I would recommend Azure Firewall based on the specific needs and cloud architecture of the organization. We plan to use it in another project soon. Overall, I would give it an eight out of ten.
Azure Firewall integrates well with multiple platforms. For instance, I have successfully integrated it with AWS Firewall to facilitate secure data migration between Azure and AWS environments. I recommend implementing it to secure your data. Despite the misconception that cloud environments are inherently secure, it is crucial to configure and manage your firewall properly. I rate it a ten out of ten.
In Azure, I use everything in its ecosystem, ranging from Azure Key Vault to Azure Storage. The threat intelligence system is mainly a tool for analyzing traffic inside or outside of a mainstream company. Based on the pattern that the tool gets, which is mostly signature-based, the solution detects the attacks. The tool works mainly with signature-based detection areas. Recently, with the AI tools integrated with Azure, the tool has also analyzed areas based on the massive amount of data that is being passed through the network. The tool can analyze and provide an alarm for the attack, making it like the IDS or IPS system. We cannot compare point to point as to what challenges the tool helps its users overcome because many customers use Azure since they don't have any other solution other than Azure Firewall. I can use other platforms, like Fortinet Cloud, but integrating Fortinet to Azure is a massive job and involves a lot of work, and I don't think it is worth doing it. If somebody wants to move to the cloud, like Azure, they are most probably using all the features inside Azure, like Azure Firewall, Azure Storage, and everything that is included in Azure. They don't use any other products outside of Azure's ecosystem since it won't make any sense. It is also the same for AWS. If you are using AWS, probably the best thing is to use AWS Firewall. The scalability of Azure Firewall in handling our growing network traffic is very effective. The tool does a perfect job of handling growing network traffic. We get full control of your network. You can change all sorts of IPs and ports and control almost all of the traffic. I rate the tool a nine out of ten.
Director, Technology at a computer software company with 5,001-10,000 employees
MSP
Top 10
2023-11-01T17:49:00Z
Nov 1, 2023
I'd rate the solution seven out of ten. It's easy to use and fairly easy to configure. However, you need to factor in the cost. For a large enterprise, it makes sense. For a small to medium enterprise, a cheaper option might be better.
If you have an ecosystem based on, for instance, Palo Alto, it would be better to use a Palo Alto firewall because they have one way of working and one interface, but if you have a greenfield deployment or your on-prem is old or legacy, then I would advise going for Azure Firewall. Its basic features were enough for us. The single sign-on experience was also okay. We had no problem with that. If required, we can use Privileged Identity Management or MFA. All these features are there within Azure. I would rate it an eight out of ten.
Sr. Technical Consultant - Cloud Delivery at a tech services company with 501-1,000 employees
Real User
2022-08-15T08:34:00Z
Aug 15, 2022
It's a common firewall. I haven't faced any issues or problems with it. In Azure services itself, there are other security implementations provided, to do with DDoS protection on the networks. There are certain firewall rules as well and things that we can deploy at the subnet level and on the NIC level. Along with Azure Firewall, other security services have been implemented. It's okay for small and medium-sized organizations that cannot afford to buy a third-party vendor or security appliances to protect their perimeter. Azure Firewall should suffice for them. Also, as cloud administrators or architects, we are the ones who take care of the protection. As long the end-user is connected with the application, they're fine. To them, it doesn't matter whether we're using Azure Firewall or a third-party appliance. They don't know what is going on at the infrastructure level. They just want the application and the performance to be good. For small and medium-sized organizations that are not ready to invest in a third-party firewall, and clients who are not so concerned about data security, Azure Firewall is the best solution. If a company needs more protection of, say, their email service, they could go with Proofpoint, an IaaS, or PaaS. For one of our large organizations, where they have financial services and a retail business, they went for a third-party solution along with Azure Firewall. Overall, I would rate Azure firewall at eight out of 10. There are many advanced features in the other firewalls that are not available in Azure.
IT Infrastructure Architect at a financial services firm with 10,001+ employees
Real User
2022-06-25T19:24:00Z
Jun 25, 2022
I'd rate the solution nine out of ten. The solution is very simple to implement. In terms of the security policy, it's good. Previously, we had to define how the solution was used and we had to configure it. It's necessary to define and have a good plan as the solution is very fast to implement. The velocity has to be contained via having a good plan. You need to be very clear and very detailed. Be prepared and plan everything in advance.
