Fortinet FortiWeb is very good as a web application solution. I have been working with Fortinet FortiWeb since 2020.
Fortinet FortiWeb Web Application Firewall WAF (PAYG)
Fortinet Inc.External reviews
69 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Robust AI Security and Easy Management, with Room for Smoother Setup
What do you like best about the product?
FortiAppSec Cloud stands out for its AI-driven threat detection and easy deployment. It delivers strong, adaptive protection against web attacks without needing constant tuning, ensuring security and performance while simplifying management through an intuitive, centralized dashboard.
What do you dislike about the product?
FortiAppSec Cloud can sometimes feel complex during initial configuration, especially for advanced policies. Its reporting options could be more detailed, and occasional latency during policy updates slightly affects real-time monitoring efficiency for large-scale deployments.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud protects web applications from threats like SQL injection, cross-site scripting, and DDoS attacks. It automates security management, reduces manual intervention, and ensures compliance—helping maintain uptime, improve data protection, and boost user confidence with consistent, real-time threat mitigation.
Powerful Automated Protection, but Setup and Customization Need Improvement
What do you like best about the product?
What I appreciate most about FortiAppSec Cloud is its robust, automated protection for web applications. Deployment is straightforward, and the solution scales seamlessly to meet growing needs. Its AI-powered threat detection actively blocks attacks as they happen. Additionally, the user-friendly dashboard and comprehensive analytics make managing security both simple and effective.
What do you dislike about the product?
What I find challenging about FortiAppSec Cloud is that, despite its robust capabilities, the initial setup and configuration process can be quite complicated for those who are new to the platform. Making the most of some of its advanced features also demands a certain level of technical expertise. Furthermore, the user interface is not as intuitive as I would like, and the options for customizing reports are somewhat restricted when compared to other solutions.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud safeguards my web applications against cyberattacks and data breaches, helping to minimize the risk of downtime and security incidents. Its automated threat detection and mitigation features save both time and resources, while also maintaining strong compliance and reliable performance for all my applications.
Absolutely Love This Cloud Sec!
What do you like best about the product?
1. Extremely Simple and Fast Deployment
2.Ease of Integration
3.Ease of Use
4.Cost-effective
2.Ease of Integration
3.Ease of Use
4.Cost-effective
What do you dislike about the product?
1. Less Flexibility than Competitors like F5, Imperva
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
What problems is the product solving and how is that benefiting you?
FortiAppSec addresses two critical challenges in my web application: the expanding, invisible API attack surface and the complexity of traditional WAF management. It solves the visibility issue by automatically discovering and cataloging all API endpoints through analysis of live traffic, providing complete command over all exposed assets. Furthermore, it simplifies operations by deploying as a cloud service in minutes via a simple DNS change, which significantly reduces operational overhead and allows teams to focus on strategy rather than continuous, complex WAF tuning.
Excellent Content Acceleration and Caching, No Complaints
What do you like best about the product?
caching, content routing, accelerating content delivery via globally distributed servers.
What do you dislike about the product?
Nothing to say. Very useful and good working features.
What problems is the product solving and how is that benefiting you?
Evolving threats & zero-day / sophisticated attacks.
Comprehensive Security Application
What do you like best about the product?
It's comprehensive security and highly user friendly.
What do you dislike about the product?
The documentation and configuration could have been much simple and user friendly
What problems is the product solving and how is that benefiting you?
It is solving the operational complexity and it provides simplified security
Review for FortiAppSec Cloud
What do you like best about the product?
This product is straightforward to use and implement. I appreciate its fully managed, cloud-based WAF approach, along with the real-time protection it offers and the responsive customer support. I rely on its machine learning and behavior-based detection features for daily monitoring, and I also value how seamlessly it integrates with other Fortinet products.
What do you dislike about the product?
Limited advanced configurations and custom rule tuning.
What problems is the product solving and how is that benefiting you?
This tool makes both load balancing and security management much simpler.
Excellent Protection, Complex Interface
What do you like best about the product?
I like that FortiAppSec Cloud provides AI-driven, fully managed WAF protection with minimal tuning required, excellent integration with Fortinet Security Fabric, and strong coverage for web apps and APIs against evolving threats.
What do you dislike about the product?
