What needs improvement with Microsoft Azure Application Gateway?

The solution needs improvements in integrating different services and creating a better application balance.

The solution can sometimes feel a little cumbersome unless you're a professional infrastructure person. I think the tool is just inherently complicated. You have to manually decide things that could have been done best by default.

Microsoft Azure Application Gateway is not scalable.

We had to switch the tool once. We faced some downtime while validating CNAME. We could not validate it before the switch. It was annoying, but it was not that big of a problem.

The application gateway is good, but performance improvement in the containerization environment is needed. The traffic that relies on HTTP for a website is being manually configured to HTTPS. This process should be automated. If the protocol is HTTP, it should automatically redirect to HTTPS.

We have encountered some issues with automatic redirection and cancellation, leading to 502 and 504 gateway errors. We suspect the containers we use might be contributing to these issues. So, I experienced some trouble with containers.

Microsoft needs to work on their documentation. The scalability needs improvement.

Microsoft Azure Application Gateway is harder to manage than Imperva. It is not intuitive and stable compared to other products.

The tool's pricing could be improved.

The solution doesn’t support wildcard-based and regular expression-based rules. Wherever it works, we use it. Where it doesn’t work, we use other products. We are waiting to get regular expression support on the path-based rules in future releases. Without it, some of the complex routing cannot be done. For example, if we have 50 path-based routing rules, instead of writing 50 rules, I can write the regular expression-based rule and reduce them to one or two. It would minimize the management of rules.

The tool is a pain to deal with when it comes to the area of configuration. Basically, users get a lot of false positives with the product. The aforementioned area can be considered for improvement in the product. I think the reporting elements could be a bit better in terms of having built-in reports, considering how everything has to be a cluster query when you write it, making it an area where users customize the tool. The reporting elements are an area with shortcomings in the tool that could be better as it would be useful to deal with false positives.

The working speed of the solution needs improvement.

The product should improve its cost-to-performance ratio.

The login mechanism could be improved.

The support provided for the solution has certain shortcomings that need improvement, especially when it comes to the response time from the support team.

Application Gateway’s limitation is that the private and the public endpoint cannot use the same port. But I believe they are working on it. Another shortcoming is that the maximum permissive size for the request body size is two MB, and it needs to be increased up to five MB or more. Some other third-party solutions or even AWS provides better request body size in this regard. I would like to see some more features in WAF with the next release to make it more competitive with leading web solution providers. When we compare the WAF with other solutions like F5’s WAF, Application Gateway’s WAF has fewer features.

The support can be improved when you are configuring the system rules. The Disaster Recovery feature can be added in the next release. The price of the solution can be reduced a bit.

The solution is easy to use overall, but the dashboard could be updated with a better layout and graphical design so that we can see the data a bit easier. Microsoft could also add more documentation. The documentation Microsoft provides doesn't tell us about resource requirements. We found that the instances we had weren't sufficient to support the firewall, so we had to increase them.

I want the solution's support to improve. The tool is also expensive.

The solution could improve by increasing the performance when doing updates. For example, if I change the certificate it can take 30 minutes. Other vendors do not have this type of problem.

It could be easier to change servicing.

The graphical interface needs improvement because it is not user friendly. There isn't a standardized process for blocking IPs. IPs need to be blocked individually, whether one or one hundred. A normal scenario would be to copy and paste multiple IPs at the same time but the solution does not offer this option. Updating takes a long time and is up to the WAF. In most cases, we prepare scripts to handle these updates.

The increased security that we are considering is because of some of the things that the security team has brought to our attention. They have pointed out that we would most likely require a better web application firewall than Azure Application Gateway. That's the issue, that we are looking into.

It is a bit tricky to configure in the UI. You've got to configure front end back end ports ips and the map the listeners & rules for single or multi sites to configure it. They should make it a little bit easier to configure a pre-defined configuration Mapping the certificates from key vault. I think this would make app-gateway much better although it is a very good secure product. Automating this end to end takes a bit of of time to work out but once its done its very secure.

The solution could improve security. In the next release, the solution could improve the integration with Service Mesh and other Azure Security Services.

It could be more stable, and support could be better. It would also be better if they offered more features. For example, it lacks security features. Before we used another English solution, and we realized that some of the rules were not set up correctly and passed through the Application Gateway's English controllers. But the problem, in this case, is if you send ten rules, for example, six rules hit some issues. IP address blocking could be better. The rules, for example, don't work properly. If you have one issue, one rule or another rule will not work. This sounds like total madness to me.

It takes a lot of time for a certificate to update in the system. That is a huge drawback, affecting the load-balancing side. And when there are changes to the load balancing, it affects the end-user.

One of the challenges we faced was the solution does not support any other PCP protocols apart from HTTP and HTTPS. We had some requirement for load balancing that it did not support SAP, they should provide support for more protocols.

The configuration is very specific right now and needs to be much more flexible. They need to work on it so that it's much easier to configure the solution so that it works how we need it to. It needs to be customizable. The firewall portion of the gateway is very basic. It needs to be improved upon. It needs to be more robust.

Occasionally the solution is too secure and we need it to allow in specific traffic. It tends to cut that traffic off due to its high security settings. The monitoring on the solution could be better. The product requires better reporting capabilities. Currently, we need to have a third-party handle that aspect for us. There needs to be more of a security center. That way, we're able to see everything that's going on in the system. The product needs to offer DDoS protection.

Scalability can be a bit of an issue although it's better in v2. I'd also like to see increased flexibility. There are limits when you want to share an application gateway across multiple clusters. I know Microsoft is working on that, but we don't know when it will be finished and released to the public.

It does not have the flexibility for using public IPs in version 2.

The functionality needs a lot of improvement. The security of the product could be adjusted. The scalability needs improvement. Overall, it just wasn't a great product. It was lacking in a lot of areas. Just watching the industry, it could be that Microsoft, is going to have to give more resources to it in order to make it work. Microsoft knows a lot about software. They're going to have to get more resources into it and add people and time to it to make it competitive. They may even need to consider some sort of acquisition to bring in new tech. Right now, the solution just isn't there in terms of what is needed and expected. The solution simply has to be more comparable to other leading product s at this point. It's just lacking the overall intelligence to compete.

The main drawback of the solution is that it's only for Azure. I'd like to see easier integration with the existing SIAM. Even when they do introduce new features, it's in preview for a long time, like the current geo filter option which is in review but it's been there for a long time. Microsoft could introduce preview options more quickly.

The documentation is not user-friendly and it is not very easy to use. For the first-time user, it is difficult to understand so the user-interface needs to be improved. The tutorials are something that can be improved upon. I would like to see this more of a multitenant solution.

The pricing of the solution could be improved. Right now, it's a bit expensive. Although the integration is quite good, it could still be improved upon. The implementation should be further simplified to make it easier to use right from the onset.

The pricing of the solution is a bit high. The solution should offer different pricing systems.