One thing that would help engineers adopt it better is the documentation. It is lacking and scattered across various locations. You have multiple pages open, which can be confusing. I mostly relied on third-party YouTube videos for understanding. Improvement in reporting and better visibility into network traffic would also be beneficial.
Maybe one of the things in the tool where improvements are needed as there are some shortcomings consists of Azure Firewall Manager. Azure Firewall Manager is one of the best things that can be made more capable of managing all sorts of different areas within Azure. The other thing is the traffic inspection part where improvements are needed, specifically by working on improving the engine and database.
Director, Technology at a computer software company with 5,001-10,000 employees
MSP
Top 10
2023-11-01T17:49:00Z
Nov 1, 2023
The cost of the solution has increased. The robustness of the software could be better. It should be able to cover host-to-host traffic or HTTP traffic. Configurations can be better. The workloads need to still have free access. The encryption and decryption process is not that seamless. It's a little heavy compared to a FortiGate or other firewalls.
Rules management could be better. You have all kinds of rules, and they can put something better in place there. There should be better monitoring and logging. Currently, it is put in Sentinel. It should be more seamless and from the interface.
Sr. Technical Consultant - Cloud Delivery at a tech services company with 501-1,000 employees
Real User
2022-08-15T08:34:00Z
Aug 15, 2022
For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall.
An Azure firewall is not a real firewall. It has a lot of things to improve on. It should go and make a list of other firewalls and apply what they offer to its services. It requires features such as IDS, IPS, anti-virus, et cetera. The security protections on offer need to be better.
In terms of features, it is great, but it has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB.
Network Administrator at a government with 201-500 employees
Real User
2021-12-16T21:48:00Z
Dec 16, 2021
Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense
Cloud Architect at a tech services company with 10,001+ employees
Real User
2021-12-15T16:47:00Z
Dec 15, 2021
I'm not sure if that is still supported because we haven't yet explored all of the features, but it was on our future roadmap to integrate all restriction traffic and anything with our ITSM tool, most likely ServiceNow. So that an auto ticket can be generated for the ingenious, remediation and fixing can be done. Any type of automation can come into play there as well. Those are on our to-do list. But we're still looking into it. It is yet to be discovered. It would be much easier if the on-premises, firewall rules, had some kind of export-import possibility in place, which is not the case right now. As I previously stated, the same integration, most likely ITSM tool integration, is one of those features we'd like to investigate to see if it exists or not, so we can have a more forward-thinking perspective on it.
Senior Security Analyst at a tech vendor with 1,001-5,000 employees
Real User
2021-10-11T07:00:00Z
Oct 11, 2021
If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.
Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors. The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved. The visibility is much less with Azure Firewall than it is with other products.
Senior Security Operations and Cyber Risk Analyst at a financial services firm with 51-200 employees
Real User
2021-08-17T13:11:00Z
Aug 17, 2021
We had an instance where it wasn't processing the rules and we had to engage Microsoft to resolve that issue. Microsoft Support needs to improve its response time. For larger enterprises, they need to adjust the scalability. This is the only issue that I'm have found that it attributed to the two weeks of downtime we had experienced. They need to offer either a scaled-up or scaled-out version or versions for larger enterprise companies. This would greatly improve the solution.
Group Cloud Competency Center Manager at a transportation company with 10,001+ employees
Real User
2021-08-11T10:47:00Z
Aug 11, 2021
It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide. It is still not at par with traditional next-generation firewalls. It is still behind other network and firewall vendors such as Palo Alto. There are other advanced and leading products in the market, and Azure Firewall is still a follower. So, they can consider investing more in this product and make it a market leader like Azure.
Technical Architect at a tech services company with 10,001+ employees
Real User
2021-05-26T13:29:00Z
May 26, 2021
It would be nice to be able to create groupings for servers and offer groups of IP addresses. I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.
Cloud Architect at a manufacturing company with 1,001-5,000 employees
MSP
2021-05-11T20:42:06Z
May 11, 2021
The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto.
Cloud Architect at a pharma/biotech company with 10,001+ employees
Real User
2020-08-19T07:57:35Z
Aug 19, 2020
The solution isn't missing features per se. Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate. There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.
Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group. Tagging is supported but not on the instances, which is something that could be improved. The selection of the internal resources into the ruleset could be improved. Support for layer-seven application filtering should be added because it is not there yet, at all. It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement. The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.
Owner at a financial services firm with 1,001-5,000 employees
Real User
2020-03-18T06:06:03Z
Mar 18, 2020
The interface could be improved, it's not very user friendly. They are now trying to compete with a new Chinese domestic public cloud provider which has more features. It's difficult to find the ports on the current interface, but it's easier with this new provider. We're looking to provide a better routing, or something like an SD-WAN solution that can improve the user experience. I think that's something Azure can do as an additional feature. There are five Azure clouds: Two belong to the US government and one is worldwide. Then there is Germany Azure and China Azure. China Azure is barely able to communicate with the rest of the world, and that connectivity issue needs to be looked at in detail and a solution found.
The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks. There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it. In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.