We are a customer and an end-user. We look at the solution and assign it according to our client's needs. it's situational. Based on the actual firewall capabilities, I would say it's a five out of ten in terms of a rating.
I would advise people who are interested in Azure Firewall to find the people who can implement it, because not everyone is able to do everything in the proper way. Some people will go ahead and do the configuration but it's not the right configuration. The client will start to have issues and will start to complain about the product. But the problem is not the product, it's the implementation itself. The person who did it wasn't knowledgeable enough.
Network Administrator at a government with 201-500 employees
Real User
2021-12-16T21:48:00Z
Dec 16, 2021
I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet." They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.
Cloud Architect at a tech services company with 10,001+ employees
Real User
2021-12-15T16:47:00Z
Dec 15, 2021
When it comes to firewalls or any other type of security device, it is more of an analysis done by your security team to determine whether or not it meets your security requirements. If we are only talking about product and features, I would recommend it because from a cloud perspective, and specifically, if you are using Azure, it is quite easy from a manageability, operations, and configuration standpoint, with respect to the PaaS services. Whereas if you deploy other vendors on Azure, managing the PaaS services would be difficult because Azure uses service tags, which you can simply configure in Azure Firewall for your PaaS services and other, even VMs. However, if you use other product vendors, there will be some kind of IP address restriction. If you're in an Azure environment, I'd recommend Azure Firewalls. If it is any other type of environment, we will most likely have to reassess it. As of now, it is pretty easy to rate it as nine. I won't rate it as 10 because we haven't searched much of the features. I would rate Azure Firewall a nine out of ten.
Senior Security Operations and Cyber Risk Analyst at a financial services firm with 51-200 employees
Real User
2021-08-17T13:11:00Z
Aug 17, 2021
It's a solid solution. I would tell anybody to definitely give it a try, and consider it as one of the options when looking for a firewall to use in Azure space. I would say if they can go for the premium version upfront, rather than starting with the standard version, then trying to transition to a premium version. It addresses a lot of the issues and concerns in this space today. They should start with the premium rather than upgrade. Once they can afford it, go straight to premium. I would rate Azure Firewall an eight out of ten.
Group Cloud Competency Center Manager at a transportation company with 10,001+ employees
Real User
2021-08-11T10:47:00Z
Aug 11, 2021
You should have a clear understanding of Azure Firewall. You should understand how Microsoft packages it as a service. If you don't understand how is it composed and how it works, it will bring some unexpected issues during your day-to-day operation. This is a major service from Microsoft, so the quality of Microsoft's product will directly impact the service you want to offer to your customer or users. If you understand it well and test it well, it will give you fewer surprises in the future. I would rate Azure Firewall a seven out of 10.
Technical Architect at a tech services company with 10,001+ employees
Real User
2021-05-26T13:29:00Z
May 26, 2021
I would estimate the number of people in our organization who are utilizing the solution to be 100 +. My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. I rate Azure Firewall as a seven out of ten.
Senior Network Security Engineer at Qatar Datamation Systems
MSP
2020-10-14T06:37:00Z
Oct 14, 2020
Features Azure Web App Firewall Fortiweb WAF F5-ASM Remarks OWASP Top 10 Attack Yes Yes Yes Azure WAF supports only SQL and XSS protection AI-based Machine Learning Threat Detection No Yes NO Deep Integration into the Fortinet Security Fabric and Third-Party Scanners No Yes Yes Solving the Challenge of False Threat Detections No Yes No FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. Advanced Graphical Analysis and Reporting No Yes Yes Layer 7 server load balancing Yes Yes Yes URL Rewriting Yes Yes Yes URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment. docs.microsoft.com Content Routing Yes Yes Yes HTTPS/SSL Offloading Yes Yes Yes HTTP Compression Yes Yes Yes Caching Yes Yes Yes Auto Scaling Yes Yes Yes File upload scanning with AV and sandbox No Yes Yes Built in Vulnerblity Scanner No Yes No CAPTCHA and Real Browser Enforcement (RBE) No Yes Yes HTTP RFC compliance Yes Yes Yes Zero-day Attack Protection No Yes Yes Security policy creation based on Server Technology No Yes Yes Virtual Patching No Yes Yes Geo IP analytic Yes Yes Yes HTTP Denial of Service Yes yes Yes Bot Protection Yes Yes Yes Positive Security Model No Yes Yes Bot Deception No Yes Yes API Gateway No Yes Yes Mobile API Protection No Yes Yes JSON XML Protection No Yes Yes Header Security No Yes Yes Man-in-the-Middle No Yes Yes No TLS 1.3 Support No Yes Yes Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner. FortiWeb is tested and validated by Gartner and NSS Labs.
