Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Fortinet FortiWeb Web Application Firewall WAF (PAYG)

Fortinet Inc.

Reviews from AWS customer

5 AWS reviews

External reviews

43 reviews
from and

External reviews are not included in the AWS star rating for the product.

    Soe Min H.

Absolutely Love This Cloud Sec!

  • October 22, 2025
  • Review provided by G2

What do you like best about the product?
1. Extremely Simple and Fast Deployment
2.Ease of Integration
3.Ease of Use
4.Cost-effective
What do you dislike about the product?
1. Less Flexibility than Competitors like F5, Imperva
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
What problems is the product solving and how is that benefiting you?
FortiAppSec addresses two critical challenges in my web application: the expanding, invisible API attack surface and the complexity of traditional WAF management. It solves the visibility issue by automatically discovering and cataloging all API endpoints through analysis of live traffic, providing complete command over all exposed assets. Furthermore, it simplifies operations by deploying as a cloud service in minutes via a simple DNS change, which significantly reduces operational overhead and allows teams to focus on strategy rather than continuous, complex WAF tuning.

    Food Production

Excellent Content Acceleration and Caching, No Complaints

  • October 16, 2025
  • Review provided by G2

What do you like best about the product?
caching, content routing, accelerating content delivery via globally distributed servers.
What do you dislike about the product?
Nothing to say. Very useful and good working features.
What problems is the product solving and how is that benefiting you?
Evolving threats & zero-day / sophisticated attacks.

    Nithinya G.

Comprehensive Security Application

  • October 14, 2025
  • Review provided by G2

What do you like best about the product?
It's comprehensive security and highly user friendly.
What do you dislike about the product?
The documentation and configuration could have been much simple and user friendly
What problems is the product solving and how is that benefiting you?
It is solving the operational complexity and it provides simplified security

    Mihir R.

Review for FortiAppSec Cloud

  • October 08, 2025
  • Review provided by G2

What do you like best about the product?
This product is straightforward to use and implement. I appreciate its fully managed, cloud-based WAF approach, along with the real-time protection it offers and the responsive customer support. I rely on its machine learning and behavior-based detection features for daily monitoring, and I also value how seamlessly it integrates with other Fortinet products.
What do you dislike about the product?
Limited advanced configurations and custom rule tuning.
What problems is the product solving and how is that benefiting you?
This tool makes both load balancing and security management much simpler.

    Sujit S.

Excellent Protection, Complex Interface

  • October 08, 2025
  • Review provided by G2

What do you like best about the product?
I like that FortiAppSec Cloud provides AI-driven, fully managed WAF protection with minimal tuning required, excellent integration with Fortinet Security Fabric, and strong coverage for web apps and APIs against evolving threats.
What do you dislike about the product?
The interface could be more intuitive, and deeper customization or reporting options would improve flexibility. Integration with non-Fortinet tools also requires extra configuration.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud protects our web apps and APIs from OWASP Top 10 threats and bot attacks while reducing manual management. It improves visibility, automates protection, and strengthens our overall security posture.

    ManjunathA

Effective in protecting web applications include web filtering, DDoS protection, and geo-location blocking

  • May 12, 2025
  • Review provided by PeerSpot

What is our primary use case?

The FortiWeb Web Application Firewall (WAF) is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS or Azure network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.

We focus on websites with FortiWeb Web Application Firewall (WAF). Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.

What is most valuable?

The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.

The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.

What needs improvement?

Their AI technology is good. Overall, Fortinet is only good.

The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.

If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.

The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.

There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.

For how long have I used the solution?

I have been working with them for Five years.

How are customer service and support?

The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.

When going for multiple websites, the price also reduces.

What other advice do I have?

I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).

Both web application firewalls and next-generation firewalls are available, which we are doing daily.

I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.

It is the best option on the market.

I rate FortiWeb Web Application Firewall (WAF) eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other

    Mohammed S.

I'm an technical support for a lot of network security products

  • March 27, 2025
  • Review provided by G2

What do you like best about the product?
FortiWeb is the best Solution for the company that publish it's Website or the company that need to access the internet
What do you dislike about the product?
Nothing it's a customized product for the big organization
What problems is the product solving and how is that benefiting you?
It can filter all the URLs and customize the sites that I can login and also help me to protect my network from any attacks.

    reviewer2641242

Offers competitive pricing and robust channel support with good training

  • January 09, 2025
  • Review provided by PeerSpot

What is our primary use case?

