Azure Firewall Reviews

We are using Entra ID for basic purposes, for authentication and basic securities. That is what we are using Entra ID for, including MFA and SSO, all these things we are enabling.

We are using Power BI Pro, P1, which got converted to Fabric F64.

We have a couple of applications on Azure that have been posted there, so for that, we are using WAF.

We purchased it directly from Microsoft through our partner. Using SSO, through enterprise application SSO, we are configuring it, and through SSO, we can manage those cloud applications. Some applications are in our environment, and those have been protected by WAF, which means Azure Firewall. So that has been handled.

Azure Firewall is required when you are hosting any application on the cloud, specifically in Azure. In such cases, we cannot have different firewalls; it is better to use Azure.

We have seen improvements to our organization through the implementation of Azure Firewall.

It is effective for administering firewall policies. It is very simple; it's not tough to manage, so we're getting the benefit out of that.

Azure Firewall is the application firewall only, not a hardware firewall. Having an application firewall enables us to use the firewall functionality on the cloud. Rather than having a hardware firewall, if we have anything in on-premise physical systems, we need to have physical firewalls such as Cisco and other Merakis. We need to put all firewalls there. With Azure Firewall on the cloud, you just need to subscribe to the firewall, configure it, and it will help you protect your environment. That is the basic benefit.

We haven't required any support, but overall, Microsoft support is good. Whenever we raise any concern, they are supporting us on time.

Currently it is good. We are not a public-facing company; it is a retail company only, so that's why I don't think it is required. We don't have an e-commerce solution on Azure. For that, we are using a different stack for the e-commerce portal, so that is not in Azure. We are only using it for business applications, and I think L3 filtering in network security suffices for our problem currently.

Regarding scalability for Azure Firewall, we don't need it here because the request to the application is internal. All are internal users. So there is not much request to get into the application, so scalability is not required for us in the current scenario.

I have been dealing with Azure Firewall for approximately three years.

For our use case, Azure Firewall is stable enough. We don't face any problems.

Regarding scalability for Azure Firewall, we don't need it here because the request to the application is internal. All are internal users. So there is not much request to get into the application, so scalability is not required for us in the current scenario.

We haven't required any support, but overall, Microsoft support is good. Whenever we raise any concern, they are supporting us on time.

Positive

Azure Firewall is okay; the pricing is good enough for the basic one. The advanced one we are not using, and we don't need it.

With API Management, the pricing is high if I go to the advanced level. The basic one is okay, but there is a huge difference between the basic and advanced levels. The standard functionality for API Management is at a zero level, and then the next level is one. The difference between zero and one is very huge. It would be better if there were some different subscription between zero and one.

If the basic is free and standard is $100 per hour, that would be too much for a retailer. If there would be something in between, such as $15 or $50, that would be more useful in our case. With licensing, the different models, the difference between each model is very huge. There should be a little bit of difference, or a benefit of 50% could be increased.

It is straightforward to install Azure Firewall, as well as Azure API Management.

Both have their own capabilities. Azure Firewall is required when you are hosting any application on the cloud, specifically in Azure. In such cases, we cannot have different firewalls; it is better to use Azure. For Meraki, it is more for controlling the physical hardware or physical firewalls on-premises through the cloud. They have a different use case altogether.

Having an application firewall means Azure Firewall is the application firewall only, not a hardware firewall. Having an application firewall enables us to use the firewall functionality on the cloud. Rather than having a hardware firewall, if we have anything in on-premise physical systems, we need to have physical firewalls such as Cisco and other Merakis. We need to put all firewalls there. With Azure Firewall on the cloud, you just need to subscribe to the firewall, configure it, and it will help you protect your environment. That is the basic benefit.

It is straightforward to install Azure Firewall, as well as Azure API Management.

Azure Firewall pricing is good enough for the basic version. The advanced one we are not using, and we don't need it.

With API Management, the pricing is high for the advanced level. The basic one is okay, but there is a huge difference between the basic and advanced levels. The standard functionality for API Management is at a zero level, and then the next level is one. It would be better if there were some different subscription between zero and one.

