We performed a comparison between Azure Firewall and Palo Alto Networks NG Firewalls based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, while Azure Firewall is certainly a solid option, Palo Alto Networks NG Firewalls is equally good. Users of both products have been happy with the ROI results. What differentiates the two products is the stark difference in pricing, which may ultimately sway an organization’s purchasing decision.
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The implementation is pretty straightforward."
"Firepower has reduced our firewall operational costs by about 25 percent."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"We have not had to deal with stability issues."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"It's auto-scalable, which is a great feature."
"I can easily configure it."
"Azure Firewall's feature that I have found most valuable is its scalability."
"The solution can autoscale."
"The solution should be capable of self-scaling, which is one of the features we like about it."
"The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."
"The feature that I have found the most valuable is the control over the network permissions and the network."
"I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."
"The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks."
"Ability to log each and every application."
"Overall, it is a good solution. It is stable. We use URL filtering, which is useful for blocking undesired URLs."
"You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors."
"We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature."
"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."
"It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand."
"The graphical interface is easy to troubleshoot because it has a drill-down sequence. It is easy to monitor traffic."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The performance should be improved."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The ability to better integrate with other tools would be an improvement."
"Most of the features don't work well, and some features are missing as well."
"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."
"It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."
"The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved."
"You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."
"They can improve the pricing of Azure Firewall."
"For larger enterprises, they need to adjust the scalability."
"Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate."
"The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto."
"The cost of the device is very high."
"We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team."
"I would like a collaboration system and reporting ASA policy needs to be smarter."
"The areas that need to improve are network protection and user identification."
"Interface could be improved visually and simplified."
"Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN. The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing."
"There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."
"The pricing could be improved upon."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Azure Firewall is ranked 19th in Firewalls with 16 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 77 reviews. Azure Firewall is rated 6.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Azure Firewall is most compared with Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW, Fortinet FortiGate and Cisco ASA Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Check Point NGFW, Meraki MX, Sophos XG and OPNsense. See our Azure Firewall vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.