We changed our name from IT Central Station: Here's why
Get our free report covering Microsoft, F5, Amazon, and other competitors of Microsoft Azure Application Gateway. Updated: January 2022.
563,208 professionals have used our research since 2012.

Read reviews of Microsoft Azure Application Gateway alternatives and competitors

Vinamra Singhai
Principal Engineer at Nineleaps Technology
Real User
Top 5
Use this product to make it possible to deploy web applications securely
Pros and Cons
  • "This product supplies options for web security for applications accessing sensitive information."
  • "The technical support does not respond to bugs in the coding of the product."

What is our primary use case?

There are two things that we primarily use AWS WAF (Amazon Web Services Web Application Firewall) for. One use is within the company. Within the company, the intended use is to deploy our applications. It is like working with the cloud. We can start an application in S3 (Simple Storage Service), and use profiles for access to data.  

The other use is that most of our clients use a similar infrastructure. They are either using AWS, Azure or maybe Google Cloud Platform (GCP). We deploy this solution for them.  

Both uses are different. One is for the cloud solutions like AWS, Azure and GCP, and one is for the local server access. That is how you want to secure a server. You are securing a server, database, app servers, and ATA gateways. The other one is for implementing security for the AWS. You want to have both running side-by-side.  

Let me give you an example. Suppose, most of the people working for your company are connected from external locations with company-provided laptops or systems. I want to check all devices to make sure that they are being used in a secure way and not creating any breach of security. Those checks cannot be taken care of reliably from the AWS perspective. This is why you need two solutions.  

What is most valuable?

The most valuable feature is the ability to use the product to enhance security in deploying web applications.  

What needs improvement?

We have not implemented WAF completely. We are working around that issue right now in the AWS. We are creating log files and then we are using Kibana for analysis. Out WAF deployment is not perfected yet so it is not implemented as our long-term solution. It will take another month to complete the setup. I do not have the big picture on it yet in a live environment, so my view of what will need to be improved under load is limited.  

I think one thing that should be available is that if there are technical problems in the AWS, then there should be automated alerts to AWS. Calling support is not that easy. It would be better to automatically send emails to them to report that there is a bug in their programming.  

I have an idea for a new feature to consider. I think the security area and other things that they provide are good, and I know there are third-party integrations. It provides a lot of value. The problem is that the 'value' of the solution makes it very costly. That is a big thing. $20,000 for this solution seems like a lot.  

Right now we are limited to only MySQL and PostgreSQL databases. There should be other options and also a way to check the security of it. I think AWS should develop and make available some kind of a management screen so we can see the logs, which servers are using the service, and how the security is performing. All we can see right now is if there are any security breaches. This is not enough information to evaluate the performance of the system.  

For example, there are a lot of people using MongoDB databases. Over the last two years, a lot of them got hacked. Mongo should have had a way to alert end users if its facilities get hacked. A manager or some administrator should receive an email saying that this or that account got hacked and there was a security breach. This would be enough notification to prompt taking other appropriate actions.  

There should also be a report or alerts which tell us that the configuration is having security issues. I think there is something called PVE security rules which might be implemented. Of course, Cisco's security rules could also be implemented. Once the rules are implemented, we know for certain if they are providing a secure connection or not. We need some type of check on the configuration that can create alerts for potential security issues and to have proper notifications.  

For how long have I used the solution?

We have been in the implementation process with the product for some time but it is not yet live because we are not totally satisfied with the setup.  

How are customer service and technical support?

I am not satisfied with AWS technical support. It is a long story. Two years back I contacted support because their code was not working. The solution itself was not perfect and there was a bug in the system. It was creating a lot of issues and there is no way to contact support. 

I tried to contact them to tell them that they had a problem with AWS, they wanted me to pay them $200 to tell them there was a problem with their product — which is very strange. What I did instead was to send an email to their sales department at AWS to explain to them that there was a coding issue and that the software was not working as it was supposed to. After many months, they replied that this was not a problem for the sales department. They said they would forward the issue to the technical support team. When the technical support team received the information, they asked for money again to solve the problem in the coding of their own product.  

I just wanted to tell them that they had a problem. They gave me a run-around and would not even look at the issue that was on their end which must have affected more clients than just me. So I think in that way, the technical support is not good. If there is a problem or a bug within the AWS services, there is no way to contact anyone for a resolution. That is a problem and not a good way to run technical support.  

Which solution did I use previously and why did I switch?

We were using ManageEngine. A problem with using ManageEngine was that ManageEngine can help in securing the servers and API gateways and app servers, but it cannot help to tell if there is any breach in security from a company-provided laptop. We needed a better solution that covered this vulnerability.  

How was the initial setup?

This product is not straightforward to set up and deploy. In the area of database security, it is especially complex. This is especially true when you want to do security for the cloud. There may be applications that will allow software on the cloud to access your in-house servers. If your in-house servers are available and there is a database, you want to secure it. You can do that more easily in-house than you can on the cloud but you have to be sure it is configured and secured properly.  

