Microsoft's Azure Application Gateway is a platform-managed, scalable, and highly available application delivery controller as a service with integrated web application firewall.
N/A
F5 Big-IP Advanced WAF
Score 9.3 out of 10
N/A
F5 Networks offers the Advanced Web Application Firewall (WAF) to provide bot defense, advanced application protection, anti-bot SDK, and other features.
The best practice for a cloud environment is to use the tools provided by the cloud provider. That's why for Azure cloud, Azure Application Gateway is the most cost-effective solution that you can use. You can use a single Azure Application Gateway instance for load balancing WAF, URL-based routing, and more.
Advanced WAF is well suited for protection against account enumeration attacks, protection against known and new increasing attack vectors through out of the box attack signatures and threat campaigns. Also, up to date and accurate IP intelligence database to block based on known IP reputation.
Uploading images by multiple end-users from several applications like web, mobile, etc.
When there is a high volume of data requests, it helps to queue them based on the type of request. So it's easy to serve and reduce the loading time from the application layer.
An application gateway is useful when it can identify the type of details the user is requesting.
So the product definitely is helping us for sudden attacks through DDOS, some injection ingestion into UI URLs, and definitely it's capturing those and I definitely see that as an advantage for us. They can stop the hackers from using our endpoints.
The UI for events. E.g., clicking the "Accept" button does nothing.
Traffic learning suggestions are often very incorrect. We were originally suggested to use "Automatic" learning, and had to completely scrap the policy due to the suggestions.
"All in one" dashboard for viewing application URL/parameter overrides per policy.
Most of the Application Gateway's features and services can be managed and re-configured via either the Azure Portal GUI or via the Azure Cloud Shell, thus allowing both CLI modes, i.e. Azure CLI (Bash) and Azure Powershell. The v2 version of Application Gateway has significantly improved performance during initial configuration or during re-configuration changes, thus making it much more usable for IT admins, as compared to v1.
Most* of it is very intuitive and easy to use. The "Help" section is fairly fantastic. See some of my other comments about things like the "Traffic Learning" section being wildly wrong sometimes, and also the event logs with UI buttons that don't do anything. Overall though, it's an excellent product.
HAProxy is an excellent load balancer that can also be used in cloud environments (and we do!), and is relied by hyper-large enterprises globally as well. However, HAProxy is a little bit more rudimentary in feature space, it does the core job well and securely, but doesn't provide any fancy additional features. Also, it takes more effort to deploy HAProxy than simply using an in-built feature in the Azure stack.
I believe that in the case of Big-IP F5, it has a lot of power, a lot of features including the VPN features and also the evaluation of security posture of the devices that connect through VPN. That's very solid and that's something that is not found in all the WAF solutions and so I haven't seen that in Azure.
In our case it has been great because the pricing is just right for all the features that we have on the platform and the flexibility. In fact, we acquired another license last year, so that's something that we're interested in. We are currently moving towards the cloud with our ERP systems and eliminating the IBM platform, so we would like to see that F5 virtual option available on Azure.