IT Central Station is now PeerSpot: Here's why

Azure Firewall vs Palo Alto Networks NG Firewalls comparison

Cancel
You must select at least 2 products to compare!
Executive Summary
Updated on March 17, 2022

We performed a comparison between Azure Firewall and Palo Alto Networks NG Firewalls based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of Azure Firewall overwhelmingly agree that the initial setup is easy and straightforward. Palo Alto Networks NG Firewalls users say the initial setup is easy, but it can also be complex if your organization has a complicated environment or will be using a large number of the features.
  • Features: Valuable features of Azure Firewall include the intrusion detection and prevention system, network filtering, integration, security, connectivity, threat intelligence, virtual IP addresses, and auto scaling. However, reviewers feel that Azure Firewall could benefit from better scalability and a more user-friendly interface and that their reporting, logging, and monitoring features need improvement.

    The features Palo Alto Networks NG Firewalls users find most valuable are its stability, its unified platform, application identification, antivirus, vulnerability protection, URL filtering, SSL VPN, IPsec VPN, DNS security, and its machine learning capabilities. Despite all of these amazing features, reviewers say some features are buggy, their documentation could use improvement, and that its next-generation capabilities come with limitations.
  • Pricing: Users of Azure Firewall agree that the pricing is fair while users of Palo Alto Networks NG Firewalls say it is definitely an expensive investment.
  • Service and Support: Users of Azure Firewall mention that service and support is usually very good. However, there are some users who indicate that the response time can take a bit longer than desired. Most users of Palo Alto Networks NG Firewalls agree that the support is very good, some even giving it a rating of 8 out of 10.
  • ROI: Azure Firewall users have seen cost benefits, stating that you get better value for your money. Multiple Palo Alto Networks NG Firewalls reviewers have reported an ROI - some mentioning it has provided more efficiency and cost savings, and others saying it has given them complete visibility in the environment in terms of security. Still other reviewers of Palo Alto Networks NG Firewalls stated it has effectively reduced the workload on all of their networks and security tools, specifically because of its unified platform.

Comparison Results: Based on the parameters we compared, while Azure Firewall is certainly a solid option, Palo Alto Networks NG Firewalls is equally good. Users of both products have been happy with the ROI results. What differentiates the two products is the stark difference in pricing, which may ultimately sway an organization’s purchasing decision.

To learn more, read our detailed Azure Firewall vs. Palo Alto Networks NG Firewalls report (Updated: May 2022).
Buyer's Guide
Azure Firewall vs. Palo Alto Networks NG Firewalls
May 2022
Find out what your peers are saying about Azure Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: May 2022.
609,272 professionals have used our research since 2012.
Q&A Highlights
Question: What is a better choice, Azure Firewall or Palo Alto Networks NG Firewalls?
Answer: Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive. Palo Alto Networks NG Firewall is easy to configure and easy to upgrade, offering very good content control. It offers a parallel processing data plan, which makes the overall processes more efficient. Palo Alto offers blocking of undesirable URLs and also offers some threat hunt capabilities, which makes it better than other vendors. However, pricing can be high and support response can be a bit slow. Also, it only offers a cloud-based solution. For Azure Firewall you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Conclusions Although Azure Firewall is very user-friendly and offers good support, it can be very limiting if your operation is more global. We found that even though it costs more, Palo Alto Network NG Firewall was a better fit, as it offers a cloud-based solution and has threat protection capabilities that make it a better overall investment for our business needs.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""The implementation is pretty straightforward.""Firepower has reduced our firewall operational costs by about 25 percent.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.""We have not had to deal with stability issues.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."

More Cisco Firepower NGFW Firewall Pros →

"It's auto-scalable, which is a great feature.""I can easily configure it.""Azure Firewall's feature that I have found most valuable is its scalability.""The solution can autoscale.""The solution should be capable of self-scaling, which is one of the features we like about it.""The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats.""The feature that I have found the most valuable is the control over the network permissions and the network.""I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."

More Azure Firewall Pros →

"The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.""Ability to log each and every application.""Overall, it is a good solution. It is stable. We use URL filtering, which is useful for blocking undesired URLs.""You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors.""We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature.""Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens.""It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand.""The graphical interface is easy to troubleshoot because it has a drill-down sequence. It is easy to monitor traffic."

More Palo Alto Networks NG Firewalls Pros →

Cons
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.""The performance should be improved.""Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing.""I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""The ability to better integrate with other tools would be an improvement.""Most of the features don't work well, and some features are missing as well."

More Cisco Firepower NGFW Firewall Cons →

"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.""It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide.""The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved.""You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.""They can improve the pricing of Azure Firewall.""For larger enterprises, they need to adjust the scalability.""Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.""The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto."

