Azure Firewall Reviews

We use Azure Firewall for designing infrastructure for big data integration applications or for applications on Kubernetes. The firewall is only on the edge of our architecture.

The problem we were trying to solve was mostly around configuration. Azure Firewall is a PaaS offering, so it's not about the technical aspects. We need, of course, to know what threats need to be protected against, who should have access to the firewall, and which applications do have access. We also have to look at how it fits with centralized management. We also must be able to state if the solution we provide as a firewall is compliant with the standards of the organization and for auditing.

We use it in a mission-critical environment. It's highly secured.

It has made our solution safer, more scalable, and less costly because we don't have to take care of the technical maintenance.

One of the best features is that it natively integrates with Azure Services and tools. When you have a third-party offering, that is not the case. But Azure Firewall provides a comprehensive and seamless security solution for your Azure resources. The flawless integration is really nice with the Azure AD, Azure Monitor, and Azure Bastion. Everything fits together. If you use Sentinel, it's also good for that.

You can use Azure Firewall in every technical area. It's not branch specific, rather it's more architecture specific. Palo Alto also has firewalls that protect cloud infrastructure, but Palo Alto firewalls are fully managed by Palo Alto, giving you room to configure it more like you want to configure it. That gives you more options for manual deployment. Sometimes this works great when it comes to scaling or performance and can be an advantage. It depends on the use case. The option for doing a more manual deployment with Azure Firewall should be improved.

It doesn't always fit our requirements and we have to configure it further.

Also, Azure has new versions including a premium firewall. But I would like to see them not put the premium features on Azure Firewall Premium alone because it is quite expensive. For example, we use intrusion detection and prevention systems but only mTLS (Mutual TLS) inspection, which is not in the standard Azure Firewall, but it is in the premium version.

High availability can also be an issue, so there are several reasons to go for the premium version, but the standard firewall is too modest. It's more for an SMB. If you want to scale you should go for Azure Firewall Premium.

I have been using Azure Firewall for about eight years.

It's a very stable solution.

It's very scalable because it's a PaaS solution. If you have only one event or a lot of events, it scales.

When we have a really in-depth question when we are working in production or other environments, we use Microsoft standard support. Sometimes it's very good, and sometimes it could be better.

There is also go-live support.

Positive

We used Palo Alto. We switched because we needed to do the configuration manually. Another issue was the pricing. Azure Firewall pricing is based on a pay-as-you-go model, while the Palo Alto pricing includes the cost of the VM-Series license. It's a different usage model. 

The best choice depends on your specific needs and the level of security features you require. If you need more security features, then Palo Alto would be the better one, but if you want simple management and a cost-effective solution, Azure Firewall is enough.

I also used Fortinet FortiGate. It is very popular for the same reasons that Palo Alto is. I have also used Check Point CloudGuard and some of my colleagues use Barracuda and Cisco. Nowadays it's mostly between Azure, Palo Alto, and Fortinet.

It's a PaaS offering, always on the cloud. It's tightly connected to Azure. It's quite simple when it comes to creating it, but the configuration, the fine-grain specific needs, is more difficult. If you have a standard way of working, it would work very well. But when you have different applications and integrations, Fortinet might be a better choice.

Our implementation strategy is based on designing the architecture for the application. Then we look at cost estimation so that it fits into the budget. Then we implement it and maintain it and evaluate it yearly.

There is functional maintenance involved but not technical maintenance because that is done by Azure. Things like upgrading the OS are handled by the Capgemini and Accenture technicians.

We made use of Accenture and Capgemini. The Accenture team had about eight people and Capgemini brought about four. My team was four architects.

It's worth the money, it's not expensive, but it depends on the requirements of the organization. When you are in a smaller organization with smaller applications, Azure Firewall will do the job. But when you are in a big organization with different needs, you should go for Fortinet or Palo Alto.

The pricing of Azure Firewall is pay-as-you-go. Fortinet also has a pay-as-you-go model, but Azure's pricing is higher and, with FortiGate, you also have the license.

