Azure Firewall Reviews

When we started using Azure Firewall, we learned quickly that it couldn't do much. As I remember, it was essentially a layer 3 or layer 4 firewall that couldn't distinguish recognized applications and things like that. But it was inexpensive compared to the Palo Alto stuff we were looking at, so we wound up staying with the firewall. Mainly it was just inspecting ports between virtual machines.

Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense

I've been using Azure Firewall for probably about a year.

Azure Firewall wasn't scalable at all, but it did what it's supposed to do.

I honestly don't remember interfacing a lot with Azure support. I think that we were dealing with a third party, maybe. But I've been dealing with AWS for the last year, and it's a totally different experience in a good way. Their support is outstanding.

Setting up Azure Firewall was easy because all you were doing was configuring source, destination, port, and action. However, there was something weird. You have to number your rules set, and depending on your numbering system, that's how you would have to apply the filtering of the logic of the policy. And in that sense, it's a little bit quirky. I don't think that most firewalls work that way. It just reads the policy, and the algorithm is based on it filtering down through the policies until it hits a truth or a match. And then it makes a decision based on that.

Azure's cost-effectiveness is its major advantage. 

Each company will prioritize what it wants to work on. Azure may outperform AWS in some areas, but after working with the two platforms for roughly the same amount of time, I've found AWS friendlier and more sophisticated overall. AWS just seems to be a better platform for me, honestly.

I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. 

Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I  had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet."

They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.

We use it to protect the Azure space and to be the bridge between on-premise and the cloud.

When I have had a site-to-site VPN set up and configured, and would use it to allow ordinary traffic from the on-premise device to the cloud and from other third-party suppliers to the Azure platform.

We also use it to provide connectivity to various network security groups that have been created within Azure.

I would say that this solution is really good compared to other solutions that we have had before. We would have used the FortiGate firewall in the Azure space. 

We find this process was quicker. It would get a faster turnaround time once we would generate and modify the firewall rules. Because of the visibility, we would have seen it. When compared to FortiGate, it would get a bit more visibility in terms of integration with the security center so that we would be able to review based on overall posture, see what needs to be fixed, or what changes need to be made. 

The turnaround time turns off rules and any gaps that exist would increase the turnaround time for that as well. It would also help us to increase our response time and reduce our attack surface by 20% so far.

With the recent upgrade to the premium version, it facilitates IP Groups, URL filtering, TLS inspection, IDPs, and the Web Categories.

Before using the premium version, a lot of our customers had concerns with the URL filter, where you would not be able to allow or block a specific URL. The feature set without a premium version would only allow you to do it via IP address, which is tedious.

At times, many of these vendors would be using some kind of CDN solution. It would be the case where multiple IPs appear, changing behind the URL when it would be easier if you're using the URL feature. The URL maps onto the IP address and it would be the easiest way to do that.

I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.

Many other vendors, when you do not have the license for the IP at some point, then you would be left not being able to do any prevention. The fact that the premium version includes this is good.

The TLS inspection allows you to decrypt the outbound traffic and encrypt data. Otherwise, we would have been using our third-party vendors, and whatever solution is within Azure.

With the various business units, we will be reaching out to other solutions there are in the web category to reduce the attack surface to see if this is a category that is alone or not.

The fact that Azure also ties into a security center is another good feature. You can also get rid of that visibility because of the tight integration with these Azure products.

We had an instance where it wasn't processing the rules and we had to engage Microsoft to resolve that issue. Microsoft Support needs to improve its response time.

For larger enterprises, they need to adjust the scalability. This is the only issue that I'm have found that it attributed to the two weeks of downtime we had experienced.

They need to offer either a scaled-up or scaled-out version or versions for larger enterprise companies.

This would greatly improve the solution.

I have been using Azure Firewall for approximately two and a half years.

I have recently upgraded to the premium version.

Azure Firewall is pretty stable. 

I believe that they listen to various sponsors, which is why they were able to release the premium version. It is a more established firewall that vendors now have. 

I'm seeing where they have met up with the dynamics of the market, and I am expecting that they will be a leader sometime in the near future.

