Azure Firewall Manager Reviews

Azure Firewall Manager is used primarily for centralized private firewall policy management, securing hub and spoke network architecture, and enforcing consistent security controls across multiple Azure subscriptions and customer environments. We use it to manage Azure Firewall deployments at large scale, standardize rule sets, control east-west and north-south traffic, and simplify governance for large, multi-tenant cloud environments.

A practical example with Azure Firewall Manager is managing firewall policies across multiple customer subscriptions using a centralized security model. Instead of configuring rules individually on each firewall, we create and maintain shared policies from a central location, which reduces configuration drift, improves governance, and significantly shortens the time required to develop security changes across environments.

Beyond centralized policy management, Azure Firewall Manager is used to enforce security standards consistently across customer environments and support large-scale cloud governance initiatives. It is particularly valuable during onboarding of new subscriptions and business units because security policies can be applied quickly and consistently without rebuilding firewall configurations from scratch.

Azure Firewall Manager has positively impacted our organization by significantly improving security policy consistency and reducing manual firewall configuration effort across multiple customer environments. It has also enhanced operational efficiency by enabling centralized control, faster rollout of security changes, and reduced risk of misconfigurations in large-scale hub and spoke network deployments.

Measurable improvements have been achieved with Azure Firewall Manager, especially in large multi-subscription environments. Firewall policy deployment time reduced by around 40 to 50% due to centralized policy management. Configuration errors and rule inconsistency dropped significantly, with an estimated 30% reduction because manual pre-firewall changes were eliminated. Compliance audits became easier since we enforce a centralized security baseline across all environments, improving consistency and audit readiness.

The best features of Azure Firewall Manager are centralized policy management, hierarchical firewall policies, seamless integration with Azure Firewall, and support for hub and spoke network architectures. From a cloud engineering perspective, the most valuable capabilities are consistent rule enforcement across multiple customer environments, simplified governance, and the ability to deploy security policy changes at scale without managing individual firewalls separately.

The hierarchical policy model in Azure Firewall helps us separate global security controls from environment-specific requirements. In day-to-day operations, we maintain a common baseline policy for all customer environments and then apply localized rules where needed. This reduces policy duplication, minimizes configuration errors, and manages change management much more efficiently across large deployments.

Another important feature of Azure Firewall Manager is the strong support for hub and spoke architecture governance. It allows us to centrally enforce routing and security policy for multiple spokes, ensuring consistent traffic inspection through Azure Firewall, which greatly simplifies large-scale network segmentation and security enforcement across customer environments.

Azure Firewall Manager could be improved with better end-to-end visibility and more advanced policy simulation before deployment. We would also like more intuitive troubleshooting for rule conflicts, enhanced logging and analytics for policy impact analysis, and a more unified dashboard to simplify managing complex multi-region and multi-tenant firewall architecture.

Another key improvement area for Azure Firewall Manager is better operational user experience for large-scale environments. We would benefit from more granular policy versioning and rollback controls, clearer change impact analysis before pushing updates, and deeper integration with monitoring tools to proactively detect misconfiguration or policy conflicts across hub and spoke deployments.

Azure Firewall Manager has been used for two years.

Azure Firewall Manager is stable.

Azure Firewall Manager is highly scalable. Currently, we are using it for some sets of customers, but we have been simultaneously rolling out to many more customers and also a larger enterprise customer. Even then, the performance and the efficiency of the product has not decreased, and the product works well even when it is scaled at a large-scale enterprise level.

Customer support is good, and the response time is sometimes late for complex issues, but for simple issues, the response time is very low.

Different solutions were previously used, which were primarily a mix of standalone Azure Firewall configuration managed individually per subscription and some third-party firewall management and monitoring tools. We switched because managing policies at scale became complex and error-prone, and Azure Firewall Manager provided centralized policy control, consistent governance across hubs and spoke architecture, and reduced operational overhead.

