Sold by: Fortinet Inc.
Deployed on AWS
The Complete OWASP Top 10 Ruleset delivers comprehensive web application protection to protect against the OWASP Top 10 web application threats
4.1
Overview
Video
Video 1
Video
Video 2
This listing is for AWS WAF Classic only. Fortinets WAF rulesets are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Complete OWASP Top 10 Ruleset combines Fortinets other AWS WAF rulesets into one comprehensive package to protect web applications and to cover the entire list of OWASP Top 10 web application threats. Included are the SQLi/XSS, General and Known Exploits, and Malicious Bots rulesets.
For extended web application firewall features such as detailed trigger/event visibility, custom whitelisting and dedicated tools to fine tune and manage detections as well as detailed event visibility and AI-based behavioral attack detection you can try the FortiWeb Cloud Product: https://aws.amazon.com/marketplace/pp/prodview-rbkvcwsvcpgsk?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
For more information on AWS WAF Classic, you can find documentation here: https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html
Pricing information: Pricing consists of two dimensions:
- $30 per month for each web ACL using the Fortinet Managed Rules, per region
- $1.8 per million requests in each region
Pricing examples:
pricing example: 2x web acl in a single region (ie us-east-1)
Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month
pricing example: 2x web acl in two regions (ie us-east-1 & us-east-2)
Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month
pricing example: 3x web acl in two regions and one using a CloudFront (ie us-east-1, us-east-2, CloudFront)
Managed rule group charges = $90.00 (3x units for 3x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $108.00/month
Highlights
- Complete set of all rules offered by Fortinet
- Can be configured to log, alert and/or block
- Regular updates from FortiGuard Labs
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $30.00 |
Charge per million requests in each available region | $1.80 |
Vendor refund policy
Non-Refundable
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support offered by Fortinet. Contact Fortinet directly by email - awswaf@fortinet.com . Please see FAQ for more info.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cyber Security Cloud Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
OWASP Top 10 Coverage
Comprehensive protection against the complete OWASP Top 10 web application threats including SQLi/XSS, general exploits, known exploits, and malicious bots
Threat Signature Updates
Regular updates from FortiGuard Labs with latest threat information and security signatures
Rule-Based Detection Actions
Configurable detection modes supporting logging, alerting, and blocking capabilities
Web Application Firewall Signatures
Security signatures derived from FortiWeb web application firewall service
Threat Intelligence Integration
Rulesets regularly updated with latest threat alerts using Cyber Threat Intelligence
OWASP Top 10 Coverage
Comprehensive protection against all OWASP Top 10 Web Application Threats
Code Injection Prevention
Managed rules targeting code injection techniques including SQLi, NoSQLi, and OS command injection
Technology-Specific Vulnerability Protection
Dedicated rules for known exploits in Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Malicious Bot Detection
Malicious Bots rulesets included for bot-based threat mitigation
OWASP Top 10 Attack Protection
Provides protection against web attacks including SQL injection, cross-site scripting (XSS), command injection, NoSQL injection, path traversal, and predictable resource exploitation.
Managed Rule Updates
Rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without requiring manual intervention.
AWS WAF Integration
Rules can be attached to AWS WAF instances for immediate deployment and protection enhancement.
Automated Threat Detection
Utilizes security expertise to identify and mitigate vulnerabilities that are part of the OWASP Top 10 attack vectors.
Pay-as-You-Go Licensing Model
Rules are licensed on a consumption-based pricing structure where usage determines costs.
Standard contract
No
No
No
Customer reviews
Mohan Janarthanan
Advanced threat protection has secured payment transactions and improved API defenses
Reviewed on Feb 12, 2026
Review from a verified AWS customer
What is our primary use case?
I work with Fortinet Managed Rules for AWS WAF and have been using it for the last eight months. I am using it for Web Application Firewall and API protection.
What is most valuable?
What stands out for me about Fortinet Managed Rules for AWS WAF is that it implements protection against OWASP Top 10 application security threats.
In the financial segment, I am able to protect the Payment Card Industry Data Security Standards, and this PCI DSS compliance helps me configure payment gateway integrations while also protecting against bot mitigations and utilizing the machine learning capabilities of FortiWeb.
I am using customizable rule sets. Normally, what I do is first put the application in learning mode to observe the application traffic, identify vulnerabilities, and understand what zero-day protections are missing in the current application. FortiAI assist provides contextual decision-making for integrating policy fine-tuning. After observing traffic for 15 days, I then switch to blocking mode on the application front. Built-in analytics for real-time attacks include machine learning capabilities, which is why I opted for Fortinet Managed Rules for AWS WAF to protect against bot attacks, skimming, and DDoS attacks, along with API protection.