What's my experience with pricing, setup cost, and licensing?

As far as pricing considerations, there are other competitors to consider. All the solutions are not easy and all will not do exactly the same thing or even what you need. SecureSphere is expensive, I think $20,000 per year. If you go for ManageEngine or any other solution, they also go for close to $10,000. It depends on how many applications you are running and how many servers you have. They can easily run into close to $10,000 a year. Database security and application security are generally costly solutions.  

AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate this product as a seven or an eight. I do not like to give it a solid rating as of now because we are still in the process of implementing it. Once we have completed the implementation, we will be able to give you a proper answer. As recent as two weeks we were still considering ManageEngine, but we did finally decide in our comparisons that it cannot provide all of the features that we are looking for.  

Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a manufacturing company with 201-500 employees
Real User
Top 5
Intuitive interface and can be used practically with any application in the backend
Pros and Cons
  • "I like that this is a Network Load Balancer that can be used practically with any application in the backend. They have how-to guides on how to set up Kemp NLB with Exchange, but you can use it as well for Sharepoint, RDS, or any other back end server."
  • "The product is really good as-is out of the box. If there is one thing I would change is to have the license file not be coupled with the MAC address of the device. This is actually not really useful in a virtual environment where if you have a single VM with KEMP LoadMaster and you have not set up static MAC Address, if you, for example, recreate the VM and just load the disk file on a new VM it will get new MAC address and the NLB will not work as it will not see a proper license."

What is our primary use case?

I used it as a front end to an RDS Farm. Its load-balancing port 80 and port 443 to multiple RDS Gateways. It's deployed as a virtual appliance on an on-prem virtual machine hosted on the Hyper-V server. Kemp LoadMaster is used by more than 1,000 internal users on a daily bases to access the application system at the back end. It's not exposed to the internet, it's used only from internal users inside the corporate LAN. We have daily VM backups setup as well as application backups from inside KEMP.

How has it helped my organization?

We used to have DNS round-robin based load balancing from some small applications but it was not highly available and if one instance were to do down half of the traffic would go down. We have tested the build it Microsoft Load balancer, but it was free and it was not reliable. Currently, we are using ZEN NLB for a few small applications that do not require many features but when it came to having a proper NLB for 1000 users the ZEN NLB could not handle the load. We have tested F5 and Kemp and Kemp were much cheaper and easier to setup.

What is most valuable?

I like that this is a Network Load Balancer that can be used practically with any application in the backend. They have how-to guides on how to set up Kemp NLB with Exchange, but you can use it as well for Sharepoint, RDS, or any other back end server. I like that the interface is intuitive, you have the option to load an SSL certificate on it so then the traffic can be inspected there, this is especially important when you have an Exchange server or RD Gateway at the back that heavily uses SSL Certificates. It has an option to be HA so if you need you can set up two of them to be up and running at the same time in Active-Active fashion. 

What needs improvement?

The product is really good as-is out of the box. If there is one thing I would change is to have the license file not be coupled with the MAC address of the device. This is actually not really useful in a virtual environment where if you have a single VM with KEMP LoadMaster and you have not set up static MAC Address, if you, for example, recreate the VM and just load the disk file on a new VM it will get new MAC address and the NLB will not work as it will not see a proper license. You need to call their support, explain what the issue is, and then they will generate a new license that you can apply. If this is a production environment and you just had an outage and quickly required the VM then you are extending the outage by the time it will take to get their support to help with the new license.

For how long have I used the solution?

I have been using Kemp LoadMaster for more than two years.

What do I think about the stability of the solution?

It's rock-solid and very stable.

What do I think about the scalability of the solution?

It can scale easily, I believe you only need to load a new license.

How are customer service and technical support?

Technical support is nice, they will help you over the phone/email but I had few questions about the design and even professional services were not purchased their support engineer did a screen sharing session to take a look on the configuration to make sure it's following their best practices for the use case we were using it for.

Which solution did I use previously and why did I switch?

I have used ZEN NLB and Microsoft NLB.

How was the initial setup?

It was easy to get in touch with their sales and get it ordered.

What about the implementation team?

I have implemented it myself.

What's my experience with pricing, setup cost, and licensing?

KEMP NLB is on the cheaper side of the spectrum but works great. If your license expires it will still run just you won't be able to do any changes.

Which other solutions did I evaluate?

Yes, F5.

What other advice do I have?

Its a nice and easy NLB to set up and operate on a day to day basis. I highly recommend it. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Architect at a mining and metals company with 10,001+ employees
Real User
Top 10
A SaaS solution that is API configurable and a convenient part of a suite but needs updating of core rules
Pros and Cons
  • "It is configurable via API."
  • "It is a SaaS solution unlike much of the competition."
  • "The ModSecurity core rules need to be updated."

What is our primary use case?

Our primary use is as a SaaS-based firewall solution for web applications.  

What is most valuable?