A measurable return on investment has been achieved from Azure Firewall Manager, mainly through operational efficiency and reduced manual effort. Firewall policy management time reduced by 40 to 50% due to centralized control and reduced per-firewall configuration work. Security engineering support effort decreased because we no longer need to maintain separate rule sets across multiple environments, improving team efficiency without increasing headcount. We have also reduced misconfiguration events and incidents by approximately 30 to 40%, and also lowered network rework and troubleshooting effort across customer deployments.

Our experience with Azure Firewall Manager is that pricing is primarily driven by the underlying Azure Firewall data processing and logging and monitoring costs rather than the manager itself. Setup effort is moderate. Initial design for hub and spoke and policy hierarchy takes time, but once established, operational costs are efficient due to centralized management and reduced manual configuration effort across environments.

Before standardizing on Azure Firewall Manager, we evaluated native per-subscription Azure Firewall management without a central manager, as well as a third-party network security management platform used for policy orchestration and monitoring in a multi-cloud environment. We chose Azure Firewall Manager mainly for its native Azure integration, simplified hub and spoke policy governance, and ability to enforce consistent security controls across multiple subscriptions without introducing additional external tooling complexity.

Azure Firewall Manager is a good product that I would recommend. I would suggest designing the network and policy hierarchy properly from the start, especially for the hub and spoke architecture. I would also recommend defining global baseline security policy first, then layering environment-specific rules carefully. Starting small with a pilot subscription and then scaling gradually helps avoid misconfiguration at the enterprise level. Additionally, I would suggest asking for discounts, as the sales team does not mention them before, but if you negotiate well, they do provide a nice discount. I have given this product a rating of 7.

My customers are using Azure Firewall Manager, so I'm learning from both documentation and practical knowledge.

I usually recommend Azure Firewall Manager for projects such as an animal hospital project, where we are deploying Azure Firewall. Mostly we are managing the traffic using the network rules only and not configuring anything else in Azure Firewall Manager.

Implementing and configuring Azure Firewall Manager is easy.

From a traffic management perspective, it's a good firewall because it's automatically scalable based on the traffic availability. For example, if the traffic comes around one TBPS, the firewall automatically scales up, and if the flow reduces to around 10 GBPS or 100 GBPS, it automatically scales down. This automatic scaling is a good feature of Azure Firewall, though it's similar to other vendors.

Azure Firewall is typically behind other vendor firewalls because we don't see what kind of traffic is traveling through it. That is one drawback.

The main drawback is that we need log support from Azure Firewall, which can be quite costly.

There is no login feature in Azure Firewall because only the IAM feature is available in the Azure site; we manage it only through the Azure portal, not through any other portal. Other vendors, such as Palo Alto, provide GUI or CLI interfaces to manage their firewalls, whereas we only manage Azure Firewall through the Azure portal.

In the future, I would like to see additional features in Azure Firewall Manager to make it more competitive, such as technologies like App-ID and User-ID that Palo Alto has. Azure Firewall currently only allows traffic based on layer four and sometimes layer seven, so they need to improve in those areas compared to other vendors.

I have been working with Azure Firewall Manager for around three years.

The technical support for Azure Firewall Manager is good; they have solid support from the Azure side, with very available engineers from Microsoft, comparatively to other vendors, including Palo Alto.

From the customer support perspective, they need knowledgeable engineers because they only provide documentation, which doesn't address practical concerns.

Positive

The pricing for Azure Firewall Manager is expensive. In our project, we have used both Palo Alto Firewall and Azure Firewall. Azure charges for many aspects including scaling, automated scaling deployment, and traffic management, which leads to higher costs. In Palo Alto, we had around 3,000 US dollars per month, but for the same traffic flowing through Azure Firewall, they charge around 5,000 to 6,000 USD. Thus, it is about 2x the cost compared to other vendors such as Palo Alto.

We usually recommend other vendors such as Palo Alto and FortiNet Firewall instead of Azure Firewall Manager. We primarily suggest Palo Alto Firewall because they have good technical engineers available 24/7 for support and documentation, making it easier to manage.