More Azure Firewall Cons →

"The cost of the device is very high.""We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team.""I would like a collaboration system and reporting ASA policy needs to be smarter.""The areas that need to improve are network protection and user identification.""Interface could be improved visually and simplified.""Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN. The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing.""There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better.""The pricing could be improved upon."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
  • "Azure Firewall is quite an expensive product."
  • "The licensing module is good."
  • "The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
  • "It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
  • "Azure Firewalls operate on a pay-as-you-go model, similar to cloud services."
  • More Azure Firewall Pricing and Cost Advice →

  • "The pricing is competitive in the market."
  • "This is an expensive product, which is why some of our customers don't adopt it."
  • "The product is expensive compared to competing products but uses a similar type of pricing model based on hardware, software and maintenance."
  • "It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription."
  • "It is a little bit expensive."
  • "The NG firewall is an expensive solution."
  • "This is an expensive product and there is a subscription cost."
  • "Its price can be better. Licensing is on a yearly basis."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    609,272 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Top Answer:The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS protection for the virtual machines on your network. It also provides fast and efficient east-west and north-south traffic security.

    Azure Firewall is a managed, cloud-based network security service built to protect your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

    Azure Firewall has two significant offerings, Standard and Premium.

    Azure Firewall Standard works directly with Microsoft Cyber Security and supplies excellent L3-L7 filtering and threat awareness. The proactive real-time threat awareness will quickly alert you and immediately deny all traffic to and from any known problematic or suspicious domains or IP addresses. Microsoft Cyber Security is updated continually to protect against all new and known potential threats at all times. To learn more about Azure Firewall Standard, click here.

    Azure Firewall Premium provides everything the standard version does, and additionally adds extra levels of data encryption, network intrusion detection, extended URL filtering, and Web category filters. To learn more about the added features of Azure Firewall Premium, click here.

    Key Benefits and Features of Azure Firewall:

    • High availability - You do not need load balancers with Azure Firewall; it's already built in and ready to go.
    • Self-scalability - Azure Firewall is intuitive and will auto-scale as needed based on traffic flow to be ready for peak traffic times.
    • Threat awareness - Using Microsoft Cyber Security to filter traffic, Azure Firewall will deny any known problematic threats to keep your network safe.
    • Additional IP addresses - You can securely add up to 250 public IP addresses with Azure Firewall
    • Improved web category filtering - You can set up specific protocols to allow or deny categories within websites that are deemed inappropriate for use within your network. You have the ability to organize categories based on a defined set of descriptions.

    What our real users have to say:

    Many IT CEntral Station (soon to be Peerspot) users found Azure Firewall to be very user-friendly and easy to use. They liked that it offers seamless integration to the cloud and were especially pleased with the threat filtering options.

    Regarding integration and threat intelligence, our users wrote:

    “The most valuable feature is the integration into the overall cloud platform.”

    The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats.”

    I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.”



    Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

    Palo Alto Networks NG Firewalls Features

    Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

    • Secure Application Enablement (App-ID, User-ID, Content-ID)
    • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
    • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
    • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
    • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

    Palo Alto Networks NG Firewalls Benefits

    There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

    • Dedicated management interface for managing and initial configuration of the device
    • Regular threat signatures and updates
    • Import addresses and URL objects from the external server
    • Configure and manage with REST API integration
    • Great throughput and connection speed is fair even in high traffic load
    • Deep visibility into the network activity through Application and Command Control
    • Easy to manage and very user friendly

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

    A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

    PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

    Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Azure Firewall
    Learn more about Palo Alto Networks NG Firewalls
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Information Not Available
    SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Comms Service Provider28%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm31%
    Government15%
    Manufacturing Company15%
    Computer Software Company15%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Comms Service Provider19%
    Government6%
    Financial Services Firm5%
    REVIEWERS
    Comms Service Provider19%
    Computer Software Company19%
    Financial Services Firm13%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company24%
    Comms Service Provider21%
    Government6%
    Energy/Utilities Company5%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise26%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise55%
    REVIEWERS
    Small Business21%
    Midsize Enterprise17%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise18%
    Large Enterprise61%
    REVIEWERS
    Small Business37%
    Midsize Enterprise30%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise19%
    Large Enterprise57%
    Buyer's Guide
    Azure Firewall vs. Palo Alto Networks NG Firewalls
    May 2022
    Find out what your peers are saying about Azure Firewall vs. Palo Alto Networks NG Firewalls and other solutions. Updated: May 2022.
    609,272 professionals have used our research since 2012.

    Azure Firewall is ranked 19th in Firewalls with 16 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 77 reviews. Azure Firewall is rated 6.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Azure Firewall is most compared with Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW, Fortinet FortiGate and Cisco ASA Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Check Point NGFW, Meraki MX, Sophos XG and OPNsense. See our Azure Firewall vs. Palo Alto Networks NG Firewalls report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.