If the basic is free and standard is $100 per hour, that would be too much for a retailer. If there would be something in between, such as $15 or $50, that would be more useful in our case.

For our use case, Azure Firewall is stable enough. We don't face any problems.

Azure Firewall is a separate product itself, not embedded into Fabric.

With Fabric, I think those are the basic setups for firewalls. So basic firewalls are there. On top of that, we are not using any advanced firewall or private endpoint. We are using completely Azure.

We are not getting into more detail regarding DNS proxy and all those basic setups.

I rate Azure Firewall 7 out of 10.

I have experience with Microsoft Defender across multiple products on the Azure side, Office 365 side, and on-premises.

I worked with Azure Machine Learning Studio, API Management, and Purview, though not extensively.

I primarily worked with infrastructure as a new Azure product, focusing on Fabric, MS Fabric, and AI Foundry.

I worked with Defender for Endpoint, Defender for Server, and Defender for Cloud.

My work mainly involved Azure Sentinel regarding Azure security tools such as Azure DDoS Protection and Azure Firewall.

Azure Firewall includes all standard next-generation firewall features with threat intelligence-based filtering. Most functions emerge when integrating with other Microsoft security products such as Defender for Cloud, Sentinel, Defender for Identity, and Entra ID. When connecting with these products, you gain access to deeper knowledge and functionality to provide optimal service to end customers.

Features that come with integrations within Microsoft products need to be added to make Azure Firewall more competitive. The security is now pivoting towards identity, which at Microsoft is a separate product set. If Azure Firewall can integrate identity features, it will help deliver additional next-generation capabilities. In an architectural manner, it's better to have centralized identity with multiple endpoints, with small tweaks in different areas to make it more uniform. Additionally, integrating DDoS and other features from other products into Azure Firewall would be advantageous for competition.

I am currently between positions and working with these technologies while waiting to join another company.

Azure Firewall is a good tool, though the price is higher compared to competing products. As an enterprise-scale product, it can be used in any company.

The popularity is affected by two main factors: price and security. Some firewall companies have been specializing in firewalls for 20-30 years, and customers have long-standing relationships with these products. Additionally, products handling multiple or heterogeneous environments' security help in evading attacks better than homogeneous solutions from cloud vendors. This is why people often choose different third-party solutions for security, making it harder for hackers to penetrate their systems.

I rate Azure Firewall an eight out of ten.

Typically, we use Azure Firewall for hosting and for servers, as our company is into e-commerce. As a security analyst, I try to use Sentinel to see if there is any gap in the security and inform them.

I find Azure Firewall easy to handle, which I believe is quite effective and valuable for our organization.

An important improvement for Azure Firewall could be the UI, as it could help us by clearly stating if there is already a conflicting rule, which is something I really look forward to.

Overall, we have been using Azure Firewall for approximately five years now.

Azure Firewall is scalable, and we are happy with that.

The solution allows us to expand the number of devices and the number of users.

It is scalable, but I rate it eight out of ten since the UI could have been better.

I have never had the chance to talk to Microsoft technical support, so I cannot provide a detailed assessment of their services.

Positive

We switched from Rapid7 and IBM to Microsoft Azure because after moving to Azure cloud, it was easier to manage things with Azure Firewall and Microsoft security, which is a unified solution that is developing things rapidly.

I recommend Azure Firewall because it is cloud-based, and now most solutions are moving to cloud. It is easy to manage and is similar to AWS Firewall, as both are cloud-based.

I do not have information about how Azure Firewall's threat intelligence feature impacts our security posture.

I cannot comment on the licensing cost for Azure Firewall as billing is not part of my responsibilities.

There are only two users working with Azure Firewall in our organization, who are part of engineering and administration.

I do not have information regarding how Azure Firewall supports AI-driven security measures in our company.

I do not have knowledge about whether we perform any maintenance from our side or if it is done automatically through the cloud for Azure Firewall.

I rate Azure Firewall 10 out of 10.

I used Azure Firewall for a few months in a project because of specific requirements, but I am not currently using it.

Azure Firewall deployment was not difficult because it has instructions and documentation available on the internet. I faced few problems with the configuration initially, but the documentation was rich enough that I went through that hurdle easily.

