Fortinet Managed Rules for AWS WAF - Complete OWASP Top 10

The main use case for Fortinet FortiWeb  is handling huge amounts of data from the customer side when they lack proper data structure. Customers request a solution that can manage large volumes of data and classify it, which is the primary reason they select Web Application Firewalls .

Additionally, they seek to protect and separate applications within their network between production and non-production environments, as well as define bandwidth allocation for approved applications and restrict forbidden ones.

Fortinet does not have the best Web Application Firewall  in the world, but they do have interoperable systems. From the customer side, especially if they are already buying FortiGates, firewalls, mail, proxy, and other solutions, it becomes much easier for them to purchase Fortinet FortiWeb . This is because there is one technical support team and a single point of contact from the vendor side when they need technical expertise.

The main benefits provided to users who already have other Fortinet solutions include better economics and easier maintenance due to unified technical support and a convenient single point of contact. Updates are much easier because Fortinet has one operating system for all their products. If the customer buys a manager as the central console of the whole system, they can operate all systems from one console and deploy all updates, renewals, or other changes.

Fortinet can improve their technical support, especially the response time. There appears to be an issue with their SLA. When a customer opens a ticket, it is picked up within one or two hours. However, after the customer submits a specific question and requests troubleshooting help from Fortinet support, it takes at least three to five days to provide a proper answer. The response time from the support team is an area that requires improvement.

We are a distributor and I continue to work with Fortinet solutions as a reseller distributor.

I have not received any complaints or reports of issues from our partners or our technical team regarding stability. Perhaps three or four years ago there was an incident at a customer site in Serbia, but that was not related to Fortinet. The issue was related to network segmentation because they could not reach all logs from their network. The problem was not from Fortinet but from the Cisco ASA , not the switch.

For scalability on a scale from one to ten, Fortinet FortiWeb is very scalable and it is easy to improve the bandwidth and the system. You can add additional boxes that combine together to achieve a bigger throughput for investigation and research.

I have not received any complaints from the partner side regarding troubles or issues with implementation. The implementation of Fortinet FortiWeb and WAF into the Fortinet ecosystem proceeded very smoothly.

That is a question for the technical part of my team and is not within my area of responsibility.

We primarily sell Fortinet's flagship model, which is FortiGate, their next-generation firewall. After that, we sell switches, wireless devices, and solutions such as mail, web protection, and EDR. These are the most sold products in Serbia from Fortinet's portfolio.

We have recently closed a deal in Serbia with Fortinet FortiWeb.

The documentation is excellent, particularly the implementation manual. The pricing is very competitive compared to most vendors producing similar solutions. When comparing Fortinet FortiWeb to F5 BIG-IP , which is their matching solution, Fortinet FortiWeb uses smaller boxes while meeting the same technical specifications. This automatically makes Fortinet FortiWeb cheaper than F5. F5 is considered the most sold vendor in this area for Web Application Firewalls globally, and Fortinet FortiWeb offers better pricing in comparison. I would rate this product a ten out of ten.

I am familiar with Fortinet FortiWeb , and I'm working with the product. I have been using Fortinet FortiWeb  in my organization for the last three years. We are using Fortinet FortiWeb as a security solution because a few applications are running on our website through which external users are hitting our application. We have installed this product for outside users, not inside users, especially for outside users from the organization.

Reporting  in Fortinet FortiWeb is very good. Fortinet FortiWeb has positively impacted my organization because most of our servers and applications are secure from hackers and other security threats. We have a lot of security challenges, but with the installation of Fortinet FortiWeb, we have reduced many security threats with its help.

The reason it took one week to ten days is that fine-tuning is a challenge, as we have many applications behind the product. Fine-tuning took this time; otherwise, installation is one to two days of work only. Fine-tuning is a room for improvement in Fortinet FortiWeb.

I have been using Fortinet FortiWeb in my organization for the last three years.

I would rate the technical support of Fortinet as fine; they provide very nice technical support and are responsive.

We do not have options to replace it with another solution because we have installed it and we are using it. We have trained manpower, and it is not easy to replace.

The deployment of Fortinet FortiWeb was actually easy and our team is managing it quite easily. The deployment of Fortinet FortiWeb in my case took one week to two weeks.

I have a dedicated team to manage the product. For this purpose, we have only one engineer in our technical team.

With pricing, I think Fortinet FortiWeb is a reasonable price compared to other products like Barracuda, as it is cheaper than Barracuda or maybe competitive. Most security products charge less at the time of purchase because of competition, but when we go to renewals, the prices become very high.

I have used Fortinet FortiWeb's integration features. We have easily integrated all of the applications with the product. Most of the applications we are using are in-house built.

My technical team is looking after the best features. I have not used it extensively for maybe two and a half years. I have been involved in the installation, but I am not actually using the product. I work with it from time to time but not extensively.

I would assess Fortinet FortiWeb's adaptive machine learning and artificial intelligence as having new patches installed regarding artificial intelligence, but when we bought it, I think the learning feature was there. Now they have installed artificial intelligence features through patches.

We have a complete portfolio of Fortinet in our organization, including FortiMail , Fortinet FortiWeb, and FortiGate, along with multi-factor authentication. All of the products are from Fortinet. Fortinet tools integrate with each other and work in conjunction.