I don't have much hands-on practical experience with Azure Firewall, but I have managed the network rule and application rule.

I have not utilized the advanced threat protection in Azure Firewall Manager.

On a scale of one to ten, I rate Azure Firewall Manager a six.

We are utilizing Azure Kubernetes services. The monitoring policies and orchestration are being utilized with Kubernetes and the container registry. We utilize this accountability with the help of Azure Kubernetes services, and it is working for all the microservices.

We are utilizing other Azure solutions such as Site Recovery, DDoS, and Azure Firewall Manager.

I work on all Azure solutions because my profile is solution architect. Whatever the possibilities according to that, we support our application which works on the microservices-based architecture, and the entire ecosystem of software works on different things where we utilize Azure services, containers, AKS, from DevOps, monitoring, and project management tools such as Jira as Azure Boards. From the database side, we utilize SQL Server, Cosmos DB, so the entire ecosystem is working for the application. Occasionally, we utilize a few parts from AWS as these all work.

Hands-on, I would say, mainly on the PaaS services and some of the SaaS as. We hardly utilize infrastructure because earlier we utilized the infrastructure services for VMs. However, whenever we started utilizing Azure PaaS, such as Azure Function and Event Grid, we low utilize the infrastructure as a service.

The basic feature of Azure Firewall Manager is that it secures overall request response and prevents any kind of anonymous access. We are utilizing Azure Entra ID for group labeling, so Active Directory, or now it is Entra ID, securing our application for everyone who accesses it, and Azure Firewall Manager is definitely securing our projects and all its features are fine.

The overall architecture we created for the solution includes a centralized monitoring system and health monitoring MIS, which we realize with the help of Power BI. The security coming from outside is authenticated with the help of Entra ID and multi-factor authentication, which is all monitored in this tool, and it is indeed important for creating governance reports for the steering committee. This entire ecosystem we work in is helpful.

For Azure Firewall Manager, the learning curve for new people is a bit challenging, but the integration should be more straightforward for configuring a centralized system. We use Biceps, Infrastructure as Code, to create the infrastructure automatically, which we copy and paste across all environments such as QA, UAT, pre-production, and production. The same approach can be applied here, making it easier for any new team members to utilize the change management system we put in place. However, it is manageable and could be refined in the future.

It is easier to deploy. Deployment does not pose any issues as we utilize GitHub, and the DevOps team takes care of pushing the code. The deployment is automated, as mentioned with Infrastructure as Code, and we just run that.

Regarding stability, it is 99.9% stable. I would give it a nine; it is good.

Scalability is also good. Scalability is adequate, but sometimes we need to manually manage things such as data purging, security, and data deletion policies. I can say it is a nine.

I would rate the vendor's technical support a seven, or maybe eight at best, because most of the time, the support isn't very attractive. However, it works, and sometimes whatever we have already done, they provide support that could indeed be improved.

Positive

I have worked on many monitoring tools, not only Dynatrace, as I actually work on New Relic, Dynatrace, and Azure Monitor. I'm currently working with Azure Monitor.

We basically utilize Azure Firewall Manager from Azure side, the Azure Front Door, which works as CDN, and after that, we are utilizing the Azure API Management.

We are utilizing WAF. WAF, we have been utilizing for the last four to five years, which is also part of Azure Front Door. We are utilizing Azure Firewall Manager inside our services, and we are also utilizing the Azure virtual network VNET, where we create it and in the subnet we utilize the security network security groups. The Azure Firewall Manager is utilized outside where we have the landing zone and it works.

We are actually creating these policies, which we provide by Azure. Our GSO, that is the global security office we have, is a separate group that manages overall governance and monitoring for our organization's security. The policies provided by Azure network are utilized according to that, which defines the request response and access for the entire application, and these policies really help us.

We are not working on the integration with Azure Virtual WAN at this time. We are utilizing the integration on the API gateway to the world.

