Azure Front Door Reviews

We are an IT Infra and solutions service provider. We build customers' infrastructure, business solutions. I have built Azure Front Door services for the banking sector, manufacturing, and numerous customers to help utilize this Azure offering.

Use cases for Azure Front Door involve applications where customers' applications are public facing, and the customer's user base is basically spread across the globe, allowing different users to access the application from anywhere. They also want optimizations like CDN capabilities for their applications, enabling application pages to get cached at local POPs so that the website loads faster locally from the local cache. Azure Front Door facilitates this.

The most valuable features of Azure Front Door are the WAF module.

The WAF module, which stands for Web Application Firewall in the Azure Front Door Premium SKU, is very useful because it helps customers add an extra layer of security and http security features. It has rate limiting and somewhat DDoS capabilities, allowing customers to reduce the attack surface from attackers on their application. It helps enabling geo-blocking for specific regions, allowing only a few regions to access their applications, and I find it very useful.

Azure Front Door has intelligent routing features that exhibit good routing sense because when we configure the health probe and the weightage on the backend origin groups, Front Door balances the traffic toward different backend pools based on the weightage of the number of connections. It distributes the load evenly and based on weightage to the back ends, considering both latency and utilization.

The integration of TLS/SSL offloading in Azure Front Door significantly enhances both security and performance as it adheres to industry standards. Front Door can create a certificate itself for customers who need it, but if a customer prefers to use their own certificate, they can directly upload it or integrate it with Azure Key Vault. This allows customers to securely add their certificates to their applications, thereby incorporating transport layer security.

Azure Front Door's advanced routing rules for traffic management are highly effective. You can configure HTTP tags, change different header or header response values, configure origin domains, and add Layer 7 security using these routing rules. Additionally, you can exclude cache for certain sub-URLs within your applications. These routing rules provide a wide array of options for Layer 7, HTTP configurations.

Azure Front Door comes with Log Analytics workspace integration, allowing it to capture all logs. It features a nice dashboard for security and traffic analytics, offering insights on what kind of browser platforms users are utilizing, the cache hit percentage on Front Door, and the latency of the application, showing how users are hitting it, along with latency from Front Door to the backend servers. It enables users to determine load type and the performance of their servers, which benefit from Azure Front Door serving 70 to 80% of the traffic from its own cache, thereby reducing load on backend servers. The analytics also show stats and graphs related to the WAF module, detailing how many vulnerabilities have been blocked, the number of requests by country, and regions with the highest malicious traffic. Advanced users can build their own KQL queries in the Log Analytics workspace for deeper investigation of performance issues, if any.

DDoS capabilities in Azure Front Door could certainly be improved. Although Microsoft states it comes with basic DDoS protections out of the box, I find it often ineffectual in mitigating thousands of requests from a single source in a short span of time. User then have to rely on the WAF module where users must configure rate-limiting rules, as it does not automatically sense malicious spikes in traffic. I believe Front Door should have an out-of-the-box premium DDoS protection that can automatically detect and block malicious traffic.

I would appreciate improvements in the turnaround time for support, especially since issues with Azure Front Door are usually critical for businesses. If there is an issue, it often results in downtime for line of business applications. I have faced this situation multiple times as one of the largest financial institutions in India is hosted there, adhering to strict SLAs that require prompt responses.

I have been working on Azure Front Door for at least four years.

Azure Front Door is quite stable once the stabilization phase is completed, which may take three to four months to optimize the security WAF rules. Once stabilization is achieved, the service remains stable.

Azure Front Door is highly available and highly scalable. While I do not have specific stats to share, I have never encountered performance issues due to a lack of scalability. It has over 150 POP locations throughout the world, with many countries having multiple locations.

Microsoft support for Azure Front Door is good; I would not rate it as best in class, but it is acceptable.

I would rate Microsoft support for Azure Front Door as a seven on a scale of one to ten.

Positive

I have participated in the initial setup and deployment of Azure Front Door, remaining available from the proposal stage until delivery is completed, and I sometimes provide support too.

Azure Front Door offers good value for money. It is well-priced and well-placed within the market, even though there are some advanced third-party solutions available, such as F5 and Akamai. I have seen many big players in the banking sector also opting for Azure Front Door, which speaks about its value.