I think Fortinet FortiWeb has helped us meet regulatory compliance because we are not a regulatory organization, but our sister organization is regulatory. We have regulatory compliance with the International Civil Aviation Authority, whose audit teams have checked our data center and these security products, and they are satisfied with us. The question about leveraging Fortinet FortiWeb's automated policy management does not pertain to my domain because I am not so technical, but I am in a management role now. My engineer is more technical than me.

I would rate this product an eight point five out of ten.

Fortinet FortiWeb is very good as a web application solution. I have been working with Fortinet FortiWeb since 2020.

When using Fortinet FortiWeb, it will not leak your real IP address. Your HTTP, HTTPS, and IMT file will be secured, and the signature should be upgraded. A VIP IP address is required. That IP will be translated to Fortinet FortiWeb. When the user browses the website, it will reach Fortinet FortiWeb only, not reaching the server directly.

Fortinet FortiWeb enhances web security with its effective features that handle inbound and outbound traffic.

There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firmware versions and releasing them before checking, which leads to many bugs in these versions.

The reason for not giving Fortinet FortiWeb an eight is because every 45 to 60 days, they are releasing a patch. Without checking these patches, users face many issues, which are called bugs, and some policies will not work.

I have been working with Fortinet FortiWeb since 2020.

Deploying Fortinet FortiWeb is not difficult. If you install the VM, it uses the same console. If you install on-premise, it also uses the same console. It depends on where the web server machine is available. If it is in the cloud, we need to use VM devices. If it is on-premises, we use on-premise devices.

Regarding stability, I would rate Fortinet FortiWeb a seven out of ten.

Regarding scalability, I would rate Fortinet FortiWeb a 4.5 out of ten.

Fortinet provides very good support and services for everyone regarding future updates of Fortinet FortiWeb.

I did not work with Cortex Xpanse and Cortex XCM solutions. A different cybersecurity team in our parent company handles those solutions.

If the customer provides the proper information, I can complete everything regarding installation, setup, and configuration of Fortinet FortiWeb within three hours.

I perform maintenance for Fortinet FortiWeb for my customers and help them troubleshoot. I am the person involved in the maintenance of Fortinet FortiWeb.

The pricing for Fortinet FortiWeb varies with different models having different prices. It depends on the requirement. For VM machines, the price increases based on CPU configurations of 2, 4, or 8 CPUs.

Compared to other vendors, Fortinet FortiWeb has competitive pricing in the market. For partners, pricing depends on partnership level, such as Gold or Silver.

I would recommend Fortinet FortiWeb to organizations specifically for two or three servers. For larger environments with more than 100 servers, I would recommend F5 BIG-IP.

I have not utilized Fortinet FortiWeb's machine learning capabilities, as I only perform configuration based on customer requirements.

The compliance version of Fortinet FortiWeb has firmware version stability issues.

Fortinet FortiWeb offers three solutions: on-premises and VM solutions.

My overall rating for Fortinet FortiWeb is six out of ten.

The FortiWeb Web Application Firewall (WAF)  is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS  or Azure  network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.

We focus on websites with FortiWeb Web Application Firewall (WAF) . Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.

The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.

The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.

Their AI technology is good. Overall, Fortinet is only good.

The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.

If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.

The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.

There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.

I have been working with them for Five years.

The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.

The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.

When going for multiple websites, the price also reduces.

I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).

Both web application firewalls and next-generation firewalls are available, which we are doing daily.

I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.

It is the best option on the market.

I rate FortiWeb Web Application Firewall (WAF) eight out of ten.

Our primary use case for Fortinet FortiWeb  is application security, specifically web application security for our customers. We focus on securing their web apps, as the major purpose is to provide strong application security.

The most valuable features of Fortinet FortiWeb  are its basic features of WAS top ten, DDoS attacks, and bot attacks. Additionally, the machine learning-based threat detection is significant, as it uses a learning method that eases the configuration burden, making it very useful. The AI-driven threat detection enhances protection capabilities, and the product is equipped with hardware acceleration, improving performance considerably. Fortinet has improved its performance multifold.

The cloud-based security service of Fortinet FortiWeb could be enhanced to match the level of providers like Cloudflare . Right now, it is more focused on on-prem solutions, and there is a need to strengthen its cloud presence to offer comparable services.

I have been working with Fortinet FortiWeb for three to four years.

We have deployed Fortinet FortiWeb within a week for multiple setups, depending on the number of services. Generally, we have not encountered many difficulties with deployments across various use cases.

In terms of stability, Fortinet FortiWeb is very stable. We have not faced any significant issues during deployments, and it functions as expected without major hiccups.

We haven't conducted very large deployments, but there have been no complaints regarding performance or scalability from our customers, so scalability has not been a challenge for us.

Fortinet's customer support needs improvement. The expertise of engineers varies across different time zones, affecting the effectiveness of the support provided, especially during our daytime.

The initial setup of Fortinet FortiWeb is easy. Compared to other solutions like Check Point, setting it up is straightforward.

Our customers have seen a significant ROI with Fortinet FortiWeb. The three to five years TCO (Total Cost of Ownership) is very favorable.

Fortinet FortiWeb is cost-effective compared to solutions like F5. It offers strong performance for the price, providing substantial value for our customers.

Fortinet FortiWeb is a good and underrated product for web application security. It's especially beneficial for those already using Fortinet firewalls, offering a unified interface and comprehensive security. Integration with existing infrastructures, including custom applications, has been smooth without notable challenges. I would rate the overall solution as an 8 out of 10.