We performed a comparison between Azure Firewall and Palo Alto Networks NG Firewalls based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, while Azure Firewall is certainly a solid option, Palo Alto Networks NG Firewalls is equally good. Users of both products have been happy with the ROI results. What differentiates the two products is the stark difference in pricing, which may ultimately sway an organization’s purchasing decision.
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The customer service/technical support is very good with this solution."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The most valuable features of this solution are the integrations and IPS throughput."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"The feature that I have found the most valuable is the control over the network permissions and the network."
"Among the most valuable features are the DDoS protection that protects your virtual machines, the threat intelligence, and traffic filtering."
"It's auto-scalable, which is a great feature."
"I can easily configure it."
"In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies."
"Microsoft's technical support is very good. They're quite knowledgable and responsive."
"Azure's cost-effectiveness is its major advantage."
"The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."
"The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
"The most valuable features are application inspection and sandboxing. Application inspection decides where traffic is transmitted. If I have a perimeter report for a particular service, then other services or malicious services cannot use an open port. In this way, application inspection is doing a fantastic job. We also have a very good sandbox with almost no rate limit. It will inspect any file that comes in and goes out in a dedicated patch to identify malware. Therefore, these two things help me to protect our organization from any bad actors."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network."
"Application control, IPS, and sandboxing towards the cloud are the most valuable features. It is a very user-friendly product with a very easy-to-use interface."
"The interface is very nice. We generally like the UI the product offers."
"We have not had to replace hardware routers nor purchase additional hardware. So, that has provided a little bit of an ROI."
"Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The maturity needs to be better."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"It would be nice to be able to create groupings for servers and offer groups of IP addresses."
"For larger enterprises, they need to adjust the scalability."
"It needs a lot of improvement, especially on intruder detection. They are working hard on that."
"It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."
"An Azure firewall is not a real firewall."
"It has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB."
"They can improve the pricing of Azure Firewall."
"Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that."
"Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features."
"Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN. The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing."
"Support should be improved, wait times can be long."
"Need improvement with their logs, especially the command line interface."
"I would like to see better integration with IoT technologies."
"It's not so easy to scale out your security capabilities."
"We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it."
"I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Azure Firewall is ranked 20th in Firewalls with 16 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 76 reviews. Azure Firewall is rated 6.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Azure Firewall is most compared with Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW, Fortinet FortiGate and Cisco ASA Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Check Point NGFW, Meraki MX, Sophos XG and OPNsense. See our Azure Firewall vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.