I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. I would rate Azure Firewall an eight out of ten.
Cloud Architect at a pharma/biotech company with 10,001+ employees
Real User
2020-08-19T07:57:35Z
Aug 19, 2020
We're just a customer at this time. We don't have any kind of special business relationship with Azure. I'm not sure which version of the solution I'm currently using is. I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.
My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment. There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable. This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement. I would rate this solution a nine out of ten.
Owner at a financial services firm with 1,001-5,000 employees
Real User
2020-03-18T06:06:03Z
Mar 18, 2020
The network firewall is a complex project, you have to review all the requirements. It's possible that sometimes the Azure Firewall won't be able to support some things because they customize their applications and they may not meet with the Azure Firewall's features. Each user has unique requirements on shaping or manipulating network traffic. I wouldn't recommend any product without doing the research. I would rate this product an eight out of 10.
We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company. I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.
IT Senior Architect, Infrastructure and Cloud Solutions at a government with 501-1,000 employees
Real User
2020-01-22T12:45:00Z
Jan 22, 2020
We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary. The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.
Manager - Network & Security at CtrlS Datacenters
Consultant
2020-01-16T08:44:00Z
Jan 16, 2020
This is a solution that I recommend for internet-facing network traffic. When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less. Overall, I would rate this solution a seven out of ten.
Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS...
I would recommend Azure Firewall based on the specific needs and cloud architecture of the organization. We plan to use it in another project soon. Overall, I would give it an eight out of ten.
Azure Firewall integrates well with multiple platforms. For instance, I have successfully integrated it with AWS Firewall to facilitate secure data migration between Azure and AWS environments. I recommend implementing it to secure your data. Despite the misconception that cloud environments are inherently secure, it is crucial to configure and manage your firewall properly. I rate it a ten out of ten.
In Azure, I use everything in its ecosystem, ranging from Azure Key Vault to Azure Storage. The threat intelligence system is mainly a tool for analyzing traffic inside or outside of a mainstream company. Based on the pattern that the tool gets, which is mostly signature-based, the solution detects the attacks. The tool works mainly with signature-based detection areas. Recently, with the AI tools integrated with Azure, the tool has also analyzed areas based on the massive amount of data that is being passed through the network. The tool can analyze and provide an alarm for the attack, making it like the IDS or IPS system. We cannot compare point to point as to what challenges the tool helps its users overcome because many customers use Azure since they don't have any other solution other than Azure Firewall. I can use other platforms, like Fortinet Cloud, but integrating Fortinet to Azure is a massive job and involves a lot of work, and I don't think it is worth doing it. If somebody wants to move to the cloud, like Azure, they are most probably using all the features inside Azure, like Azure Firewall, Azure Storage, and everything that is included in Azure. They don't use any other products outside of Azure's ecosystem since it won't make any sense. It is also the same for AWS. If you are using AWS, probably the best thing is to use AWS Firewall. The scalability of Azure Firewall in handling our growing network traffic is very effective. The tool does a perfect job of handling growing network traffic. We get full control of your network. You can change all sorts of IPs and ports and control almost all of the traffic. I rate the tool a nine out of ten.
Overall, I would rate it eight out of ten.
I'd rate the solution seven out of ten. It's easy to use and fairly easy to configure. However, you need to factor in the cost. For a large enterprise, it makes sense. For a small to medium enterprise, a cheaper option might be better.
I would rate the product an eight out of ten.
