We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"This is not a product that you need to install. You just use it."
"The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
"Stable and scalable web application firewall. Setting it up is straightforward."
"The solution is stable."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"The product's initial setup phase was very simple."
"The solution's initial setup process is easy."
"Their technical support has been quite good."
"Good customization; able to report and take action on alerts."
"The solution has built-in rules that reduce alerts and are easy to configure."
"I find Application Gateway’s WAF module valuable because it helps prevent layer 7 attacks."
"The security feature in all the layers of the application is the most valuable."
"The solution's most valuable feature is an HTTP solution and SSL certificate. It is also easy to use."
"This is a SaaS product, so it is always up to date."
"The solution was very easy to configure. It wasn't hard at all to adjust it to our needs."
"Microsoft Azure Application Gateway gives us a lot of benefits, including domain mapping."
"AWS WAF would be better if it uses AI or machine learning to detect a potential attack or a potential IP that creates an attack even before it happens. I want AWS WAF to capture the IP and automatically write the rule to automate the entire process."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"We don't have much control over blocking, because the WAF is managed by AWS."
"The default content policy available in the tool is not very strong compared to the competitors."
"They should work to define more threats, add more security, and make it more compliant with more security companies."
"The cost must be reduced."
"The solution doesn’t support wildcard-based and regular expression-based rules."
"In the next release, the solution could improve the integration with Service Mesh and other Azure Security Services."
"The solution has many limitations. You cannot upgrade the VPN to the application gateway. So I started with version one, which has limited capabilities, and they provided version two. And unfortunately, I cannot upgrade from v one to v two like other services. So I have to decommission the version one and create a new one with version two. Also the version one was complex with the certificates uploading the SQL certificates."
"The increased security that we are considering is because of some of the things that the security team has brought to our attention. They have pointed out that we would most likely require a better web application firewall than Azure Application Gateway."
"The solution should provide more security for certificate-based services so that we can implement more security on that."
"The solution is easy to use overall, but the dashboard could be updated with a better layout and graphical design so that we can see the data a bit easier. Microsoft could also add more documentation. The documentation Microsoft provides doesn't tell us about resource requirements. We found that the instances we had weren't sufficient to support the firewall, so we had to increase them."
"Microsoft Azure Application Gateway is harder to manage than Imperva. It is not intuitive and stable compared to other products."
"Implementing and standardizing the solution across the IT landscape in a heterogeneous environment is painful."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 41 reviews. AWS WAF is rated 8.0, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". AWS WAF is most compared with Azure Web Application Firewall, F5 Advanced WAF, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Microsoft Azure Application Gateway is most compared with F5 Advanced WAF, Citrix NetScaler, Azure Front Door, Cloudflare Web Application Firewall and HAProxy. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.