I think that their customer support could be improved with a faster response time. I think the product could be made more customizable, I'd like to see that in the next release.
Manager - Network & Security at CtrlS Datacenters
Consultant
2020-01-16T08:44:00Z
Jan 16, 2020
This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this. In the next release, I would like to see the inclusion of more next-generation firewall features.
Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS...
One thing that would help engineers adopt it better is the documentation. It is lacking and scattered across various locations. You have multiple pages open, which can be confusing. I mostly relied on third-party YouTube videos for understanding. Improvement in reporting and better visibility into network traffic would also be beneficial.
The product pricing could be more competitive.
Maybe one of the things in the tool where improvements are needed as there are some shortcomings consists of Azure Firewall Manager. Azure Firewall Manager is one of the best things that can be made more capable of managing all sorts of different areas within Azure. The other thing is the traffic inspection part where improvements are needed, specifically by working on improving the engine and database.
It could potentially be more cost-effective. There is room for further integration of AI into the system.
The cost of the solution has increased. The robustness of the software could be better. It should be able to cover host-to-host traffic or HTTP traffic. Configurations can be better. The workloads need to still have free access. The encryption and decryption process is not that seamless. It's a little heavy compared to a FortiGate or other firewalls.
The solution should incorporate features similar to competitors like split tunneling.
Rules management could be better. You have all kinds of rules, and they can put something better in place there. There should be better monitoring and logging. Currently, it is put in Sentinel. It should be more seamless and from the interface.
For large organizations, a third-party firewall would be an added advantage, because it would have more advanced features, things that are not in Azure Firewall.
The development area and QA area could be improved. With those improvements, we can improve projects and take even less time to implement them.
An Azure firewall is not a real firewall. It has a lot of things to improve on. It should go and make a list of other firewalls and apply what they offer to its services. It requires features such as IDS, IPS, anti-virus, et cetera. The security protections on offer need to be better.
In terms of features, it is great, but it has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB.
Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense
I'm not sure if that is still supported because we haven't yet explored all of the features, but it was on our future roadmap to integrate all restriction traffic and anything with our ITSM tool, most likely ServiceNow. So that an auto ticket can be generated for the ingenious, remediation and fixing can be done. Any type of automation can come into play there as well. Those are on our to-do list. But we're still looking into it. It is yet to be discovered. It would be much easier if the on-premises, firewall rules, had some kind of export-import possibility in place, which is not the case right now. As I previously stated, the same integration, most likely ITSM tool integration, is one of those features we'd like to investigate to see if it exists or not, so we can have a more forward-thinking perspective on it.
If I had to pick one area that needs improvement it would be the antivirus functionality, because it doesn't scan traffic for malware. It needs TLS inspection.
Compared to FortiGate and Palo Alto, Azure Firewall is not very flexible. There are multiple options for VPNs and the other features, and most of my clients are implementing third-party products that they are getting from the marketplace and other vendors. The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved. The visibility is much less with Azure Firewall than it is with other products.
We had an instance where it wasn't processing the rules and we had to engage Microsoft to resolve that issue. Microsoft Support needs to improve its response time. For larger enterprises, they need to adjust the scalability. This is the only issue that I'm have found that it attributed to the two weeks of downtime we had experienced. They need to offer either a scaled-up or scaled-out version or versions for larger enterprise companies. This would greatly improve the solution.
It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide. It is still not at par with traditional next-generation firewalls. It is still behind other network and firewall vendors such as Palo Alto. There are other advanced and leading products in the market, and Azure Firewall is still a follower. So, they can consider investing more in this product and make it a market leader like Azure.
It would be nice to be able to create groupings for servers and offer groups of IP addresses. I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.
The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto.
They can improve the pricing of Azure Firewall.
The solution isn't missing features per se. Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate. There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.
Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group. Tagging is supported but not on the instances, which is something that could be improved. The selection of the internal resources into the ruleset could be improved. Support for layer-seven application filtering should be added because it is not there yet, at all. It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement. The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.
There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive.
The interface could be improved, it's not very user friendly. They are now trying to compete with a new Chinese domestic public cloud provider which has more features. It's difficult to find the ports on the current interface, but it's easier with this new provider. We're looking to provide a better routing, or something like an SD-WAN solution that can improve the user experience. I think that's something Azure can do as an additional feature. There are five Azure clouds: Two belong to the US government and one is worldwide. Then there is Germany Azure and China Azure. China Azure is barely able to communicate with the rest of the world, and that connectivity issue needs to be looked at in detail and a solution found.
The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks. There's already a web application firewall for detection, however, it isn't as useful as it could be. They should work to improve it. In terms of prevention, I don't think it's any better than just a regular firewall. They need to add more security features to make it more powerful and more secure.
I think that their customer support could be improved with a faster response time. I think the product could be made more customizable, I'd like to see that in the next release.
In a future release, it could be empowered by combining with Azure Private DNS and Front Door.
This solution is not mature when it comes to handling perimeter traffic like internet browsing. It is lacking in some of the security features. Palo Alto and Fortinet are better for this. In the next release, I would like to see the inclusion of more next-generation firewall features.