It's not that the price is always better with Azure, but if you want a simple solution, one you don't have to think about too much, go for Azure Firewall. 

There are different pricing models and it also depends on how much data transfer you have. If you have a lot of data transfer, I would go for other firewalls. Azure Firewall is not the best firewall, but it's the easiest firewall.

My advice is to start by trying the Azure Firewall, and if it's not working out, then go for Azure Firewall Premium or for Palo Alto or Fortinet.

We primarily use the solution as a firewall. 

The initial setup is not complex. It's very simple. 

It is an easy product to maintain.

The solution is stable. 

An Azure firewall is not a real firewall. It has a lot of things to improve on. It should go and make a list of other firewalls and apply what they offer to its services. It requires features such as IDS, IPS, anti-virus, et cetera. The security protections on offer need to be better.

I've used the solution for quite some time. I would say it's been four to five years.

The solution is stable. In terms of stability and reliability, I don't see an issue. there are no bugs or glitches. It doesn't crash or freeze. 

The product isn't scalable per se. They're used in very minimal and milder situations which do not challenge their bandwidth and processing capabilities.

I won't say I'm a hundred percent satisfied, however, since the product is in an evaluation state, there are these teething issues that will be there.

I have used solutions such as Fortinet. 

The implementation process is easy. It is not overly complex or difficult in terms of the setup process.

We are a customer and an end-user.

We look at the solution and assign it according to our client's needs. it's situational. 

Based on the actual firewall capabilities, I would say it's a five out of ten in terms of a rating.

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

It needs a lot of improvement, especially on intruder detection. They are working hard on that.

I am an experienced Azure architect. I have more than 30 years in this field. I don't do operations anymore, although I know how to configure things.

I have just done the design on a project for General Electric, with Azure Firewall.

It's very stable. Microsoft will not put something out there that is unstable.

Another big benefit of Azure Firewall is the scalability. You can grow it to meet the load of traffic. With a virtual appliance-based solution from Palo Alto or Cisco, you need to add another one to scale.

Their tech support is great. They are very helpful. They can be involved in the design.

The initial setup is a piece of cake. You just provision it. You need to know your requirements because there are two versions, Standard and Premium, which affect your costs.

One of the benefits of Azure Firewall, while it is not mature yet, is that the total cost of ownership is much less than Palo Alto, Cisco, or any other brand.

When people look at the cost of Azure Firewall, they think, "Oh, it's pretty expensive." But when you base it on the total cost of ownership over a period of time, you have to look at the scalability and the fact that, if you already have Microsoft support, it is included for Azure Firewall automatically. When you add in the integration and the management, it comes out to much less than virtual appliances.

I would highly recommend it if your design needs Azure Firewall. It might not need it. It might be that you could use an application firewall and that the application gateway will be more than enough.

They're working on a distributed solution so that it's not that you just have a virtual network and one firewall. They really want to have more than one entry point into your environment, with ways to orchestrate it, with the IP coming from a client to different firewalls. They are moving at the speed of light to realize a lot of strategic initiatives for Azure Firewall. It is one of the strategic items that Microsoft is working on.

I have hands-on experience with Azure Firewall. My company is developing a product called Mondo with Azure Firewall. The tools that we are developing use all sorts of products inside Azure or AWS. For example, we are checking for vulnerabilities inside the cloud and whether the customer configures the firewall properly or not. Indirectly, we are using the Azure Firewalls, but mainly it is for scanning and to check the misconfigurations of the cloud.

The solution's most valuable feature is its ranking of some web categories. The tool also does URL filtering and uses SSL and TLS inspection.

Maybe one of the things in the tool where improvements are needed as there are some shortcomings consists of Azure Firewall Manager. Azure Firewall Manager is one of the best things that can be made more capable of managing all sorts of different areas within Azure. The other thing is the traffic inspection part where improvements are needed, specifically by working on improving the engine and database.

I have been using Azure Firewall for a year.

I have had minimal use of the tool and the solution's technical support. Microsoft offers a tool named Copilot. You can ask your questions associated with Azure Firewall to Copilot by phone. If you have any problems with the tool, you can just chat with AI, which is included inside Azure, and it answers almost everything. We don't need to call the support team anymore.