Continuous threat intelligence updates provide real-time protection, which has a significant impact on my web application security. FortiCare Elite solution options enable me to get immediate support, typically within 15 minutes, for any challenges I face with web application integration on the platform. I am utilizing real-time threat intelligence updates as a default configuration.
Fortinet Managed Rules for AWS WAF provides positive feedback by protecting web applications and API protection while blocking advanced threats. The purpose of implementing this application protection is working fine.
What needs improvement?
The basic functionality of protecting against OWASP Top 10 vulnerabilities is standard for any WAF solution; however, I am concerned about Fortinet's effectiveness with modern web applications since it protects not only monolithic applications but also Kubernetes applications.
My core concern regarding the product lies in the reporting functions, where I face limitations, particularly tenant-wise. I cannot generate individual reports for multiple tenants.
For how long have I used the solution?
I have only been using Fortinet Managed Rules for AWS WAF for the past eight months.
What do I think about the stability of the solution?
Stability for Fortinet Managed Rules for AWS WAF is good; there were issues during implementation, but the product has stabilized after that.
What do I think about the scalability of the solution?
Fortinet Managed Rules for AWS WAF is a scalable product, especially since it is currently running in the cloud.
How are customer service and support?
I have dealt with Fortinet support, and I would say their technical support is good.
I have taken FortiCare Elite, which allows me to receive support within 15 minutes.
I would rate the support an eight out of ten.
As of now, I am not facing many issues that they need to improve upon to reach a ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Earlier, I previously used F5 and Check Point due to multiple requirements, including multiple tenants, so I decided to avoid a single point of failure for every company and thus chose multiple products.
How was the initial setup?
The installation process for Fortinet Managed Rules for AWS WAF is usually straightforward and easy.
What about the implementation team?
I used a partner to deploy it, not in-house.
What was our ROI?
I have only been using Fortinet Managed Rules for AWS WAF for the past eight months, so I believe I would need a year to comment on return on investment.
What's my experience with pricing, setup cost, and licensing?
I would say the price for Fortinet Managed Rules for AWS WAF is somewhat reasonable compared to Check Point web application firewall and F5, making it an acceptable option.
Which other solutions did I evaluate?
In terms of the technical side, the primary difference I notice is that FortiWeb has fewer false positives compared to Check Point and F5. This efficiency is due to their threat intelligence sharing across platforms, including Fortinet firewall and all EDR solutions, which leverage threat intelligence from FortiGuard to easily identify bad actors.
What other advice do I have?
The AWS Marketplace is very new to me; I did not buy Fortinet Managed Rules for AWS WAF from there.
Some issues during implementation included signature blocking and other typical challenges that arise with application protection on any web application tool, which requires time to understand the operating system and backend environment.
I would rate this product closer to nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Welli A.
AWS WAF - API Gateway
Reviewed on Sep 05, 2023
Review provided by G2
What do you like best about the product?
This feature makes it very easy for developers like me. With this feature, I can create new projects quickly and easily!
What do you dislike about the product?
So far I'm using this feature well for problems I can still fix and I still like it
What problems is the product solving and how is that benefiting you?
So far I'm using this feature well for issues I can still fix and I still like it
M T.
34
Reviewed on Sep 05, 2023
Review provided by G2
What do you like best about the product?
Fortinet Managed Rules for AWS WAF - API Gateway offers robust pre-configured security rules, real-time threat intelligence, and seamless AWS integration, providing a comprehensive and easy-to-manage solution for safeguarding your API Gateway deployments.
What do you dislike about the product?
but I do not have access to specific user feedback or examples regarding Fortinet Managed Rules for AWS WAF - API Gateway. If you have specific questions or concerns about the service, I recommend reaching out to Fortinet directly or consulting online resources and reviews to gather information on user experiences, likes, and dislikes related to this product.
What problems is the product solving and how is that benefiting you?
Fortinet Managed Rules for AWS WAF - API Gateway aims to address several common security challenges associated with protecting web applications and APIs. Here's how it can benefit organizations:
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
R M.
Definitely recommend
Reviewed on Sep 04, 2023
Review provided by G2
What do you like best about the product?
Fortinet Managed Rules for AWS WAF are a game-changer when it comes to securing your AWS API Gateway. In a nutshell, this solution provides robust protection against a wide array of threats while offering ease of implementation and customization options.
One of the standout features is the ease of implementation. Even for those with limited prior experience in WAF management, setting up Fortinet's Managed Rules is a breeze. Well-documented guides and responsive support make the process straightforward.
The core strength of Fortinet Managed Rules lies in its comprehensive protection. It offers a broad set of rules that cover numerous threats, from SQL injection to cross-site scripting. This breadth enhances security by safeguarding against both known and emerging threats.