While it may not offer some of the advanced customization and granular controls available with certain third-party solutions like F5, I believe it deserves an eight rating for its capabilities.

There are two pricing models for Azure Front Door: standard and premium. The standard model does not include the WAF module, while the premium does. There are limits on the number of endpoints one can create, and the premium model provides more options for configuring multiple applications on a single Front Door instance.

On a scale of one to ten, I rate Azure Front Door an eight overall.

Our primary use case is Azure Front Door serving as a point of entry for web applications, providing exposure to the outside world.

There are not many features that I am aware of besides creating multiple paths for Azure Front Door, such as a base domain with multiple paths for several instances running without affecting the primary URL. This capability can be beneficial for testing non-live applications while keeping a live instance separate. Additionally, Azure Front Door includes a built-in web application firewall, which performs signature-based checks of the request payload, offering protection against common attacks or malicious requests.

The only significant adjustment required is with URL set parameters that need to be passed for an existing domain. I dislike the URL set parameters.

I have been working with Azure Front Door for fourteen months, but my experience has not been very hands-on.

Using an infrastructure as code (IAC) script with tools like Terraform or Ansible can facilitate ease of use. I rate Azure Front Door's stability a nine because it is easy to make updates through Azure Portal.

I consider the scalability of Azure Front Door to be strong, so I rate it an eight, as scaling can be done anytime as needed.

I find the technical support excellent, and I rate it a ten. I am able to set up a critical call with Microsoft, and they respond quickly to tickets with the highest severity.

Positive

Once the infrastructure as code for Azure Front Door is set up, the initial setup becomes smoother. I rate it an eight because everything becomes easier, and updating the IAC script is straightforward.

Azure Front Door offers a quick return on investment once it is set up. Whether managing custom domains or using Azure domains, it saves time compared to creating and maintaining a web server for domain management.

I am not sure about the pricing but believe Azure Front Door might require a higher cost due to its entry point nature.

Overall, I rate Azure Front Door nine out of ten. The main issue I encounter is with the URL set parameters, which are not very good.

I use the solution in my company as we have some web APIs. We use the tool to design, especially for our back-end tools. It is also used for routing protocols.

For ten years, I have been using Azure and many of its services. Azure Front Door is a wonderful tool that helps us write down whatever we do with API management. You can do the same things with Azure Front Door, as you can write some policies, but it will retire on March 31st, 2027. It has a lot of standard and premium versions as well, so we are good at using it.

In the tool, there needs to be a good amount of monitoring in the area of health probes to capture in front of what is happening.

I have been using Azure Front Door for two and a half years. I don't remember the version of the solution. My company is a customer of the tool.

It is a stable solution. I couldn't see any bug as of now. A few scenarios might be there, but it is a very stable tool.

There are more than 30 people in my company, including integration engineers, developers, and senior cloud consultants using the tool. We use the tool for health industry-related projects.

I have not contacted technical support for the solution. There was one scenario where Microsoft's article was needed for help.

If there is a need for manual deployment, and there are multiple solutions, you have to update, put your code, integrate them into CI/CD, and then do the deployment.

The solution is deployed on an on-premises and cloud model.

Considering the standard licensing of the tool, even though we have not checked the billing as of now, it might not be very costly. I never check the billing because there are different things to check on the cost.

My company chose Azure since it had some features that they wanted to use in order to get security, reliability, scaling, and availability. If there is any on-prem solution, we would have selected that, but there is no such solution available as of now compared to Azure Front Door. There might be some tools from AWS or GCP, but I have not explored them.

The tool can optimize web app scalability and routing. It can also manage my web traffic securely.

The tool is easy to use for beginners.

I rate the tool a nine out of ten.

The customer has numerous applications that need to be accessed over the Internet. To protect these applications and integrate them with DNS while implementing custom routes, we, the technical team, have decided to use Azure Front Door. It offers a cost-effective solution that meets these business needs.

It is for entertainment and B2C industries.

The integration with the GitOps team, linking a URL with another DNS, and port protection were all handled exceptionally well. They have a feature called bot protection. If someone tries to access the environment using an automated bot, this feature detects the behavior and blocks the attempt, preventing any potential Windows attacks.

They can lower the price. Lowering the price should encourage customers to use and adopt Azure Front Door, especially since some customers are not using any security features. Positioning the pricing for Front Door more competitively would be appealing, leading to greater customer satisfaction.

