.

The cloud team in our company has been using Azure Firewall for about two years, but I'm in the security team and I've been using it for a year. We're using the regular version, not the Premium version.

The stability of Azure Firewall is fine. I've never seen it go down.

There may be issues with the scalability, but I haven't tested it yet. When you test it in preview mode it's only around 3 to 3.5 Gbps.

The support from Microsoft is good.

Positive

We started using it because we were new to the cloud and, at that time, we didn't have options. We started using whatever came with Azure. Now that we have started to grow, we have started exploring other options.

We have different business units and each one has one person for deployment and maintenance of the solution.

We have looked at Azure Firewall Premium and at Palo Alto's firewalls.

When we did the comparison we found the regular version of Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.

We're looking at switching to Palo Alto virtual firewalls, but we want to make sure that what we switch to is compatible with our environment.

Azure Firewall is fine, but it's not suitable for our organization and that's why we have decided to move away from it.

Azure Firewall's feature that I have found most valuable is its scalability.

In terms of what could be improved, it lacks a couple of features which are available in the other marketplace products, but it is stable and it performs most of the basic functions that are expected from a normal firewall.

When we deployed we did not have a centralized management of multiple firewalls. Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either. 

Other features I would like to see are intrusion prevention, URL filtering, category-based URL filtering and other advanced features.

Overall, the configuration can definitely be improved.

In terms of the overall product architecture, if the management and the architecture of the product could support back-to-back firewall architectures so that I could use Azure Firewall in combination with another firewall, that would be one point which would help this product be used more and in a better way.

Again, if the Azure Firewall could be accommodated as a back-to-back firewall, meaning if it could work as a firewall which handles the inbound traffic from the internet, which is an NVA, or a network virtual appliance, and we could reroute the traffic to Azure Firewall, that would be good. But as of now, there is no routing options in Azure Firewall.

I have been using Azure Firewall for eight months.

We are not using the latest version since we deployed it quite some time back.

Azure Firewall is quite stable.

We have thousands of people using it.

Technical support is okay.

Azure Firewall has an easy installation.

I would only recommend Azure Firewall depending on the requirements. If it is an enterprise that has basic requirements and needs to do packet filtering and a certain level of intrusion prevention, so for the level of IP whitelisting, it's a good product.

It is easy to manage and it is scalable.

On a scale of one to ten, I would give Azure Firewall a six because of the configuration issue.

In terms of NAT configuration, the configuration management is one issue. Another issue is intrusion prevention with the NAT configuration and the URL category-based filtering features. The ease of manageability and the ease of configuration of these features could be easier.

We mostly utilize the solution for effectively controlling the networks.

The ability to provide better control of the traffic is the solution's most valuable aspect.

The solution is stable.

The solution can autoscale.

The initial setup is pretty easy.

Technical support has been good to us so far.

The solution isn't missing features per se.

Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.

There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.

I've been using the solution for one year.

The stability of the solution is good. We haven't had any issues. It's a managed service.

The solution is autoscalable. It scales based on your deployment and/or based on your loads, due to the fact that it's a managed service. A company that expects to expand shouldn't have a problem scaling with this solution.

We have about 50-100 users on the solution currently. We may increase usage in the future.

We've had some experience with technical support from Azure. We've found them to be quite good and are satisfied with the level of service that's been provided. I would say they ar knowledgeable and responsive to our queries.

Before Azure Firewall, I used to work on a VPN-based firewall. 

The solution doesn't have a complex installation process. It's pretty straightforward to implement. When we went forward with the solution we didn't face any setup issues.

Our initial deployment took about three months, and, now that it's a managed service, we've handed the deployment over to them.

I'm not sure how many staff members we used for deployment and how many handle any maintenance aspects.

While we handled the initial implementation, we get Azure to handle the deployments for us. We didn't use a reseller or a consultant to assist with the deployment.

We're just a customer at this time. We don't have any kind of special business relationship with Azure.

I'm not sure which version of the solution I'm currently using is.

I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.

On-premise to cloud <-> Cloud to on-premise

Managed service.

Scalability, multi-zone and FQDN TAgs.

In a future release, it could be empowered by combining with Azure Private DNS and Front Door.

We've been using the solution for 1 year

The solution is very stable. When comparing it to other environments, it's actually quite impressive.

The solution is scalable.

We deal with technical support on a regular basis. I'd rate the service we've received ten out of most of the support tickets. 

We use several solutions.

Unfortunately, I don't handle the finances or payments for the solution, so I can't compare to others.

FortiGate - also nice solution...

We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary.

The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.

Azure Firewall makes up part of our security solution. We use it internally but we are a consulting company and also advise our customers on the use of it.

The most valuable feature is the integration into the overall cloud platform. The orchestration is very easy using automation with APIs and scripts.

Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group.

Tagging is supported but not on the instances, which is something that could be improved.

The selection of the internal resources into the ruleset could be improved.

Support for layer-seven application filtering should be added because it is not there yet, at all.

It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement.

The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.

I have been using the Azure Firewall for about one year.

The stability is excellent.

The scalability is very good and you don't have to think about sizing, as in the case of a traditional firewall where you have to think about the throughput. With Azure Firewall, it scales automatically.

We have customers ranging in size from small to enterprise-level organizations. One of them is a large company with 40,000 users on Azure Firewall.

We use the customer support that our customer has access to. If they have enterprise support then we use it, whereas if they do not then we use standard support.

Personally, my experience with Microsoft support has been very good. Their professionals are very quick to respond and they have good feedback. They also have very good support forums and the documentation is fairly good. 

I have experience with similar solutions by Palo Alto and Fortinet. With the inclusion of more advanced features, Azure Firewall will be on par with these products.

The initial setup is straightforward and very easy.

My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment.

There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable.

This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement.

I would rate this solution a nine out of ten.

High availability is built in, so no additional load balancers are required and there's nothing you need to configure 

Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability

You can limit outbound HTTP/S traffic or Azure SQL traffic (preview) to a specified list of fully qualified domain names (FQDN) including wild cards. This feature doesn't require TLS termination.

You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections

Threat intelligence  -based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains

Inbound Internet network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks.

They can improve the pricing of Azure Firewall. 

I have been using this solution for maybe one year. We are a gold partner with Microsoft.

It is stable.

It is scalable. We have around 200 users, and we have around 10 members for maintenance.

It is easy to set up. It took around 1 hour.

Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it.

One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall. 

Azure Firewall is the best to use with all Microsoft solutions. I also use Fortinet, Sophos, and Cisco. It's about the client's priority, that is, what they request.

I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. 

I would rate Azure Firewall an eight out of ten. 

I like its order management feature. It doesn't have the kind of threat intelligence that Palo Alto has, but the order management makes it much simpler to know the difference.

The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto.

I have been using Azure Firewall for around six months.

It seems stable, and I haven't had any issues.

We don't have to bother about scalability at all as Microsoft fixes it. It's much simpler and the reason why I like it.

The initial setup is simple. 

I would definitely recommend it.

On a scale from one to ten, I would give Azure Firewall an eight.

I design the architecture and it's an extension of the on-premise that we house on the cloud. We secure the entry point to the virtual data center with the firewall.

There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive.

I have been using Azure Firewall for two years. 

To date, I haven't had any issue and I didn't have a requirement to scale, at this stage.

The initial setup is straightforward. We define the setup on templates, we haven't had any specific issues.

I would rate it a six out of ten. It's good enough but it's not as good as other virtual appliances. It's good enough.