One of the standout features is the ease of implementation. Even for those with limited prior experience in WAF management, setting up Fortinet's Managed Rules is a breeze. Well-documented guides and responsive support make the process straightforward.
The core strength of Fortinet Managed Rules lies in its comprehensive protection. It offers a broad set of rules that cover numerous threats, from SQL injection to cross-site scripting. This breadth enhances security by safeguarding against both known and emerging threats.
What do you dislike about the product?
Complexity for Beginners: While Fortinet provides documentation and support, users who are new to web application firewall (WAF) management might find the initial setup and rule configuration process somewhat complex. It may require a learning curve, especially for those unfamiliar with AWS WAF concepts.
Cost Considerations: The cost of implementing Fortinet Managed Rules can be a concern for smaller organizations or startups. Depending on the level of protection and customization needed, the pricing might not fit every budget.
Cost Considerations: The cost of implementing Fortinet Managed Rules can be a concern for smaller organizations or startups. Depending on the level of protection and customization needed, the pricing might not fit every budget.
What problems is the product solving and how is that benefiting you?
Fortinet Managed Rules for AWS WAF in API Gateway tackle various security challenges and deliver substantial benefits to organizations. They provide protection against web application attacks, including common threats like SQL injection and cross-site scripting. This proactive defense prevents data breaches and unauthorized access to APIs. Real-time threat detection and mitigation capabilities are pivotal. Quick identification and response to potential threats minimize attack impact and maintain data integrity.
mahnaz f.
I have 2 project experiences using Fortinet Managed Rules for AWS WAF with API Gateway
Reviewed on Sep 03, 2023
Review provided by G2
What do you like best about the product?
as a .NET Core developer, you might find that one of the benefits of using Fortinet Managed Rules for AWS WAF - API Gateway is that it provides an easy-to-use solution for adding an extra layer of security to your web applications running on AWS API Gateway. The service offers pre-configured rules that can be easily integrated into your application, helping to protect against common web-based attacks. This can save you time and effort when it comes to implementing security measures for your application.
What do you dislike about the product?
as a .NET Core developer, you might find that one of the potential drawbacks of using Fortinet Managed Rules for AWS WAF - API Gateway is that it may add some additional latency to your application. This is because the service inspects incoming web requests and applies the configured rules before allowing the request to reach your application. While this added latency may be minimal, it is something to consider when deciding whether or not to use this service. Additionally, the cost of using this service may be a concern for some users as it is a paid service.
What problems is the product solving and how is that benefiting you?
Security: Fortinet Managed Rules provide pre-configured rules that help protect your web applications from common web-based attacks such as SQL injection and cross-site scripting (XSS). By using these rules, you can enhance the security of your applications running on AWS API Gateway.
Compliance: If your application needs to meet specific compliance requirements, such as PCI DSS or HIPAA, Fortinet Managed Rules can help you meet those requirements by providing a set of security rules and configurations that align with industry standards.
Simplified Implementation: Fortinet Managed Rules offer an easy-to-use solution for adding security to your applications. The rules are designed to integrate seamlessly with AWS API Gateway, making it convenient for .NET developers to implement and manage security measures without extensive manual configuration.
Time and Cost Savings: By leveraging Fortinet Managed Rules, you can save time and effort in implementing and maintaining custom security rules. The pre-configured rules provided by the service eliminate the need for you to create and manage complex rule sets from scratch, potentially reducing development and maintenance costs.
Overall, Fortinet Managed Rules for AWS WAF - API Gateway is solving security-related problems that can benefit .NET developers by providing an easy-to-use, pre-configured solution that enhances the security of their web applications running on AWS API Gateway, while also potentially saving time and cost.
Compliance: If your application needs to meet specific compliance requirements, such as PCI DSS or HIPAA, Fortinet Managed Rules can help you meet those requirements by providing a set of security rules and configurations that align with industry standards.
Simplified Implementation: Fortinet Managed Rules offer an easy-to-use solution for adding security to your applications. The rules are designed to integrate seamlessly with AWS API Gateway, making it convenient for .NET developers to implement and manage security measures without extensive manual configuration.
Time and Cost Savings: By leveraging Fortinet Managed Rules, you can save time and effort in implementing and maintaining custom security rules. The pre-configured rules provided by the service eliminate the need for you to create and manage complex rule sets from scratch, potentially reducing development and maintenance costs.
Overall, Fortinet Managed Rules for AWS WAF - API Gateway is solving security-related problems that can benefit .NET developers by providing an easy-to-use, pre-configured solution that enhances the security of their web applications running on AWS API Gateway, while also potentially saving time and cost.