They need to find a way to scale it out or scale it up a bit more. The scalability, it's okay, but it needs a lot more improvement. For a regular customer that's utilizing it, that's good, but for large enterprise companies, it is not as good.

The industry is telecoms. We have millions of customers. For that type of environment, they need better and more scalability.

We haven't totally assessed the premium version to see if the new features offer greater scalability. 

We utilize it across the cloud estate. We plan to expand our subscriptions. Most definitely, we will increase our usage.

Recently, we transitioned to the premium version, which will be extended to the other subscription once it has been rolled out across 32 countries, and with more instances, it will be rolled out across various continents.

The turnaround time in resolving the issue where it wasn't processing the rules is an area that needs improvement. It wasn't resolved in a timely manner.

Microsoft support took a bit of time to assist us in resolving that issue. It created a bit of downtime for us and it was longer than we expected. 

I would say those would be the cons so far when utilizing it.

I would rate the Microsoft support a five out of ten because they did not respond in a timely manner and the impact it caused in terms of the downtime it created for us. We were down for a week or two during a high-impact period.

They were assisting us but it took a good amount of time to get it resolved when we needed to be putting out things daily. Two weeks is a long time for a fast-paced environment. 

Previously, we were using FortiGate Firewall. We switched because of the migrating of the Security Center and the ease of use. The cost was also considered.

The initial setup was straightforward.

We had another tool which was FortiGate. We migrated from FortiGate to the Azure Firewall.

It was a straightforward migration.

The deployment took approximately three to four weeks.

The implementation strategy would include copying over rules, ensuring that all the services are able to run, and also ensuring that both firewalls were running in parallel. Until we are sure that the Azure Firewall can handle the workload, both firewall products will continue to operate.

After that, we were able to power down the virtual appliance that was on the FortiGate Firewall.

We had it running for quite some time, approximately a month and a half. Because there were no issues, we stopped using the FortiGate Firewall altogether, once that process was complete.

We have a server team, a cloud team, and a network team to administer and maintain this solution. It's approximately eight to ten people, some are network security engineers, a network security manager, and network engineers.

There have been some cost benefits as well. When using another vendor in comparison where you bring your own license, the cost would have gone down. It's more cost-effective to use the Azure Firewall along with the premium version than using a third-party as an option from the marketplace. I would say that as well, where it gives you better spend in terms of OPEX. It's better value for your money.

The licensing module is good. Pricing is one of the reasons we switched to this solution.

For smaller businesses, they could probably put one or two features from premium into the regular standard versions. For example, that URL filtering is a pain point for many customers. 

If they could find a way to scale down that URL and the IPs feature to include it in the standard version, then that would allow them to get more traction and more customers from the small to medium-sized business perspective.

We were using Check Point mostly. We had decided to move to FortiGate, and then we moved to Azure Firewall. 

We did not go with Check Point because of the premium features such as the URL filtering, and the TLS inspection included with Check Point cost a lot more. This was the reason we chose the Azure Firewall.

It's a solid solution. I would tell anybody to definitely give it a try, and consider it as one of the options when looking for a firewall to use in Azure space.

I would say if they can go for the premium version upfront, rather than starting with the standard version, then trying to transition to a premium version. It addresses a lot of the issues and concerns in this space today. They should start with the premium rather than upgrade. Once they can afford it, go straight to premium.

I would rate Azure Firewall an eight out of ten.

We use Azure Firewall to protect customer workloads. 

Azure Firewall is a cloud-native solution that removes the pain of load balancers. 

The tool needs to improve the onboarding and transition process for on-prem users. 

I have been using the product for three years. 

The tool's stability is great. 

The solution's scalability is great. 

Microsoft's support is quick.

Positive

The tool's deployment is straightforward. 

We did the deployment internally. 

Azure Firewall is expensive. 

Azure Firewall has helped us save 30 percent of the time. We don't require time for designing architecture and support. It frees up time and helps me focus on other tasks. 

The product has helped us save a decent amount of money. I rate it an eight out of ten. 

We use the solution for application and server deployment. 