The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product. It fits our use needs because it is configurable via API.  

What needs improvement?

There is really only one area of the product that I think needs to be improved. That is that Cloudflare should update the version of the ModSecurity core rule set that they run on. They run a pretty old version of ModSecurity from 2013 and they need to update it. That is one thing I would very much like to see in a future release.  

The main issue that we have is really a decision about how the product fits our model. We use both AWS and Azure, and they have similar products. We are trying to determine whether or not we go for a cloud-native solution per the cloud provider we are using or stick with our current model and continue to use Cloudflare. Switching to AW or Azure as a lone solution means we would go with one or the other across all cloud providers to unify our WAF approach. It might simplify how we look at the maintenance of our web application firewall.  

For how long have I used the solution?

We have been using Cloudflare's web application firewall for twelve months.  

What do I think about the stability of the solution?

I am one-hundred percent convinced of the stability of the product.  

What do I think about the scalability of the solution?

I can say I am pretty confident in the scalability of Cloudflare WAF. I believe that they are the largest WAF provider on the internet at the moment. That is probably at least in part because they are pretty scalable. It is our primary WAF product at the moment.  

How are customer service and technical support?

As far as technical support, we have not really had any issues that require contacting them.  

How was the initial setup?

The initial setup of Cloudflare WAF was very easy. It is a SaaS service so it is just online and it is really only a few clicks away to get started with it. There is no physical infrastructure to bother with so that whole component of maintenance is removed.  

What's my experience with pricing, setup cost, and licensing?

There is no upfront cost for infrastructure because it is a SaaS solution. You just pay per month for the product and usage.  

Which other solutions did I evaluate?

We have evaluated other WAF (Web Application Firewall) solutions. In fact, that is what we are investigating now in taking a deeper look at the advantages of AWS and Azure. That evaluation is really part of my current job.  

At this stage, we have not really considered replacing Cloudflare as a solution with either of those specific solutions or other WAF products. The thing that differentiates Cloudflare WAF is that is it Software-as-a-Service. It is integrated tightly with all of Cloudflare's other services. That is probably the better way to look at it: it is an integrated part of a product suite and not really a separate solution.  

What other advice do I have?

My advice to people who are considering Cloudflare WAF is to check service limits of other providers. Cloudflare does not really have a lot of service limits and that makes a difference. Also, look at the pricing and the pricing models carefully as other products seem to me to become more complicated as your demand scales. It is more straightforward with Cloudflare — or at least it seems to be in comparison to other providers.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Manager at a tech services company with 1,001-5,000 employees
Real User
Top 5
Provides good performance for our virtual apps and desktops
Pros and Cons
  • "This solution increases the backend network service performance, which is one of the things that we like the most."
  • "Some of our customers have questioned the security of this solution lately, wondering whether it is safe or not, so enhancements in this respect would be good."

What is our primary use case?

We are using NetScaler VPX as a gateway for our virtual applications and desktops.

What is most valuable?

The most valuable feature is the securing of virtual apps and desktops.

This solution increases the backend network service performance, which is one of the things that we like the most.

What needs improvement?

Bugs in the software have had an impact on us. Better quality control or quality assurance would be an improvement.

Some of our customers have questioned the security of this solution lately, wondering whether it is safe or not, so enhancements in this respect would be good.

For how long have I used the solution?

I have been using Citrix NetScaler VPX for seven or eight years.

What do I think about the stability of the solution?

Citrix NetScaler VPX is a very stable solution and it is used on a daily basis. Its use is quite crucial.

What do I think about the scalability of the solution?

This is a scalable solution and it is easy to expand.

We have a variety of clients that range in size from small businesses to enterprise-level customers. Most of our clients are of medium size.

How are customer service and technical support?

The technical support for this solution is pretty good.

Which solution did I use previously and why did I switch?

Prior to this solution, we used F5 BIG-IP and the Azure Load Balancer.

How was the initial setup?

The initial setup is simple. It takes 30 or 40 minutes to deploy.

What about the implementation team?

I am a consultant and the person responsible for deploying this solution. Usually, one or two engineers are used during deployment.

The number of people required for maintenance depends on the scope of the project. I would say that two to three people are the average.

What's my experience with pricing, setup cost, and licensing?

The licensing costs for this solution vary depending on which model is being used. It comes in many different sizes and models. I think that the cost of support, or maintenance, might be in addition to the standard feeds.

Which other solutions did I evaluate?

Our clients do evaluate other options and vendors such as F5, Cisco, Palo Alto, and Microsoft Azure before deciding on which solution to implement. People generally choose Citrix NetScaler because of the performance that it offers. Also, if they have other products by Citrix then it is generally a good idea to stay with the same vendor because of compatibility.

What other advice do I have?

This is definitely a solution that I recommend.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Get our free report covering Microsoft, F5, Amazon, and other competitors of Microsoft Azure Application Gateway. Updated: January 2022.
563,208 professionals have used our research since 2012.