Does anyone have experience of both Azure Firewall and FortiGate NGFWs? Or tips for comparing FW offerings?

Top Answer: We use both in Azure. The reason we have Fortigate VM is that we have Fortigate physical appliances on-prem so it all tights together in their security fabric. Fortigate costs more especially if you add the UTM license so we have workloads that run behind Azure firewall as it make sense for them. Azure firewall is an ok firewall, cost effective solution, but its just that. Does not have the full capabilities of Fortigate UTM device or any other enterprise NGFW like Checkpoint or PaloAlto. Its like comparing Fiat and Ferrari. But if you just need to go from point A to B and don’t care how fast or reliable the drive is, Fiat might be ok for you :) For sure Fortigate has more features, better support etc but it come with a price. Now, generally it comes at a better price point then Checkpoint and PaloAlto but its more expensive then Azure FW. In my opinion you need to start with making a list of items you need your firewall to do. What are your requirements and use case. If Azure firewall meets your needs than it can be a more cost effective solution, but for example if your team is already trained on Fortigate or you already have FortiAnalyzer and FortiManager license purchased, then maybe the TCO of Fortigate will makes more sense.

Related Tags
Which is better: a one-vendor firewall strategy, or a two-vendor firewall strategy?  Why?

Top Answer: There is no right answer here; well, the right answer is  "it depends" :) From a security standpoint, it's best to have multiple vendors and multiple firewalls in this case. If there is a zero-day vulnerability in a firewall from Vendor 1, then the Firewall from Vendor 2 will likely not be affected. Now, having multi-vendor firewalls is more challenging from support and employee training. It is easier to get your team trained on supporting one firewall vendor and keeping up with all new features than training on multiple firewall products. I have been on both ends of the fence, and it's way easier from a management/organizational side to deal with one vendor/product, but it doesn't mean it's the best approach.  Cost is likely increased in multiple vendor strategies. Let's say you need to buy 1000 firewalls. If you buy them from one vendor, your purchasing power is higher, so you can negotiate better pricing vs buying 250 firewalls from 4 different vendors. In the case above, if you need to purchase firewall management software to manage all the policies remotely, firmware updates etc., very likely, having one management product to manage 1000 firewalls will be cheaper than four different vendor management products.  If you are an MSP, then it makes sense to have a multi-vendor strategy to offer an entry-level firewall, mid-range firewall, and enterprise-level depending on the client. They can all be from different vendors, and the differentiator here is the price, support, features etc. Again, it's hard to tell what is better without knowing much about your use case and environment.