I have been using Azure Front Door for seven months.

Sometimes, adding more DNS records or custom DNS records causes problems. They have to work on this feature on the switch.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability an eight or nine out of ten.

The documentation is very proficient.

The initial setup is easy and without complications. It takes half an hour. You can provision it during deployment and configuration. 

A secure environment with easy-to-implement policies ensures that one can deploy whatever policy, like routing or something similar, for his environment inside one place.

It's a matter of value versus price. If we add more features and raise the price, it must remain justifiable. If we maintain the current set of reasonable features and keep the pricing competitive, Azure Front Door would still be a strong choice due to the balance between cost and quality.

It can be more appealing to more customers.

During our discussion with the internal Microsoft team about assessing our environment, they confirmed that we have sufficient security measures, especially regarding edge protection. Internally, we believe we are now certified. In the future, we could consider adding layer four protection from the firewall. Front Door combines CDN and WAF protection, so further enhancing its features could benefit both the customer and us.

We monitor the number of users attempting to access our IP or DNS servers. When designing the system, we initially needed to ensure our environment was protected with a WAF. However, WAF is currently too costly for us, so we created private links and connected them to Front Door.

Overall, I rate the solution an eight out of ten.

I use Azure Front Door primarily for two main purposes: a Content Delivery Network to cache web content and a global load balancer to distribute traffic to my backend services. 

The most valuable feature is that I can have CDN and load-balancing capabilities in a single service instead of managing two separate tools.

The tool should improve its cost. 

I have been using the product for two years. 

The tool is very stable. 

Our company's application uses the tool. My application owners and I are there, so around three to five people manage that application service. But all the internet applications run on that.

When setting up this particular environment, we needed some help understanding the CDN process, like how things work in the backend. So, we took one session with the Microsoft team. Everything was fine. Configurations were easy. We just needed to understand the functionalities. I was happy with the support team's results.

The solution is worth the money, but using these two tools (CDN and load balancing) separately will cost about the same.

I'd give Azure Front Door an eight out of ten. If you're interested in using Azure Front Door for the first time, you can understand what CDN is. There are different CDNs available within Azure. You can also check the Azure Load Balancer and proceed with Azure Front Door. It will be a step-by-step process. It was easy for me as a beginner to learn to use it.

 It serves as the primary means for our organization to make applications accessible securely over the internet. While we do have specific requirements for load balancing, our primary focus is leveraging it to securely and exclusively expose our applications to the internet.

We rely on external providers and their capabilities to address issues of patience externally. Specifically, we utilize glass protection and WAF policy for inspecting and safeguarding traffic. We leverage a specific capability to enhance our security posture, incorporating custom IP address rules. This allows us to restrict access from specific services, such as our corporate network, thereby bolstering our security measures. Additionally, we find value in using authentication mechanisms, specifically for the alert escalation process.

I find the WAF policy to be exceptionally valuable as it adds a layer of security protection to our applications. I particularly appreciate its load-balancing capabilities as it allows us to manage multiple instances and support a global presence effectively. From a performance standpoint, users can connect to the Front Door, and the load balancer directs them to the nearest origin location. This aspect has been a key factor in enhancing our user experience with Azure Front Door, making it a scalable solution that positively impacts performance.

My suggestion for improvement would be to enhance the Data Export feature to include specific tables, particularly the Azure Diagnostics table.

I have been working with it for three years.

The stability has been quite commendable, as we've rarely experienced any availability issues. It stands out as a reliable and robust service in our usage.

It adequately supports our requirements. It enables us to seamlessly add additional applications to Front Door without service interruption. This is particularly beneficial for performing maintenance on the original service, especially in multi-region deployments. Based on past experiences, we've been able to keep business operations running smoothly even during maintenance activities or similar events.

They consistently provide excellent support for us. Whenever we engage with them, their responses are typically prompt, and their assistance is consistently valuable. I would rate it nine out of ten.

Positive

Initially, for our cloud-based applications, we employed App Gateway. However, we have since shifted towards utilizing Azure Front Door wherever possible. This transition aligns with our strategy of encouraging application teams to adopt more platform-as-a-service solutions rather than relying heavily on infrastructure-as-a-service. The goal is to promote the consumption of edge services and similar offerings, reducing dependence on virtual machines for specific use cases.