My company works with Qualys indirectly since Azure has integrated it into its cloud platform. You can do vulnerability scanning with the integrated scanner part from Qualys, but I think it is currently deprecated, and Azure took it out. More than a year ago, I used the scanner part from Qualys directly, which was very strong at that time. I work with tools like AWS, Google, Kubernetes, and everything related to the cloud.

Fortinet was a tool I was working with in the past and it is mostly for the firewall. I know that Fortinet recently bought a company and are moving to the cloud area.

It is very easy to deploy the product. It does not take more than 30 minutes to deploy the solution. The implementation was easy. The setup process requires one to have a deep knowledge of the product, but the phase is overall easy to manage.

If in the setup process, one is difficult and ten is easy, I rate the setup phase a seven or eight out of ten.

The product's value to my company stems from its ability to secure my organization.

In Azure, I use everything in its ecosystem, ranging from Azure Key Vault to Azure Storage.

The threat intelligence system is mainly a tool for analyzing traffic inside or outside of a mainstream company. Based on the pattern that the tool gets, which is mostly signature-based, the solution detects the attacks. The tool works mainly with signature-based detection areas. Recently, with the AI tools integrated with Azure, the tool has also analyzed areas based on the massive amount of data that is being passed through the network. The tool can analyze and provide an alarm for the attack, making it like the IDS or IPS system.

We cannot compare point to point as to what challenges the tool helps its users overcome because many customers use Azure since they don't have any other solution other than Azure Firewall. I can use other platforms, like Fortinet Cloud, but integrating Fortinet to Azure is a massive job and involves a lot of work, and I don't think it is worth doing it. If somebody wants to move to the cloud, like Azure, they are most probably using all the features inside Azure, like Azure Firewall, Azure Storage, and everything that is included in Azure. They don't use any other products outside of Azure's ecosystem since it won't make any sense. It is also the same for AWS. If you are using AWS, probably the best thing is to use AWS Firewall.

The scalability of Azure Firewall in handling our growing network traffic is very effective. The tool does a perfect job of handling growing network traffic. We get full control of your network. You can change all sorts of IPs and ports and control almost all of the traffic.

I rate the tool a nine out of ten.

We implemented Azure Firewall to secure edges and gain access control to the internet for BNS and Bitcoin. It's used to access the internet in a safe way. It allows us to access services from Azure via the firewall within Azure.

With this technology, we were able to handle different projects in a smaller amount of time. The time-to-market has been much better since we implemented this solution. We have more agility, take less time to implement, and are able to set up faster.

The firewall policy control, URL content control, and antivirus are all the most valuable aspects. Threat prevention is as well quite good. 

The development area and QA area could be improved. With those improvements, we can improve projects and take even less time to implement them.

I've been using the solution for five years.

It is very stable. I don't remember having a fall or failure in this service. 

It is a good solution in terms of scaling. If we need to support more traffic or more bandwidth, the solution grows automatically. It's configured to grow.

My company has an enterprise contract with Azure, and that contract gives us the right to access very specific, very high-level support. We always have good support and a high level of support with Azure from those that specialize in different areas of Azure.

Sometimes the support is delayed as sometimes we have to connect with support abroad. Sometimes we are limited as our people do not always know English and there can be a language barrier.

Positive

We did not use a different solution. This is the first solution we've used and we'll keep the same solution for now.

I do not have direct experience with technical support. My colleagues in operations were involved in the setup. My role was to define and decide what kind of service we needed.

The deployment was in different regions, including in the USA and Virginia. It was a combination of on-premises and hybrid cloud between the two regions. 

I don't recall the solution needing maintenance.

My colleague and partner implemented the product. 

I have not seen an ROI.

The solution is cheaper than other brands. My company has an enterprise contract and we finally got a good price with Azure.

We evaluated Check Point and Fortinet.

It's simpler to implement Azure. It's simpler in terms of handling the license. With the other providers, in order to get support, it is necessary to sign a contract. With Azure, it's different. It's more agile and simpler to get service. The support is embedded in the service.