The only trouble I faced with Azure Firewall was related to configuration. When I started using Azure Firewall, I had no idea about how to configure it. Later, after passing both the Azure administrator exam and Azure solution architect exam, I went through important requirements and information regarding Azure Firewall, which made it easier.

From a development perspective, I worked with one network person, along with my development team. Overall, we had around three people with network and infrastructure expertise who were mainly responsible for the deployment of Azure Firewall.

We initially investigated pricing details because we needed the costing information for Azure Firewall. We then implemented basic traffic filtering using Azure Firewall standard features. We used a hub and spoke topology to centralize the security controls, setting up Azure Firewall in our hub and spoke topology with standard features.

Azure Firewall has a feature for filtering traffic from suspicious IPs or other threats. We needed to prevent those calls from accessing our API, which required us to route our requests in a filtering way.

For logging in our project, we use a logging mechanism in our internal environment. We integrated our logging module into Azure Firewall, ensuring only specific authenticated users can access this logging for auditing purposes.

Azure Firewall makes our tasks easier; otherwise, we would have to do many extra things manually to secure our APIs and requests. We have integrated Azure Monitor and Log Analytics, making logs easily visible in our Log Analytics. Azure Firewall is very compatible with integrating with other Azure services, which made our tasks for logging and development security much easier overall.

Diagnosing blocked traffic was initially challenging because we didn't know how to diagnose and integrate Azure Firewall with other Azure services for storing logs in Log Analytics. Tracking suspicious activities was also challenging at first because we had to learn to use Azure Firewall effectively.

The threat intelligence-based filtering in Azure Firewall uses Microsoft threat intelligence, which leverages AI and machine learning. There are some threat intelligence-based filtering features in the app and integration with Microsoft Sentinel. Currently, the AI-related features supported by Azure Firewall seem sufficient, though I cannot recommend too much as I have not thoroughly tested all those features.

I recommend Azure Firewall because any development activities or software must address security, threat intelligence, filtering, and TLS termination. Doing these manually or programmatically would be very difficult. Azure Firewall simplifies everything, securing our APIs and systems so that suspicious IPs do not access our sophisticated systems.

We didn't use TLS termination or malware filtering extensively because those are part of the premium features for Azure Firewall. At this point, I cannot see much improvement needed for Azure Firewall, because it served my purpose; having used it for four months, I am satisfied with the features and performance that I needed for my project.

Features that integrate AI functionalities into Azure Firewall could be added, which can also address costing issues. We have features that we require, but they are in the premium offerings. If some features with limitations, for example, limited users, could be made available in the standard Azure Firewall, it would be easier for beginners choosing Azure Firewall at a very first level to test those features without needing to upgrade to premium.

Overall, I've been using Azure Firewall for four or five months.

The only trouble I faced with Azure Firewall was regarding configuration.

I will rate Azure Firewall a nine for overall stability.

I rate the scalability of Azure Firewall an eight.

They are quite responsive regarding Azure Firewall support.

Positive

I am planning to increase the number of users for Azure Firewall because our company mostly uses cloud platforms and Azure technology. We have a high chance to increase our users for Azure products.

In our earlier project, we had around 10 to 15 people using Azure Firewall, which includes many users, but I am talking about our development stakeholders.

We are not doing maintenance for Azure Firewall because clients have their own maintenance team.

I rate Azure Firewall a nine out of ten.

Neutral

I use Azure Firewall for directing all internet traffic, including controlling URL-based access. I enable premium features such as DDoS protection.

The most valuable features of Azure Firewall for me are its URL-based internet access control and DDoS protection for incoming traffic. The premium version includes all traditional firewall features, reducing the need for separate compute resources. Being a SaaS solution, it requires less platform management and ensures maximum availability.

Azure Firewall could improve its reporting capabilities. Although it has insights, having custom reports similar to other vendors would be beneficial for analysis.

I have been working with Azure Firewall for the last couple of years.

The stability of Azure Firewall is excellent, as I rate its stability nine out of ten.