I mentioned that the firewalls, such as the one from Fortinet, help protect my infrastructure from outside attacks. They perform a lot of network scanning and do not allow any unauthorized person to access my details and data. That's their application. A similar action is performed by the web application firewall, where web applications are restricted to certain users. This means that not anyone with malicious intent can access my web application content.

What is most valuable?

The good thing about Fortinet is that their enablement is very good in terms of training me and enabling resources on their technology. 

Secondly, if I look at their pricing, Fortinet's pricing is way more competitive than Cisco or Palo Alto. They have almost 45% share in the firewall market, as per IDC. Fortinet is a large-sized company where their channel program is very robust and very flexible. They also understand the different personas of the channel stakeholders. In that way, they are rapidly growing in the channel ecosystem space and have started getting a lot of business. They are replacing many big traditional players in that space.

What needs improvement?

There are some issues pertaining to the migration. If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall. There is some integration work required to do that.

For how long have I used the solution?

I have been working with Fortinet for almost one year and eight or nine months.

How are customer service and support?

Their support is truly exceptional when I compare it with similar large-sized companies. In that category, they are top-notch at this point in time.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I was with SquadCast earlier.

Which other solutions did I evaluate?

F5 is a leader. They have some technical supremacy. F5 is more in demand, however, other players like Radware are also available in the market.

What other advice do I have?

I would rate the solution eight out of ten at least. 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other

    Andreas Lalos

Enhanced application protection with an extensive attack signature library

  • November 11, 2024
  • Review provided by PeerSpot

What is our primary use case?

FortiWeb is used for web application protection. It protects a web application against attacks targeting their web applications, such as cross-site scripting, SQL injection, and other common application-specific attacks.

How has it helped my organization?

FortiWeb allows the organization to operate efficiently without any downtime or serious security breach.

What is most valuable?

FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications. It also has a very low rate of false positives and incorporates other FortiGuard capabilities, such as detection of botnet traffic.

What needs improvement?

For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.

For how long have I used the solution?

I have been working with FortiWeb for approximately four years, maybe more.

What do I think about the stability of the solution?

FortiWeb has proven to be very stable and does not introduce latency in the network.

What do I think about the scalability of the solution?

The product can scale according to the organization's traffic and architecture. It is available as a virtual appliance and a hardware appliance.

How are customer service and support?

Fortinet provides very good support, which I would rate as eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

At the moment, we are only working with Fortinet and not with other web application firewalls.

How was the initial setup?

Someone without prior experience with the product might find it challenging to deploy. However, Fortinet provides good online training to assist administrators.

What was our ROI?

The total cost of ownership should be calculated based on the actual protection it offers to the application. Deploying FortiWeb can save 20% to 30% of resources within the organization.

What's my experience with pricing, setup cost, and licensing?

FortiWeb uses a subscription-based license, but there is also an option for a perpetual license. It's not the cheapest solution. That said, it is worth the investment.

Which other solutions did I evaluate?

I have experience with other web application products.

What other advice do I have?

I'd rate the solution nine out of ten.

    Martin Janzsó

Has good integration with load-balancing applications

  • September 05, 2024
  • Review provided by PeerSpot

What is our primary use case?

Our company provides data center and cloud services as infrastructure providers. When customers need infrastructure like VMs or server allocation, we provide them with the vendor and offer services to operate, manage, implement, and integrate these security components.

What is most valuable?

The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection.

What needs improvement?

Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.

For how long have I used the solution?

I have been using the product for four to five years. 

What do I think about the stability of the solution?

I rate the tool's stability a nine out of ten. 

What do I think about the scalability of the solution?

It's not good with normal perpetual licensing, but we can solve the problem using flex licensing. That's why I'd rate it nine out of ten. We're satisfied with it. Many of our customers, including small, medium, and enterprise businesses, use FortiWeb WAF.

How was the initial setup?

I rate the tool's deployment ease as seven out of ten. We have spent about 600 working hours to implement it. 

What's my experience with pricing, setup cost, and licensing?

The product provides very good prices to customers. The price is set well and offers great value for money.

What other advice do I have?

I rate the overall solution an eight out of ten. I advise others looking to use FortiWeb WAF to create deeper policy rules.

Which deployment model are you using for this solution?

On-premises

showing 1 - 10