I'd rate the solution nine out of ten.

The solution is very simple to implement. In terms of the security policy, it's good. Previously, we had to define how the solution was used and we had to configure it. It's necessary to define and have a good plan as the solution is very fast to implement. The velocity has to be contained via having a good plan. You need to be very clear and very detailed. Be prepared and plan everything in advance. 

The use cases are related to internet-based traffic restriction. Generally, when it comes to gaining access to web applications hosted on Azure from the outside world, and the traffic restriction between the internal supplements.

We're still looking into the features. I can't evaluate much of it right now because we're still exploring. The requirements that we are looking at on the firewalls have been met, and we have begun running the operations. We are also looking forward to the next level of firewall features.

It's auto-scalable, which is a great feature. It also meets industry-level standards and compliance requirements, which have been verified by our security team.

It supports native load balances, and routable can be easily configured, which is another added feature. When we look at any other firewalls, and they were difficult to configure, which came in handy with Azure Firewall.

Layer four security is to be expected. In contrast, with Azure Firewall, you can extend it to the other Wi-Fi layers.

I'm not sure if that is still supported because we haven't yet explored all of the features, but it was on our future roadmap to integrate all restriction traffic and anything with our ITSM tool, most likely ServiceNow. So that an auto ticket can be generated for the ingenious, remediation and fixing can be done. Any type of automation can come into play there as well. Those are on our to-do list. But we're still looking into it. It is yet to be discovered.

It would be much easier if the on-premises, firewall rules, had some kind of export-import possibility in place, which is not the case right now.

As I previously stated, the same integration, most likely ITSM tool integration, is one of those features we'd like to investigate to see if it exists or not, so we can have a more forward-thinking perspective on it.

We implemented Azure Firewall approximately three months ago. 

I have been working with Azure Firewall for two to three months.

I am working with the latest version.

The stability is excellent. As of now, we have not been faced with any issues, and we are keeping our fingers crossed that it remains that way.

It is auto-scalable and highly available.

The number of people using this solution in our organization is quite limited as it is restricted as of now. We currently have three people who are working with this solution.

We may get one or two people on board, but for the time being it is restricted because it is a security device and we don't want to expose much of the admin privileges to the users or administrators, which is why it is restricted.

We get enterprise support as well as Microsoft support with our premium version.

Technical support is also fine. It is sufficient in my opinion. We have a Microsoft solution architect aligned with us as well, and if any new services, or deployment, as well as configuration, are required, he comes into the picture and we can get support from him. Aside from that, we have technical support for case-by-case scenarios such as severity A, B, and C for Microsoft. So far Microsoft support has not been an issue. I have been working with Microsoft for the past 10 years, I don't see much of an issue from Microsoft on support, at least from my point of view.

We have Barracuda, FortiGate, and Check Point as well.

As a comparison, it would be difficult because it is managed by a completely different team from an on-premises perspective. Before deploying Azure, we were looking for what parameters actually made the point, The security team was able to identify that it was good enough for our security parameters to meet our company's requirements. This is why we are using it, and how we deployed the Azure Firewall, subject to security approvals.

The rest of the firewalls on-premises are managed by a different team.

The initial setup was pretty easy. 

In terms of configuration, we haven't faced much of an issue.

The deployment and configuration took two to three hours.

The maintenance parameter is supported by Microsoft. Being a cloud product is very simple in terms of maintenance; we don't need to worry about any kind of patching activity or anything else. On other products, we must check the vendor and follow the OEM recommendation. This is an area that Azure has simplified.

Microsoft assisted us during the deployment. We had a solution engineer from Microsoft.

The deployment was straightforward, on the other hand, from a configuration standpoint we had some help to avoid any issues or misconfiguration. A Firewall is something that is very important from a security point of view. You cannot have any loopholes on that parameter.

We purchased the premium version for our enterprise support and it was quite good.