If you have an ecosystem based on, for instance, Palo Alto, it would be better to use a Palo Alto firewall because they have one way of working and one interface, but if you have a greenfield deployment or your on-prem is old or legacy, then I would advise going for Azure Firewall. Its basic features were enough for us. The single sign-on experience was also okay. We had no problem with that. If required, we can use Privileged Identity Management or MFA. All these features are there within Azure. I would rate it an eight out of ten.
It's a common firewall. I haven't faced any issues or problems with it. In Azure services itself, there are other security implementations provided, to do with DDoS protection on the networks. There are certain firewall rules as well and things that we can deploy at the subnet level and on the NIC level. Along with Azure Firewall, other security services have been implemented. It's okay for small and medium-sized organizations that cannot afford to buy a third-party vendor or security appliances to protect their perimeter. Azure Firewall should suffice for them. Also, as cloud administrators or architects, we are the ones who take care of the protection. As long the end-user is connected with the application, they're fine. To them, it doesn't matter whether we're using Azure Firewall or a third-party appliance. They don't know what is going on at the infrastructure level. They just want the application and the performance to be good. For small and medium-sized organizations that are not ready to invest in a third-party firewall, and clients who are not so concerned about data security, Azure Firewall is the best solution. If a company needs more protection of, say, their email service, they could go with Proofpoint, an IaaS, or PaaS. For one of our large organizations, where they have financial services and a retail business, they went for a third-party solution along with Azure Firewall. Overall, I would rate Azure firewall at eight out of 10. There are many advanced features in the other firewalls that are not available in Azure.
I'd rate the solution nine out of ten. The solution is very simple to implement. In terms of the security policy, it's good. Previously, we had to define how the solution was used and we had to configure it. It's necessary to define and have a good plan as the solution is very fast to implement. The velocity has to be contained via having a good plan. You need to be very clear and very detailed. Be prepared and plan everything in advance.
We are a customer and an end-user. We look at the solution and assign it according to our client's needs. it's situational. Based on the actual firewall capabilities, I would say it's a five out of ten in terms of a rating.
I would advise people who are interested in Azure Firewall to find the people who can implement it, because not everyone is able to do everything in the proper way. Some people will go ahead and do the configuration but it's not the right configuration. The client will start to have issues and will start to complain about the product. But the problem is not the product, it's the implementation itself. The person who did it wasn't knowledgeable enough.
I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet." They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.
When it comes to firewalls or any other type of security device, it is more of an analysis done by your security team to determine whether or not it meets your security requirements. If we are only talking about product and features, I would recommend it because from a cloud perspective, and specifically, if you are using Azure, it is quite easy from a manageability, operations, and configuration standpoint, with respect to the PaaS services. Whereas if you deploy other vendors on Azure, managing the PaaS services would be difficult because Azure uses service tags, which you can simply configure in Azure Firewall for your PaaS services and other, even VMs. However, if you use other product vendors, there will be some kind of IP address restriction. If you're in an Azure environment, I'd recommend Azure Firewalls. If it is any other type of environment, we will most likely have to reassess it. As of now, it is pretty easy to rate it as nine. I won't rate it as 10 because we haven't searched much of the features. I would rate Azure Firewall a nine out of ten.
Azure Firewall is fine, but it's not suitable for our organization and that's why we have decided to move away from it.
Overall, this is a good product and we will continue working with it. I would rate this solution a nine out of ten.
It's a solid solution. I would tell anybody to definitely give it a try, and consider it as one of the options when looking for a firewall to use in Azure space. I would say if they can go for the premium version upfront, rather than starting with the standard version, then trying to transition to a premium version. It addresses a lot of the issues and concerns in this space today. They should start with the premium rather than upgrade. Once they can afford it, go straight to premium. I would rate Azure Firewall an eight out of ten.
You should have a clear understanding of Azure Firewall. You should understand how Microsoft packages it as a service. If you don't understand how is it composed and how it works, it will bring some unexpected issues during your day-to-day operation. This is a major service from Microsoft, so the quality of Microsoft's product will directly impact the service you want to offer to your customer or users. If you understand it well and test it well, it will give you fewer surprises in the future. I would rate Azure Firewall a seven out of 10.
I would estimate the number of people in our organization who are utilizing the solution to be 100 +. My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. I rate Azure Firewall as a seven out of ten.