The solution should incorporate features similar to competitors like split tunneling. 

I have been working with the product for five years. 

The product is stable. 

The solution is scalable and doesn't take more than five minutes to scale. 

The product's support is bad. 

Neutral

The product's deployment was straightforward. 

I would rate the product an eight out of ten. 

It is associated with our web resources, such as PaaS applications. I don't use it that much. I spend way more time working with function apps or something else on the Azure platform.

I am using its latest version.

I can easily configure it.

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

I have been using this solution for four years.

I don't get into any kind of real scale configuration. There might be bugs that I don't know because I just use the general configuration.

I can't say about scalability, but we have 20,000 employees.

I have not used their technical support.

Most of the time, I've used Azure Firewall for cloud services. We also have AWS, and then, of course, we have hardware firewalls on-premise, but I haven't worked with anything.

It is pretty straightforward for what I'm using it for.

I would rate Azure Firewall a seven out of 10.

We mostly utilize the solution for effectively controlling the networks.

The ability to provide better control of the traffic is the solution's most valuable aspect.

The solution is stable.

The solution can autoscale.

The initial setup is pretty easy.

Technical support has been good to us so far.

The solution isn't missing features per se.

Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate.

There should be more use cases, specifically use cases for domains for, for example, healthcare and specific use cases for web applications.

I've been using the solution for one year.

The stability of the solution is good. We haven't had any issues. It's a managed service.

The solution is autoscalable. It scales based on your deployment and/or based on your loads, due to the fact that it's a managed service. A company that expects to expand shouldn't have a problem scaling with this solution.

We have about 50-100 users on the solution currently. We may increase usage in the future.

We've had some experience with technical support from Azure. We've found them to be quite good and are satisfied with the level of service that's been provided. I would say they ar knowledgeable and responsive to our queries.

Before Azure Firewall, I used to work on a VPN-based firewall. 

The solution doesn't have a complex installation process. It's pretty straightforward to implement. When we went forward with the solution we didn't face any setup issues.

Our initial deployment took about three months, and, now that it's a managed service, we've handed the deployment over to them.

I'm not sure how many staff members we used for deployment and how many handle any maintenance aspects.

While we handled the initial implementation, we get Azure to handle the deployments for us. We didn't use a reseller or a consultant to assist with the deployment.

We're just a customer at this time. We don't have any kind of special business relationship with Azure.

I'm not sure which version of the solution I'm currently using is.

I'd rate the solution seven out of ten overall. It works well for us in terms of controlling traffic and if is stable and can scale, however, there should be more use cases available.

We use the solution as an internal firewall device.

The solution provides a good link to Azure and SQL servers.

It would be nice to be able to create groupings for servers and offer groups of IP addresses.

I would, also, like to see the manager built into the solution more, such as concerns Azure Firewall Manager. 

I would also like to see some of the items that come with the preview version for the next version with IDS be addressed, as well as the ability to categorize websites, which is done with external traffic.

We have been using Azure Firewall for around a year. 

The solution has the same stability as Azure.

The solution should be capable of self-scaling, which is one of the features we like about it. We have not encountered any issues with this. 

We have never been in contact with technical support concerning the firewall bits, although we have spoken to them about the solution in a more general context.

I would rate the technical support as a seven-point-five out of ten. 

The initial setup was simple.

The deployment of the firewall took about five minutes and full deployment through the Azure mechanism lasted around an hour.

The solution does not require any maintenance. 

We handled the initial setup internally. 

Azure Firewall is quite an expensive product. It can be challenging to work out the price as the fee varies depending on the amount of data that is run with the solution.

Only the built-in usage level incurs licensing fees. There are no additional ones. 

Cisco ASA is a better product. The ASA offers VPN functionality that is not found in Azure Firewall, although an ESA can be used as a simple alternative. It's much easier to deploy the Azure Firewall in high availability mode and to make it more scalable.

I would estimate the number of people in our organization who are utilizing the solution to be 100 +.

My advice to others is to set up a free account and try it. It's relatively easy to do. Only this way can a person see if the solution suits his needs. 

I rate Azure Firewall as a seven out of ten.