If you were talking to someone whose organization is considering Azure Firewall, what would you say?
How would you rate it and why? Any other tips or advice?
I would definitely recommend it. On a scale from one to ten, I would give Azure Firewall an eight.
Features Azure Web App Firewall Fortiweb WAF F5-ASM Remarks OWASP Top 10 Attack Yes Yes Yes Azure WAF supports only SQL and XSS protection AI-based Machine Learning Threat Detection No Yes NO Deep Integration into the Fortinet Security Fabric and Third-Party Scanners No Yes Yes Solving the Challenge of False Threat Detections No Yes No FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. Advanced Graphical Analysis and Reporting No Yes Yes Layer 7 server load balancing Yes Yes Yes URL Rewriting Yes Yes Yes URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment. https://docs.microsoft.com/en-... Content Routing Yes Yes Yes HTTPS/SSL Offloading Yes Yes Yes HTTP Compression Yes Yes Yes Caching Yes Yes Yes Auto Scaling Yes Yes Yes File upload scanning with AV and sandbox No Yes Yes Built in Vulnerblity Scanner No Yes No CAPTCHA and Real Browser Enforcement (RBE) No Yes Yes HTTP RFC compliance Yes Yes Yes Zero-day Attack Protection No Yes Yes Security policy creation based on Server Technology No Yes Yes Virtual Patching No Yes Yes Geo IP analytic Yes Yes Yes HTTP Denial of Service Yes yes Yes Bot Protection Yes Yes Yes Positive Security Model No Yes Yes Bot Deception No Yes Yes API Gateway No Yes Yes Mobile API Protection No Yes Yes JSON XML Protection No Yes Yes Header Security No Yes Yes Man-in-the-Middle No Yes Yes No TLS 1.3 Support No Yes Yes Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner. FortiWeb is tested and validated by Gartner and NSS Labs.
I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. I would rate Azure Firewall an eight out of ten.
We're just a customer at this time. We don't have any kind of special business relationship with Azure. I'm not sure which version of the solution I'm currently using is. I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.
My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment. There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable. This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement. I would rate this solution a nine out of ten.
I would rate it a six out of ten. It's good enough but it's not as good as other virtual appliances. It's good enough.
The network firewall is a complex project, you have to review all the requirements. It's possible that sometimes the Azure Firewall won't be able to support some things because they customize their applications and they may not meet with the Azure Firewall's features. Each user has unique requirements on shaping or manipulating network traffic. I wouldn't recommend any product without doing the research. I would rate this product an eight out of 10.
We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company. I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.
I would highly recommend this product. I would rate this product an eight out of 10.
We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary. The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.
This is a solution that I recommend for internet-facing network traffic. When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less. Overall, I would rate this solution a seven out of ten.
Hi peers,
If you could go back in time, would you change your decision to buy that firewall and why?