I would definitely recommend it. On a scale from one to ten, I would give Azure Firewall an eight.
Features Azure Web App Firewall Fortiweb WAF F5-ASM Remarks OWASP Top 10 Attack Yes Yes Yes Azure WAF supports only SQL and XSS protection AI-based Machine Learning Threat Detection No Yes NO Deep Integration into the Fortinet Security Fabric and Third-Party Scanners No Yes Yes Solving the Challenge of False Threat Detections No Yes No FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. Advanced Graphical Analysis and Reporting No Yes Yes Layer 7 server load balancing Yes Yes Yes URL Rewriting Yes Yes Yes URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment. docs.microsoft.com Content Routing Yes Yes Yes HTTPS/SSL Offloading Yes Yes Yes HTTP Compression Yes Yes Yes Caching Yes Yes Yes Auto Scaling Yes Yes Yes File upload scanning with AV and sandbox No Yes Yes Built in Vulnerblity Scanner No Yes No CAPTCHA and Real Browser Enforcement (RBE) No Yes Yes HTTP RFC compliance Yes Yes Yes Zero-day Attack Protection No Yes Yes Security policy creation based on Server Technology No Yes Yes Virtual Patching No Yes Yes Geo IP analytic Yes Yes Yes HTTP Denial of Service Yes yes Yes Bot Protection Yes Yes Yes Positive Security Model No Yes Yes Bot Deception No Yes Yes API Gateway No Yes Yes Mobile API Protection No Yes Yes JSON XML Protection No Yes Yes Header Security No Yes Yes Man-in-the-Middle No Yes Yes No TLS 1.3 Support No Yes Yes Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner. FortiWeb is tested and validated by Gartner and NSS Labs.
I would recommend Azure Firewall, but it is all about the client's priority and budget. If a client wants to use Azure Firewall, we do that. If the clients wants FortiGate or Sophos, or the cost is higher for the clients to use Azure Firewall, they can move to FortiGate or Sophos. For low budget or low cost, I recommend FortiGate. I would rate Azure Firewall an eight out of ten.
We're just a customer at this time. We don't have any kind of special business relationship with Azure. I'm not sure which version of the solution I'm currently using is. I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.
My advice to anybody who is considering this solution is to be clear about your requirements. It is critical to know what the capabilities of the firewall are, as well as what is nice to have when it comes to filtering and protecting the environment. There are different threat profiles when it comes to protecting user traffic. For example, in a VDI environment, where the users are in the cloud, generating traffic and browsing the internet on virtual machines, Azure might not be the best fit. On the other hand, to protect the workloads on servers like application servers or database servers, it's a perfect fit. So, it is important to be clear about the use cases in order to determine whether it is suitable. This is a relatively new product but Microsoft is really fast in their development and you never know what they are planning. In perhaps six months, I might rate it a ten out of ten. Nonetheless, at this time there is still some room for improvement. I would rate this solution a nine out of ten.
I would rate it a six out of ten. It's good enough but it's not as good as other virtual appliances. It's good enough.
The network firewall is a complex project, you have to review all the requirements. It's possible that sometimes the Azure Firewall won't be able to support some things because they customize their applications and they may not meet with the Azure Firewall's features. Each user has unique requirements on shaping or manipulating network traffic. I wouldn't recommend any product without doing the research. I would rate this product an eight out of 10.
We're Azure partners and have an enterprise agreement with the company, however, we may be switching. We also have a dedicated Account Manager with the company. I'd rate the solution seven out of ten. It's missing a few capabilities our organization would really like to see.
I would highly recommend this product. I would rate this product an eight out of 10.
We've used both the on-premises as well as the cloud deployment models. We also occasionally use a hybrid model. During migrations, we use hybrids. Once the migration is done, we move onto the full cloud and pass if over to private cloud or have public access as necessary. The Azure firewall is prioritized as it is managed solution and does not require any infrastructure base (backbone) hardware support.
This is a solution that I recommend for internet-facing network traffic. When it comes to rating this solution, there are two components here. For layer four traffic, I would rate it an eight out of ten. For layer seven traffic, however, I would rate it less. Overall, I would rate this solution a seven out of ten.