Re: Firewall vs Azure

masenyam53796 · ‎01-31-2020

Hi Cisco community team

I have a situation where the Application teams wants to replace the perimeter firewall with Azure Firewall claiming that they function similarly. This firewall will terminate VPN tunnels for employees coming from the internet into the LAN environment. This vpn is used to manage internal routers, switches and also offer general access to company resources like ess, network files etc.

My question is - will Azure firewall replace the perimeter firewall (ASA) by offering these services?

Mark Malone · ‎01-31-2020

Hi
There both stateful firewalls so yes they are similar obviously one being cloud and the other hardware but if you want to know whats best you should do a proof of concept (POC) before using them , ASA is not really a good firewall anyway its a VPN concentration device mostly, compared to PAs and fortinets it wouldnt rate up there with most security experts ive met for front line defense and even now its all moving to host base protection rather than perimeter fws, we wont use them in front facing perimeter either for those reasons but it all depends on what you want it for an what level of device you get as there are few types of ASAs and again what license services you purchase with it but if its just for using as vpns and basic security im fairly sure both should not have an issue but usually you bench test them and POC them before purchase and see whats better for your environment , would be difficult to make a call without seeing all factors involved and a POC will show that

and thats just my opinion on how i would look at it and try get the answer , other users may have a different take ..