The utilization of PaaS is beneficial because we have thresholds that enable vertical and horizontal scaling. Whenever we utilize any kind of Azure PaaS services, such as function as services or whatever container we have created, we have set up that the policies recognize load levels and automatically scale according to that, so we don't experience any load issues. It is managed by Azure and we take advantage of it.

It depends because the pricing is based on the requirement whenever we utilize different regions. For backup purposes, we need to use multiple regions across Asia, Europe, North Europe, UK, and USA. It could be cheaper based on the monthly and yearly costs we bear, and we are under pressure from top management to start cost-cutting and release any unused services over the long term.

I would say the resources required are quite less, but time is saved significantly because utilizing automated solutions saves time, especially with Azure's capabilities. It saves both resources and time, but the cost is high.

We have approximately 3,000 users working with Azure Firewall Manager.

In the IT team, we have around 140 people managing the solution across different groups such as development, DevOps, and database. Overall, there are about 140 to 150 persons.

I rate Azure Firewall Manager a ten out of ten.

We use Azure Firewall Manager for the manual firewalls. We have multiple firewalls and also have some central vision that we're managing with the help of Azure Firewall Manager.

I work on Databricks, Microsoft Exchange Online, Microsoft Defender, and Azure Sentinel. I have also worked with Azure VPN Gateway, Azure Logic Apps, and Firewall Manager.

The best feature of Azure Firewall Manager is that it is easy to maintain and configure. We can manage multiple aspects in Firewall Manager.

Centralized security policy management is effective. We just use it for a small project, and we're not planning to expand further.

Policy orchestration and threat protection are helpful features. I have configured two or three policies that reflect very well on the user side, yielding perfect results after deployment.

Azure Firewall Manager is good most of the time, but it could be improved regarding cost. The cost is a significant concern because we are in a region where the dollar is not our default currency, and converting to dollars makes it very expensive.

Microsoft should calculate and show the products in local currencies, such as PKR or Bangladesh currency, and also introduce Indian currency similarly for Pakistan.

The technical support could be improved. When a resource is assigned, that resource should follow the ticket and respond swiftly, including sending an email to inform me that an agent has been assigned. I still find myself waiting for an agent to connect with me and resolve my issues.

I have not been integrating Azure Firewall Manager with Azure Virtual WAN.

We started using Azure Firewall Manager mainly during this recent period, about one to two months ago.

Technical support from Microsoft is normal. When I contact Microsoft staff directly from the European and U.S. regions, it is good, and I can report issues, but support from the Chinese region might take some time to discuss my concerns.

I would rate technical support a six out of ten.

Neutral

I have not used anything similar to Azure Firewall Manager from other vendors; I have only used Microsoft solutions.

The installation of Azure Firewall Manager is very easy. You just go to the portal, select the firewall, click through four to five steps, and then it's deployed, ready for configuration.

Microsoft autoscaling service is very good and easy to use, allowing us to scale our hardware, memory, and CPU. We can automate both vertical and horizontal scaling based on our needs.

We're a partner of Microsoft.

I have only used Azure Firewall Manager for basic purposes, and I would give it a rating of 8.5 out of 10.

I have been using Azure actively in my company, engaging with various technologies such as Azure SQL Server, virtual machines, and other cloud-dependent development scenarios. To secure the environment, we sometimes utilize Azure Firewall Manager. We needed to manage different individual firewalls deployed in various locations.

It made the network security management easier.

Azure Firewall Manager centralizes network security management with a hub and spoke architecture. We create consistent security policies, enabling threat detection and protection from malicious activities like denial of service attacks. These features streamline network security, making it easier for developers and network professionals.

The configuration and settings require substantial time for learning, particularly for new users. Improvements in ease of configuration would benefit users significantly.

I have been using the Azure technology for one year now.

I would rate the overall stability of Azure Firewall Manager as eight out of ten.

Azure Firewall Manager is scalable, and I would rate it as eight out of ten in terms of scalability.

Microsoft support is very supportive, and I would rate it as eight out of ten.

