Azure Firewall Reviews

We mostly use it as part of a hybrid cloud solution. For example, for a client with on-premises and cloud solutions, our recommendation is that Azure Firewall be used.

All its features are good. That's why we recommend it.

In terms of features, it is great, but it has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB.

I have used it for projects over the last 12 months.

It is stable.

It is scalable. 

The price is okay. Microsoft even gives a discount nowadays.

It needs more features so that it is comparable to Fortigate and other companies.

I would advise people who are interested in Azure Firewall to find the people who can implement it, because not everyone is able to do everything in the proper way. Some people will go ahead and do the configuration but it's not the right configuration. The client will start to have issues and will start to complain about the product. But the problem is not the product, it's the implementation itself. The person who did it wasn't knowledgeable enough.

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

It needs a lot of improvement, especially on intruder detection. They are working hard on that.

I am an experienced Azure architect. I have more than 30 years in this field. I don't do operations anymore, although I know how to configure things.

I have just done the design on a project for General Electric, with Azure Firewall.

It's very stable. Microsoft will not put something out there that is unstable.

Another big benefit of Azure Firewall is the scalability. You can grow it to meet the load of traffic. With a virtual appliance-based solution from Palo Alto or Cisco, you need to add another one to scale.

Their tech support is great. They are very helpful. They can be involved in the design.

The initial setup is a piece of cake. You just provision it. You need to know your requirements because there are two versions, Standard and Premium, which affect your costs.

One of the benefits of Azure Firewall, while it is not mature yet, is that the total cost of ownership is much less than Palo Alto, Cisco, or any other brand.

When people look at the cost of Azure Firewall, they think, "Oh, it's pretty expensive." But when you base it on the total cost of ownership over a period of time, you have to look at the scalability and the fact that, if you already have Microsoft support, it is included for Azure Firewall automatically. When you add in the integration and the management, it comes out to much less than virtual appliances.

I would highly recommend it if your design needs Azure Firewall. It might not need it. It might be that you could use an application firewall and that the application gateway will be more than enough.

They're working on a distributed solution so that it's not that you just have a virtual network and one firewall. They really want to have more than one entry point into your environment, with ways to orchestrate it, with the IP coming from a client to different firewalls. They are moving at the speed of light to realize a lot of strategic initiatives for Azure Firewall. It is one of the strategic items that Microsoft is working on.

It is associated with our web resources, such as PaaS applications. I don't use it that much. I spend way more time working with function apps or something else on the Azure platform.

I am using its latest version.

I can easily configure it.

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

I have been using this solution for four years.

I don't get into any kind of real scale configuration. There might be bugs that I don't know because I just use the general configuration.

I can't say about scalability, but we have 20,000 employees.

I have not used their technical support.

Most of the time, I've used Azure Firewall for cloud services. We also have AWS, and then, of course, we have hardware firewalls on-premise, but I haven't worked with anything.

It is pretty straightforward for what I'm using it for.

I would rate Azure Firewall a seven out of 10.

I have deployed Azure Firewall for a couple of my clients. They primarily use it for protecting their workloads and limiting incoming connections.

I also have a subscription but I use it primarily for testing.

The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats. It can easily detect threats and I have customers that have experienced this.

The malware signatures are updated automatically, which is helpful for new customers.

Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors.

The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved.

The visibility is much less with Azure Firewall than it is with other products.

I have been working with Azure Firewall for two years.

This is a firewall that I implement for my SMB customers. For example, one of my recent deployments was to a user base of between 300 and 500 people. In fact, it was their DR site, so there was no regular user traffic. The real-time users enter that site typically for maintenance.

 My enterprise clients normally choose to implement SonicWall NSV.

I have not had the opportunity to fully test the scalability but I can't see any limitations to it at this time.

I have opened a couple of cases with Azure and the technical support was fine. There were no issues with it.

I have experience with several other firewalls including FortiGate and Palo Alto.

Another product that I have sold to my enterprise customers is SonicWall NSV.

Compared to other firewall products, the setup is complex. I have faced problems setting up the DNAT, and there are some issues with setting up the certificates. I have also had trouble with service tag issues.

The basic deployment takes one day or two days at the maximum. The fine-tuning, where we have to monitor and identify the proper traffic, takes place over two or three weeks. Fine-tuning is an extensive part of it. It is important that the configuration is set up correctly.