Azure Firewall is highly scalable, and I would give it a scalability rating of nine out of ten.

Microsoft provides excellent customer support, especially with premium support plans.

Neutral

If a large organization needs integration across on-premises and various cloud vendors, I would choose Palo Alto. However, when solely using Azure, I recommend Azure Firewall.

The initial setup of Azure Firewall was simple for me.

In my experience, Azure Firewall is quite expensive, with a high cost. I would rate its pricing a two out of ten.

I considered Palo Alto as another product.

I recommend Azure Firewall for medium and enterprise-level organizations. For smaller companies, the cost should be considered. It's essential to understand the use case requirements before recommending it. I rate it nine out of ten overall.

We use Azure Firewall to protect our cloud assets that are hosted on the internet.

There is not a single feature or single product that can ensure security. We have to combine multiple features and multiple products, and then we can say that this is more cost-effective and works properly to ensure the security posture of our cloud deployments.

When we started deploying the solution, it was not a mature product at times. With the passage of time, it has evolved, however, there were some tweaks that were required.

As a Microsoft partner, we have been working with different Microsoft products, including Azure Firewall, for almost four to five years.

From a stability perspective, I would rate it an eight out of ten.

When we started deploying the solution, it was not a mature product at times. With the passage of time, it has evolved, however, there were some tweaks that were required.

With Azure products, customer support is really good, however, regarding Office 365, Cloud App Security, or even Sentinel, there are some cases that have not been resolved yet.

Positive

We have not explored other solutions mentioned in the call, yet we are using other solutions like Microsoft XDR.

Prices have increased recently, however, it's okay. I am not purchasing this in my personal capacity. I'm buying for my organization.

There is no harm in using an integrated solution. Advanced firewalls now take care of multiple items and have additional features. There is a lot of room for improvement, so I would rate it a six out of ten overall.

I use the solution as a firewall. We use it for segmentation and zero-trust security. 

It's helped us improve our security posture. 

It's integrated with Azure. You don't have an additional licensing cost and no additional maintenance. The configurations are also comparatively easy.

The cost of the solution has increased.

The robustness of the software could be better. It should be able to cover host-to-host traffic or HTTP traffic.  

Configurations can be better. The workloads need to still have free access. 

The encryption and decryption process is not that seamless.

It's a little heavy compared to a FortiGate or other firewalls.

I've been using the solution for a year and a half. 

I've just used the solution for a few months. It's okay.

The solution is pretty scalable.  You can have multiple heavy workloads. 

Technical support is okay. One person could not answer me directly and had to consult with his supervisors. It's still a new product. Even Microsoft themselves are figuring it out. The support team themselves are getting trained.

Neutral

We used to use FortiGate. We switched as we didn't want the hassle of going through another vendor. It was there, so we started using it. 

The initial setup was a fairly straightforward process. Our implementation was pretty basic. I was able to handle the setup myself. 

There is a bit of maintenance in the form of checking for updates and firewall definitions. One or two admins can handle maintenance duties. 

We handled the initial setup in-house.

We have not witnessed any ROI.

The pricing could be improved.

We did not evaluate other options. 

I'd rate the solution seven out of ten. It's easy to use and fairly easy to configure. However, you need to factor in the cost. For a large enterprise, it makes sense. For a small to medium enterprise, a cheaper option might be better. 

Currently, in the team I am working on, we are not using AWS. I used to work with it, but now I am focusing on Microsoft Azure. We have two teams in our company, one focusing on infrastructure on Azure and the other on AWS. Previously, one of my assignments required looking into security tools for AWS to get an idea of what can be used.

I like that you can deploy the policies separately from the firewall. The management capabilities in this aspect are helpful for me. We do not use the version with security features like IDS and IPS as it proved expensive, and we did not get approval for the full-featured firewall.

One thing that would help engineers adopt it better is the documentation. It is lacking and scattered across various locations. You have multiple pages open, which can be confusing. I mostly relied on third-party YouTube videos for understanding. Improvement in reporting and better visibility into network traffic would also be beneficial.

I have been using the solution for six months.

I find the solution to be very stable, and would rate it a ten out of ten in terms of stability.