Positive

The initial configuration of Azure Firewall Manager seemed challenging to me,  especially since it was my first time using the product. However, there are sufficient documents and instructions available in the internet to make things easy.

I worked together with technical lead, network administrator during the implementation of Azure Firewall Manager. I also handled many of the network-related tasks while focusing on development-related aspects as well.

The pricing for Azure Firewall Manager seems okay compared to its good features. Although extra expenses are incurred for additional services, these are not directly related to the firewall, and there are no specific comments about those costs.

I recommend Azure Firewall Manager because it automates many tasks that would be hard to do manually, easing the workload for developers and network professionals. 

I would rate the overall solution as eight out of ten.

We use Azure Firewall Manager for testing and security policies.

The most valuable feature of Azure Firewall Manager is the testing and configuration.

The solution can improve the integration with open-source tools.

I have been using Azure Firewall Manager for approximately two years.

I rate the stability of Azure Firewall Manager a seven out of ten.

We have approximately 50 people using the solution in my organization.

I rate the scalability of Azure Firewall Manager an eight out of ten.

I have not used vendor support. However, I heard they were good.

The initial setup of Azure Firewall Manager is simple.

I rate the initial setup of Azure Firewall Manager an eight out of ten.

The price of the solution is reasonable but it is reasonable for the features.

I recomemnd this soltuion to others.

I rate Azure Firewall Manager an eight out of ten.

This product is used primarily for platform security, where we have the B2B customers coming in through email and through LDAP.

We are especially focused on anti-spam and protection against phishing, and my biggest worry is a ransomware attack. This is because part of our business is in the financial sector.

The three main categories that we work with are endpoint security, personally identifiable information (PII), and DDoS. 

The most valuable feature is the web firewall. It is easy to install and does not require any plugins for your browser. This was my first priority.

This price is good, although I am still evaluating whether it will be better by taking an out-of-the-box solution or instead implement something that is third-party.

There should be a simple one-click deployment for a firewall, rather than a set of setup instructions that include steps such as the DNS configuration, et cetera. It should be a friendly one-click process that is easy for non-technical or business people to do.

By bringing in an autonomous or semi-autonomous system, we would not have to supply several different parameters. Alternatively, if it were a query-based configuration then it would still be a benefit on top of what they have now.

Microsoft was unable to fully solve the problem with email phishing and spamming. Irrespective of whatever endpoint security solution you bring in from a third party, it requires constant AI and learning. This is something that is missing, and it is one place where you are forced to use a third party.

I have been working with Azure Firewall Manager for about two weeks.

I am a very recent user of this solution because we just migrated to Azure.

This is a stable solution.

This is definitely a scalable product, but it comes at a cost.

Because it's a web-based firewall, I don't think that there is any trouble with scalability. Everyone who is using it is protected, both in the cloud and on-premises. In an on-premises deployment, scalability is more difficult and requires a heavy investment in hardware.

We have just moved away from Symantec, moving to native Azure.

I started my journey because of the endpoint security and then from there, I found that Azure has an out-of-the-box firewall. This is the reason that we started engaging and exploring Azure.

The Azure pricing is good, although there are a lot of minor details compared to AWS.

Azure stack pricing, but only thing is it has too many nitty gritties and minor details, compared to AWS. AWS, definitely the pricing is reasonable to a normal human. Then it becomes a shopping cart of intellectual cart. So that part is definitely eliminated in Azure. You're able to see what you will lose, very obvious in front of your eyes by choosing any plan and what is the cost for it. That visibility is better, competitive. Yes.

We tried a couple of different products. The first was Symantec and another one is NGINX, which is open-source. There are a couple of others, as well, that we have engaged in a PoC with.

I would rate this solution an eight out of ten.

What we are trying to do is, once the customer actually migrates from on-premise into the public cloud, is to take all of the on-premise components to the public cloud, and we are trying to replicate the classic Load Balancer environment into Azure Firewall. 