I find it to be more complex compared to using Kaspersky Share in the past. Previously, a single employee could efficiently provision everything with Kaspersky Share, but with the transition to Azure, the process has become somewhat more intricate.

We are in the process of transitioning from Kaspersky to both the premium and standard tiers. The strategy involves provisioning a new Azure Front Door and subsequently redirecting the DNS names to the newly established one.

As of now, the return on investment is not yet measurable, as we are in the initial stages of transitioning. The move from the classic tier is driven by the potential phase-out and duplication issues, prompting us to proactively address these concerns.

The transition to the premium tier has led to increased costs, making it more expensive than the classic tier. However, we acknowledge that this pricing reflects additional features and capabilities.

Overall, I would rate it nine out of ten.

We need to use the Front Door to support our application globally. You have some users in Europe or Asia, or when on a different Internet, you can implement a Front Door, which is a good feature. You can skip all the traffic from the master guide implemented on the web. So this component is also secure, but the problem with the Front Door is the time latency.

When you are on different projects, and you need to expose the solution, like, from Tableau, planning a web application, a website, and you want to expose that website around the world, could be done with the help of Front Door.

The most valuable feature is that you can implement resources globally. It does not depend on location and ability or something like that. This is to connect clients around the world.

The user interface needs improvement as it is difficult to create the mapping to link the problem with your private address sources.

I have been using the solution for five months.

It is a stable solution. I rate the stability an eight out of ten.

It is a scalable solution. I would rate the scalability a ten out of ten.

The technical support team is good. I rate the support an eight out of ten.

Positive

The initial setup is easy.

I have seen a Return on Investment. If you want to reduce the cost, you can change your application gateway and start using a Front Door, and that will reduce the cost of your solution.

The pricing of the solution is good.

The advice would be to understand the context first, your situation, whether your final customers require a solution like Front Door, the budget of your project and so on. So based on that information, you can make a choice if you need to use the Front Door.

I rate the overall solution a nine out of ten.

The product needs to improve its latency. 

I have been working with the product for three years. 

My company has 25 users for the product. 

The tool's setup is hard. 

The product is expensive. 

The solution is good. I would rate it an eight out of ten. 

I use the tool for the website CDN and the integration of Azure. 

I am impressed with the tool's integrations. 

The product's features are limited compared to Cloudflare. The tool also doesn't work well in a hybrid environment. I would like to see a way to add personalized APIs in the system. 

I have been using the solution for about five to six years. 

The tool is stable. 

The solution is scalable. 

The tool's support is based on a contract. I have got good support from Azure. 

The solution's setup is a little complex. 

We have seen ROI with the tool's use. 

The solution is a bit expensive. 

I would rate the tool a seven out of ten. You need to pay attention to the difference between static assets and APIs. 

Our website is built through a Gatsby process and generic static files. All the static content for the site gets hosted in the CDN. We use Azure Front Door as an entry point for it.

The solution has improved our organization by allowing us to utilize the Rules Engine feature.

Rules Engine is a valuable feature. It is pretty easy to understand. It helps us to enforce HTTPS. We are also able to set up content security policies. Injecting the response headers for the content security policies is helpful. It prevents malicious intents. We basically tell the browser to only allow content from acceptable locations.

I ran into an issue when I was setting up the rules. There's a limitation on the amount of global rules we can add. Rules Engine takes one big long string when we input the values. For example, if I insert a header name and a header value, it's one big long string that gets truncated. It would be nice to see all of it, or it could be broken down into the actual values.

I have been using the solution for three years.

The tool's stability has been rock solid. We haven't experienced any outages.

We haven't had any scalability issues with the solution. We have one instance. We use the tool for a public-facing website. At our peak, we may have 400 users. We're hoping it reaches 1000 soon.

The documentation is excellent. I can figure out what I need through the documentation. I rate the documentation an eight or a nine out of ten.

We have seen an ROI on the solution. It's super helpful to be able to do the rules. It is also helpful that everything's in Azure. It's easy to use Azure and have it be part of our subscription.

We have to undergo a security evaluation. Without the rules, we wouldn't have passed the evaluation. The solution has helped us save time and money. We do not have to go through a whole build process and deployment to inject the security headers we need. We can add a rule and inject it simply. I recommend the product to others. The solution is great for my use case.

Overall, I rate the product a nine out of ten.