I have had no problems with scalability, as we have not yet hit any limits related to high traffic volumes. Based on my experience, I would rate it nine out of ten for scalability.

There has been no need to contact technical support, so I cannot comment on customer service.

Positive

We used Cisco, specifically Cisco FTD Defense, before switching to Azure. We moved to the cloud primarily, and in the cloud, we preferred to use Microsoft technologies because they integrate well with each other. Although there is the possibility to use Cisco VM in the cloud, we preferred the service solution from Microsoft. Additionally, I was not very satisfied with Cisco FTD.

The initial setup was smooth, with no severe challenges. The deployment itself took a few hours. Configuration, however, took longer due to the involvement of several teams and other factors.

There were three engineers, including myself, involved in the installation and configuration process.

Azure Firewall is an expensive solution. On a scale from one to ten, where one is not affordable, I would rate the price as a three. If you want to use additional security features like IDS functionality, you have to pay extra, which increases the cost significantly.

I would recommend Azure Firewall based on the specific needs and cloud architecture of the organization. We plan to use it in another project soon. 

Overall, I would give it an eight out of ten.

We use it to improve our security posture. We wanted to have an Azure-native solution for our security offerings, and that's why we went for Azure Firewall.

There are constant feature additions. They add features every three to six months. They add a lot of new features to it, and its cost is comparatively cheaper than the traditional ones.

There are constant feature additions. They add features every three to six months. They add a lot of new features to it, and its cost is comparatively cheaper than the traditional ones.

The threat intelligence aspect of this particular firewall is not at par with other providers. The load balancing and high availability could be better.

Something like Panorama can also be a part of this solution. 

Azure Firewall has a lot of features that are comparable to Palo Alto and other firewalls. One of them is security incidents and event management. The SIEM that Azure Firewall provides us is very robust.

There are constant feature additions. They add features every three to six months. They add a lot of new features to it, and its cost is comparatively cheaper than the traditional ones.

Azure Firewall has a lot of features that are comparable to Palo Alto and other firewalls. One of them is security incidents and event management. The SIEM that Azure Firewall provides us is very robust.

There are constant feature additions. They add features every three to six months. They add a lot of new features to it, and its cost is comparatively cheaper than the traditional ones.

We used Cisco before that. We switched because we moved from on-prem to the cloud, so we wanted to have a native cloud solution.

The threat intelligence aspect of this particular firewall is not at par with other providers. The load balancing and high availability could be better.

Something like Panorama can also be a part of this solution.

There are constant feature additions. They add features every three to six months. They add a lot of new features to it, and its cost is comparatively cheaper than the traditional ones.

We used Cisco before that. We switched because we moved from on-prem to the cloud, so we wanted to have a native cloud solution.

I've been using this solution for about five years.

It's stable. There are no issues with that.

It's very much scalable. It's deployed across multiple locations globally, and the total number of users is about 5,000.

Their technical support is quite responsive if you have an enterprise agreement, which we have, so whenever we raise any technical questions, they get back to us within a few hours.

Overall, I'd rate them a seven out of ten. The response time is good, but the solution is not provided in the first instance. They always have to check with others and get back, so the solution is not instant.

Neutral

We used Cisco before that. We switched because we moved from on-prem to the cloud, so we wanted to have a native cloud solution.

It was very easy.

We did it ourselves. Just one person was required for its deployment.

As compared to others, you just need one person to deploy and operate it, and that too not full-time. It's very easy to manage.

Before choosing this solution, we evaluated others, and we found this to be the most cost-effective.

I evaluated both Cisco and Palo Alto. We went for Azure Firewall because the cost is comparatively cheaper, and it's easy to manage as compared to other solutions. Azure Firewall Monitor gives you a lot of monitoring controls that are quite easy to manage. When it comes to cons, threat intelligence is still lacking in Azure Firewall. The load balancing and high availability could also be improved.

Along with Azure Firewall, if you also choose Microsoft XDR, that will be an ideal solution rather than just a standalone firewall.

Overall, I'd rate it a seven out of ten. It's not there yet, but they have been making a lot of improvements every three to six months.