Azure Firewall Reviews

It is associated with our web resources, such as PaaS applications. I don't use it that much. I spend way more time working with function apps or something else on the Azure platform.

I am using its latest version.

I can easily configure it.

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

I have been using this solution for four years.

I don't get into any kind of real scale configuration. There might be bugs that I don't know because I just use the general configuration.

I can't say about scalability, but we have 20,000 employees.

I have not used their technical support.

Most of the time, I've used Azure Firewall for cloud services. We also have AWS, and then, of course, we have hardware firewalls on-premise, but I haven't worked with anything.

It is pretty straightforward for what I'm using it for.

I would rate Azure Firewall a seven out of 10.

Azure Firewall makes up part of our security solution. We use it internally but we are a consulting company and also advise our customers on the use of it.

The most valuable feature is the integration into the overall cloud platform. The orchestration is very easy using automation with APIs and scripts.

Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group.

Tagging is supported but not on the instances, which is something that could be improved.

The selection of the internal resources into the ruleset could be improved.

Support for layer-seven application filtering should be added because it is not there yet, at all.

It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement.

The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.

I have been using the Azure Firewall for about one year.

The stability is excellent.

The scalability is very good and you don't have to think about sizing, as in the case of a traditional firewall where you have to think about the throughput. With Azure Firewall, it scales automatically.

We have customers ranging in size from small to enterprise-level organizations. One of them is a large company with 40,000 users on Azure Firewall.

We use the customer support that our customer has access to. If they have enterprise support then we use it, whereas if they do not then we use standard support.

Personally, my experience with Microsoft support has been very good. Their professionals are very quick to respond and they have good feedback. They also have very good support forums and the documentation is fairly good. 

I have experience with similar solutions by Palo Alto and Fortinet. With the inclusion of more advanced features, Azure Firewall will be on par with these products.

The initial setup is straightforward and very easy.

My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment.

There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable.

This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement.

I would rate this solution a nine out of ten.

We mostly utilize the solution for effectively controlling the networks.

The ability to provide better control of the traffic is the solution's most valuable aspect.

The solution is stable.

The solution can autoscale.

The initial setup is pretty easy.

Technical support has been good to us so far.

The solution isn't missing features per se.

Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.

There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.

I've been using the solution for one year.

The stability of the solution is good. We haven't had any issues. It's a managed service.

The solution is autoscalable. It scales based on your deployment and/or based on your loads, due to the fact that it's a managed service. A company that expects to expand shouldn't have a problem scaling with this solution.

We have about 50-100 users on the solution currently. We may increase usage in the future.

We've had some experience with technical support from Azure. We've found them to be quite good and are satisfied with the level of service that's been provided. I would say they ar knowledgeable and responsive to our queries.

Before Azure Firewall, I used to work on a VPN-based firewall. 

The solution doesn't have a complex installation process. It's pretty straightforward to implement. When we went forward with the solution we didn't face any setup issues.

Our initial deployment took about three months, and, now that it's a managed service, we've handed the deployment over to them.

I'm not sure how many staff members we used for deployment and how many handle any maintenance aspects.

While we handled the initial implementation, we get Azure to handle the deployments for us. We didn't use a reseller or a consultant to assist with the deployment.

We're just a customer at this time. We don't have any kind of special business relationship with Azure.

I'm not sure which version of the solution I'm currently using is.

I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.

We use the solution as an internal firewall device.

The solution provides a good link to Azure and SQL servers.

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

We have been using Azure Firewall for around a year. 

The solution has the same stability as Azure.

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

We handled the initial setup internally. 

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten. 

On-premise to cloud <-> Cloud to on-premise

Managed service.

Scalability, multi-zone and FQDN TAgs.

In a future release, it could be empowered by combining with Azure Private DNS and Front Door.

We've been using the solution for 1 year

The solution is very stable. When comparing it to other environments, it's actually quite impressive.

The solution is scalable.

We deal with technical support on a regular basis. I'd rate the service we've received ten out of most of the support tickets. 

We use several solutions.

Unfortunately, I don't handle the finances or payments for the solution, so I can't compare to others.

FortiGate - also nice solution...

We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary.

The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.

We mostly use it as part of a hybrid cloud solution. For example, for a client with on-premises and cloud solutions, our recommendation is that Azure Firewall be used.

All its features are good. That's why we recommend it.

In terms of features, it is great, but it has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB.

I have used it for projects over the last 12 months.

It is stable.

It is scalable. 

The price is okay. Microsoft even gives a discount nowadays.

It needs more features so that it is comparable to Fortigate and other companies.

I would advise people who are interested in Azure Firewall to find the people who can implement it, because not everyone is able to do everything in the proper way. Some people will go ahead and do the configuration but it's not the right configuration. The client will start to have issues and will start to complain about the product. But the problem is not the product, it's the implementation itself. The person who did it wasn't knowledgeable enough.

We're SaaS providers. We use these firewalls to route our traffic from our partner to us.

Among the most valuable features are the

• DDoS protection which protects your virtual machines
• threat intelligence 
• traffic filtering.

If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.

The cloud team in our company has been using Azure Firewall for about two years, but I'm in the security team and I've been using it for a year. We're using the regular version, not the Premium version.

The stability of Azure Firewall is fine. I've never seen it go down.

There may be issues with the scalability, but I haven't tested it yet. When you test it in preview mode it's only around 3 to 3.5 Gbps.

The support from Microsoft is good.

Positive

We started using it because we were new to the cloud and, at that time, we didn't have options. We started using whatever came with Azure. Now that we have started to grow, we have started exploring other options.

We have different business units and each one has one person for deployment and maintenance of the solution.

We have looked at Azure Firewall Premium and at Palo Alto's firewalls.

When we did the comparison we found the regular version of Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.

We're looking at switching to Palo Alto virtual firewalls, but we want to make sure that what we switch to is compatible with our environment.

Azure Firewall is fine, but it's not suitable for our organization and that's why we have decided to move away from it.

High availability is built in, so no additional load balancers are required and there's nothing you need to configure 

Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability

You can limit outbound HTTP/S traffic or Azure SQL traffic (preview) to a specified list of fully qualified domain names (FQDN) including wild cards. This feature doesn't require TLS termination.

You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful, so it can distinguish legitimate packets for different types of connections

Threat intelligence  -based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains

Inbound Internet network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks.

They can improve the pricing of Azure Firewall. 

I have been using this solution for maybe one year. We are a gold partner with Microsoft.

It is stable.

It is scalable. We have around 200 users, and we have around 10 members for maintenance.

It is easy to set up. It took around 1 hour.

Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it.

One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall. 

Azure Firewall is the best to use with all Microsoft solutions. I also use Fortinet, Sophos, and Cisco. It's about the client's priority, that is, what they request.

I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. 

I would rate Azure Firewall an eight out of ten.