We deploy this solution for our customers but they are responsible for the fine-tuning to their environment. I deploy it for our clients but I have another colleague who does it, as well.

Overall, this is a good product and we will continue working with it.

I would rate this solution a nine out of ten.

We use it to protect the Azure space and to be the bridge between on-premise and the cloud.

When I have had a site-to-site VPN set up and configured, and would use it to allow ordinary traffic from the on-premise device to the cloud and from other third-party suppliers to the Azure platform.

We also use it to provide connectivity to various network security groups that have been created within Azure.

I would say that this solution is really good compared to other solutions that we have had before. We would have used the FortiGate firewall in the Azure space. 

We find this process was quicker. It would get a faster turnaround time once we would generate and modify the firewall rules. Because of the visibility, we would have seen it. When compared to FortiGate, it would get a bit more visibility in terms of integration with the security center so that we would be able to review based on overall posture, see what needs to be fixed, or what changes need to be made. 

The turnaround time turns off rules and any gaps that exist would increase the turnaround time for that as well. It would also help us to increase our response time and reduce our attack surface by 20% so far.

With the recent upgrade to the premium version, it facilitates IP Groups, URL filtering, TLS inspection, IDPs, and the Web Categories.

Before using the premium version, a lot of our customers had concerns with the URL filter, where you would not be able to allow or block a specific URL. The feature set without a premium version would only allow you to do it via IP address, which is tedious.

At times, many of these vendors would be using some kind of CDN solution. It would be the case where multiple IPs appear, changing behind the URL when it would be easier if you're using the URL feature. The URL maps onto the IP address and it would be the easiest way to do that.

I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.

Many other vendors, when you do not have the license for the IP at some point, then you would be left not being able to do any prevention. The fact that the premium version includes this is good.

The TLS inspection allows you to decrypt the outbound traffic and encrypt data. Otherwise, we would have been using our third-party vendors, and whatever solution is within Azure.

With the various business units, we will be reaching out to other solutions there are in the web category to reduce the attack surface to see if this is a category that is alone or not.

The fact that Azure also ties into a security center is another good feature. You can also get rid of that visibility because of the tight integration with these Azure products.

We had an instance where it wasn't processing the rules and we had to engage Microsoft to resolve that issue. Microsoft Support needs to improve its response time.

For larger enterprises, they need to adjust the scalability. This is the only issue that I'm have found that it attributed to the two weeks of downtime we had experienced.

They need to offer either a scaled-up or scaled-out version or versions for larger enterprise companies.

This would greatly improve the solution.

I have been using Azure Firewall for approximately two and a half years.

I have recently upgraded to the premium version.

Azure Firewall is pretty stable. 

I believe that they listen to various sponsors, which is why they were able to release the premium version. It is a more established firewall that vendors now have. 

I'm seeing where they have met up with the dynamics of the market, and I am expecting that they will be a leader sometime in the near future.

They need to find a way to scale it out or scale it up a bit more. The scalability, it's okay, but it needs a lot more improvement. For a regular customer that's utilizing it, that's good, but for large enterprise companies, it is not as good.

The industry is telecoms. We have millions of customers. For that type of environment, they need better and more scalability.

We haven't totally assessed the premium version to see if the new features offer greater scalability. 

We utilize it across the cloud estate. We plan to expand our subscriptions. Most definitely, we will increase our usage.

Recently, we transitioned to the premium version, which will be extended to the other subscription once it has been rolled out across 32 countries, and with more instances, it will be rolled out across various continents.

The turnaround time in resolving the issue where it wasn't processing the rules is an area that needs improvement. It wasn't resolved in a timely manner.

Microsoft support took a bit of time to assist us in resolving that issue. It created a bit of downtime for us and it was longer than we expected. 

I would say those would be the cons so far when utilizing it.

I would rate the Microsoft support a five out of ten because they did not respond in a timely manner and the impact it caused in terms of the downtime it created for us. We were down for a week or two during a high-impact period.

They were assisting us but it took a good amount of time to get it resolved when we needed to be putting out things daily. Two weeks is a long time for a fast-paced environment. 

Previously, we were using FortiGate Firewall. We switched because of the migrating of the Security Center and the ease of use. The cost was also considered.

The initial setup was straightforward.

We had another tool which was FortiGate. We migrated from FortiGate to the Azure Firewall.

It was a straightforward migration.

The deployment took approximately three to four weeks.