There isn't much of a pricing licensing model in Azure. Azure Firewalls operate on a pay-as-you-go model, similar to cloud services. So far, the best estimate we've found for our enterprise solution is around 90,000 INR rupees in India. So that's what we discovered. And because we are using three different subscriptions and managing it from a hub network, we divide it and it comes to around 30,000 in INR fee subscription. That is a suite comparison that we have also done with regard to the licenses of other products. And we discovered that it is also comparable in terms of pricing.

When it comes to firewalls or any other type of security device, it is more of an analysis done by your security team to determine whether or not it meets your security requirements. If we are only talking about product and features, I would recommend it because from a cloud perspective, and specifically, if you are using Azure, it is quite easy from a manageability, operations, and configuration standpoint, with respect to the PaaS services.

Whereas if you deploy other vendors on Azure, managing the PaaS services would be difficult because Azure uses service tags, which you can simply configure in Azure Firewall for your PaaS services and other, even VMs. However, if you use other product vendors, there will be some kind of IP address restriction.

If you're in an Azure environment, I'd recommend Azure Firewalls. If it is any other type of environment, we will most likely have to reassess it.

As of now, it is pretty easy to rate it as nine. I won't rate it as 10 because we haven't searched much of the features. I would rate Azure Firewall a nine out of ten.

We used Azure Firewall to secure our cloud layer and integrate our on-prem servers. We also used it to build the QDM level for integration. Azure Firewall offers multiple SKUs, including Standard and Premium. I have experience with the Standard SKU, but not the Premium one.

Overall, I had a good experience with Azure Firewall, but there are some downsides. 

FQDN integration, especially the ability to integrate with Azure Active Directory domain services.

Azure Firewall can integrate with Azure services to access application data. I've also integrated it with Azure Monitor.  

From an integration perspective, it's very helpful. We can monitor both network and cloud traffic, which is a definite plus.

There are some downsides. One is the lack of built-in VPN capability. You need a separate Azure VPN Gateway for that functionality. Many customers compare Azure Firewall to their existing on-premises firewalls, which often have VPN capabilities. 

Additionally, Azure Firewall has some limitations in terms of threat signature coverage. There is a separate service for threat signature tuning, but it's worth noting this potential downside.

I would appreciate it if Azure Firewall included built-in VPN capabilities. It would be beneficial if Azure Firewall could replicate features that are available in other firewalls.

I used it for one and a half years.  

I do have some experience with other Azure services, though I wouldn't consider myself an expert.

I haven't experienced any stability issues or downtimes.

I work with both SMBs and enterprises.

I haven't needed to contact Microsoft so far.

I work with clients from multiple sectors, including private and government. We gather their requirements and provide solutions tailored to their needs.

Sometimes, we have to choose between Azure Firewall and third-party firewall options on Azure.

I haven't worked with other cloud firewalls extensively, but Azure Firewall compares favorably in terms of features. People can compare it to platforms like AWS or GCP to see the feature differences.

It's straightforward. If you have experience with Azure, it's not complex at all.

The deployment time depends on the requirements. We can deploy the firewall itself in about half an hour to 20 minutes. The configuration time will vary based on the customer's specific needs. The provisioning process is quick because it integrates with multiple roles.

The configuration process is straightforward. There is nothing complex. 

It is affordable.

I would rate it an eight out of ten, where one is the worst and ten is the best.

One of the notable advantages of Azure Firewall is its user-friendly interface, which closely resembles or shares similarities with other Azure components. The abundance of well-documented resources, extensive help features, and a wealth of examples further enhance the usability of Azure Firewall.

It could potentially be more cost-effective. There is room for further integration of AI into the system.

I have been working with it for approximately two years.

It ensures reliable availability.

At my previous workplace, we extensively deployed Azure Firewall with four units, effectively serving the security needs of a sizable user base exceeding a thousand individuals.

Previously, we utilized Fortinet, but we made the transition to Azure because  Microsoft introduced advanced features and Next Generation functionalities into Azure Firewall, and we anticipate a seamless shift to Microsoft Azure, leveraging the convenience of managing multiple products effortlessly through it.

Overall, I would rate it eight out of ten.