It has helped us in multiple ways. For example, we don't require different spaces to manage it. Also, we can do a lot of automation integrations into the code. We could integrate it into the DevOps pipeline. Basically, it has helped us with our time-to-market for a very specific product when we are actually deploying or upgrading. 

The solution is very easy to set up. It's also cloud-native. It can be integrated into the DevOps life cycle. It can be part of your Azure template and has readily deployable roles. All of this is what we don't get with the classic firewalls.

The solution scales well.

The solution offers good stability.

We have found the pricing to be fair. It's not overly expensive.

With Azure Firewall, the problem is that the NAT-ing still has to be improved. They need reverse network address translation (NAT) capabilities. We cannot get the same NAT-ing capability as what we had in the on-premise deployment, where we could have multiple sources of IP coming in and could be NAT-ed to a specific IP. Similarly, we couldn't use the reverse NAT-ing of the scenario.

We could do only one-way NAT-ing, where the traffic comes from outside to internal, to Azure, which is fine. However, when we actually do NAT-ed traffic to hit the firewall, that way is not working. 

I've been dealing with the solution for the past four years at this point. It's been a while. 

It is pretty stable. We've never had to troubleshoot once we actually deployed. There are no bugs or glitches. It doesn't freeze, and it doesn't crash. It's reliable. 

It is scalable. I could deploy to the limit, and, if I required additional limits, I could call Microsoft and they could increase the soft limit.

We have never had an issue that would require us to contact technical support. Once you deployed, it's so stable that you never have to actually raise a case with Microsoft. Therefore, I can't speak to how they are. I've never talked with them.

The initial setup is very simple and very straightforward. It's not overly complex or difficult. 

If you have a public interfaced web or an app or a database, it is easy.

The pricing is reasonable. We don't have any capital expenditures. It is only an operational expenditure.

We are partners and distributors. We're resellers.

I would rate the solution at a seven out of ten, and only due to the lack of the reverse NAT-ing capability.

I'd advise a company if they are starting fresh inside Azure Greenfield, this is a good option. However, if they are looking at this solution are migrating or replacing the same network configuration from on-premise to Azure, they will have to modify a lot. If it has to be implemented, especially in a NAT-ed environment, some extra study has to be done.

We use the solution to protect our application. We are talking about a gateway that allows anyone access to our application.

The solution has improved our organization with its firewall. 

Everything about the solution is nice. The performance and price are okay and the configuration was easy. All is good.

Generally speaking I am satisfied. 

When we initially started using the solution around five years ago there was no wizard for setting things up, although now there is a very nice one. When it comes to configuration, a few steps is all it takes. However, beforehand, there was a need to enter and understand everything that was necessary for configuring the firewall. There is no additional documentation or training required. 

When we first started using the product there was a need to enter everything on one's own and the initial setup was not easy. Now, after a few clicks, everything is fine. 

We started using Azure Firewall Manager around five years ago.

The solution is very stable.

One can scale the solution to his heart's content. All the architecture can be applied on the cloud.

As we have a price agreement with them, we are entitled to direct support from Microsoft.

The initial setup has been greatly simplified since we undertook it initially. In the past, there was a need to do everything on one's own and now only a few clicks are required. 

The price is okay. This said, the solution is certainly expensive in comparison with other cloud services. 

We have a business application for public cloud and use Azure for this. We also have certain local installations, as well as some other hybrid clouds. So, this varies with the customer requirements. We must comply with customers who do not wish for their data to be outside their premises and for these we restore the system and database locally. Some use public cloud with no problem. Others want the application in the public cloud but their data insights to be on-premises. Consequently, we have different architecture for the same application. 

We have around five users making use of the solution. 

I would definitely recommend the solution to my clients, especially if one is using Azure Cloud. It is a very nice product. 

The tool's security features need to improve. It needs also to include a monitoring system for logs. It is also complicated to find a query on the Azure firewall. 

The product is stable. 

The solution is scalable. 

The tool's support is good. 

Neutral

The solution's setup is easy. 

I would rate the product a seven out of ten.