We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"The ease of deployment of the product is valuable to me."
"If hackers try to insert bugs, the tool blocks it."
"The product’s availability, ease of configuration, and documentation are valuable."
"It's simple, easy to use."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"It has a filter available, although we are not currently using it because it is not part of our requirements. But it is a good option and when it becomes part of our requirements we will definitely use it."
"The production is a valuable feature."
"Good customization; able to report and take action on alerts."
"The security feature in all the layers of the application is the most valuable."
"Load balancing and web application firewall features are the most valuable."
"WAF feature replicates the firewall."
"In my experience, Microsoft products have a smooth integration and facilitate easy management and monitoring. Using Azure Application Gateway allows us to efficiently handle the system loads."
"We chose this solution in the first place because it has access to Layer 7. I can control the requests and the content, which I can access on my network if I want to even if it's forbidden access to other external resources. If I want to monitor, for example, traffic, and apply this rule on Layer 7, I can do so. This was our main goal when implementing this application. We wanted to take advantage of the Gateway capabilities."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."
"The solution can improve its price."
"We have issues with reporting, troubleshooting, and analytics. AWS WAF needs to bring costs down."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"We need more support as we go global."
"The solution could be more reliable."
"In the next release, the solution could improve the integration with Service Mesh and other Azure Security Services."
"The monitoring on the solution could be better."
"The support can be improved when you are configuring the system rules. The Disaster Recovery feature can be added in the next release. The price of the solution can be reduced a bit."
"The configuration is very specific right now and needs to be much more flexible."
"Microsoft Azure Application Gateway is harder to manage than Imperva. It is not intuitive and stable compared to other products."
"The solution is easy to use overall, but the dashboard could be updated with a better layout and graphical design so that we can see the data a bit easier. Microsoft could also add more documentation. The documentation Microsoft provides doesn't tell us about resource requirements. We found that the instances we had weren't sufficient to support the firewall, so we had to increase them."
"Needs easier integration with the existing SIAM."
"The solution could improve by increasing the performance when doing updates. For example, if I change the certificate it can take 30 minutes. Other vendors do not have this type of problem."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 40 reviews. AWS WAF is rated 8.0, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". AWS WAF is most compared with Azure Web Application Firewall, F5 Advanced WAF, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Microsoft Azure Application Gateway is most compared with Citrix NetScaler, F5 Advanced WAF, Azure Front Door, Cloudflare Web Application Firewall and HAProxy. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.