The implementation strategy would include copying over rules, ensuring that all the services are able to run, and also ensuring that both firewalls were running in parallel. Until we are sure that the Azure Firewall can handle the workload, both firewall products will continue to operate.

After that, we were able to power down the virtual appliance that was on the FortiGate Firewall.

We had it running for quite some time, approximately a month and a half. Because there were no issues, we stopped using the FortiGate Firewall altogether, once that process was complete.

We have a server team, a cloud team, and a network team to administer and maintain this solution. It's approximately eight to ten people, some are network security engineers, a network security manager, and network engineers.

There have been some cost benefits as well. When using another vendor in comparison where you bring your own license, the cost would have gone down. It's more cost-effective to use the Azure Firewall along with the premium version than using a third-party as an option from the marketplace. I would say that as well, where it gives you better spend in terms of OPEX. It's better value for your money.

The licensing module is good. Pricing is one of the reasons we switched to this solution.

For smaller businesses, they could probably put one or two features from premium into the regular standard versions. For example, that URL filtering is a pain point for many customers. 

If they could find a way to scale down that URL and the IPs feature to include it in the standard version, then that would allow them to get more traction and more customers from the small to medium-sized business perspective.

We were using Check Point mostly. We had decided to move to FortiGate, and then we moved to Azure Firewall. 

We did not go with Check Point because of the premium features such as the URL filtering, and the TLS inspection included with Check Point cost a lot more. This was the reason we chose the Azure Firewall.

It's a solid solution. I would tell anybody to definitely give it a try, and consider it as one of the options when looking for a firewall to use in Azure space.

I would say if they can go for the premium version upfront, rather than starting with the standard version, then trying to transition to a premium version. It addresses a lot of the issues and concerns in this space today. They should start with the premium rather than upgrade. Once they can afford it, go straight to premium.

I would rate Azure Firewall an eight out of ten.

We use the solution as an internal firewall device.

The solution provides a good link to Azure and SQL servers.

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

We have been using Azure Firewall for around a year. 

The solution has the same stability as Azure.

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

We handled the initial setup internally. 

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten. 

We are currently working with Microsoft, trying to develop a new solution which is based on VeloCloud. It's an SD-WAN solution. This product has not been launched in China yet and we still have some work to do. I'm the company owner and five of my team use Azure Firewall. It's a startup team and I work with Microsoft directly.  

The most valuable features of the product are its great security and connectivity. 

The interface could be improved, it's not very user friendly. They are now trying to compete with a new Chinese domestic public cloud provider which has more features. It's difficult to find the ports on the current interface, but it's easier with this new provider. 

We're looking to provide a better routing, or something like an SD-WAN solution that can improve the user experience. I think that's something Azure can do as an additional feature. There are five Azure clouds: Two belong to the US government and one is worldwide. Then there is Germany Azure and China Azure. China Azure is barely able to communicate with the rest of the world, and that connectivity issue needs to be looked at in detail and a solution found.

I've been using this product for three years. It's an online platform so you're always getting the latest version. 

It's a stable product. I've recently spent a lot of time on Palo Alto Firewalls and compared to that I would say that Azure Firewall is still a better firewall. They provide more and more features like SD-WAN or the cloud standard box feature.

I'm satisfied with the technical support overall. I generally chat with the Microsoft team on the phone. 

I'm still using Palo Alto, Cisco ASA, Fortinet, Check Point and Juniper. Basically I use all of them. For small businesses with one standard, though, I would recommend Azure Firewalls. It's quite simple and easy to implement the whole security policy. For medium and large enterprise companies, however, they already have their on-premise firewall devices implemented. Users are trying to centralize their firewall security management and they prefer it to using virtualized firewalls like Checkpoint Virtual Firewall or Fortinet Virtual Firewall. That way, they can leverage their user technology capability, and try using a single interface to manage those devices. 

From the virtual machine perspective, it's quite easy to set up. You can choose the image file from the public market, and then you can setup. However, the account, the Microsoft Azure identity, the whole creation process was very complex and it is not that user friendly. Users usually use their Azure ID, as well as sometimes providing the live ID. That's a second ID, and it confuses people.

The network firewall is a complex project, you have to review all the requirements. It's possible that sometimes the Azure Firewall won't be able to support some things because they customize their applications and they may not meet with the Azure Firewall's features. Each user has unique requirements on shaping or manipulating network traffic. I wouldn't recommend any product without doing the research.

I would rate this product an eight out of 10.