The interface could be more intuitive, and deeper customization or reporting options would improve flexibility. Integration with non-Fortinet tools also requires extra configuration.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud protects our web apps and APIs from OWASP Top 10 threats and bot attacks while reducing manual management. It improves visibility, automates protection, and strengthens our overall security posture.
Security measures have improved but patch releases create challenges
What is our primary use case?
What is most valuable?
When using Fortinet FortiWeb, it will not leak your real IP address. Your HTTP, HTTPS, and IMT file will be secured, and the signature should be upgraded. A VIP IP address is required. That IP will be translated to Fortinet FortiWeb. When the user browses the website, it will reach Fortinet FortiWeb only, not reaching the server directly.
Fortinet FortiWeb enhances web security with its effective features that handle inbound and outbound traffic.
What needs improvement?
There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firmware versions and releasing them before checking, which leads to many bugs in these versions.
The reason for not giving Fortinet FortiWeb an eight is because every 45 to 60 days, they are releasing a patch. Without checking these patches, users face many issues, which are called bugs, and some policies will not work.
For how long have I used the solution?
I have been working with Fortinet FortiWeb since 2020.
What was my experience with deployment of the solution?
Deploying Fortinet FortiWeb is not difficult. If you install the VM, it uses the same console. If you install on-premise, it also uses the same console. It depends on where the web server machine is available. If it is in the cloud, we need to use VM devices. If it is on-premises, we use on-premise devices.
What do I think about the stability of the solution?
Regarding stability, I would rate Fortinet FortiWeb a seven out of ten.
What do I think about the scalability of the solution?
Regarding scalability, I would rate Fortinet FortiWeb a 4.5 out of ten.
How are customer service and support?
Fortinet provides very good support and services for everyone regarding future updates of Fortinet FortiWeb.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not work with Cortex Xpanse and Cortex XCM solutions. A different cybersecurity team in our parent company handles those solutions.
How was the initial setup?
If the customer provides the proper information, I can complete everything regarding installation, setup, and configuration of Fortinet FortiWeb within three hours.
What about the implementation team?
I perform maintenance for Fortinet FortiWeb for my customers and help them troubleshoot. I am the person involved in the maintenance of Fortinet FortiWeb.
What's my experience with pricing, setup cost, and licensing?
The pricing for Fortinet FortiWeb varies with different models having different prices. It depends on the requirement. For VM machines, the price increases based on CPU configurations of 2, 4, or 8 CPUs.
Compared to other vendors, Fortinet FortiWeb has competitive pricing in the market. For partners, pricing depends on partnership level, such as Gold or Silver.
Which other solutions did I evaluate?
I would recommend Fortinet FortiWeb to organizations specifically for two or three servers. For larger environments with more than 100 servers, I would recommend F5 BIG-IP.
What other advice do I have?
I have not utilized Fortinet FortiWeb's machine learning capabilities, as I only perform configuration based on customer requirements.
The compliance version of Fortinet FortiWeb has firmware version stability issues.
Fortinet FortiWeb offers three solutions: on-premises and VM solutions.
My overall rating for Fortinet FortiWeb is six out of ten.
Effective in protecting web applications include web filtering, DDoS protection, and geo-location blocking
What is our primary use case?
The FortiWeb Web Application Firewall (WAF) is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS or Azure network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.
We focus on websites with FortiWeb Web Application Firewall (WAF). Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.
What is most valuable?
The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.
The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.
What needs improvement?
Their AI technology is good. Overall, Fortinet is only good.
The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.
If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.
The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.
There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.
For how long have I used the solution?
I have been working with them for Five years.
How are customer service and support?
The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.
When going for multiple websites, the price also reduces.
What other advice do I have?
I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).
Both web application firewalls and next-generation firewalls are available, which we are doing daily.
I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.
It is the best option on the market.
I rate FortiWeb Web Application Firewall (WAF) eight out of ten.
Delivers robust security with significant ROI and seamless integration
What is our primary use case?
Our primary use case for Fortinet FortiWeb is application security, specifically web application security for our customers. We focus on securing their web apps, as the major purpose is to provide strong application security.
What is most valuable?
The most valuable features of Fortinet FortiWeb are its basic features of WAS top ten, DDoS attacks, and bot attacks. Additionally, the machine learning-based threat detection is significant, as it uses a learning method that eases the configuration burden, making it very useful. The AI-driven threat detection enhances protection capabilities, and the product is equipped with hardware acceleration, improving performance considerably. Fortinet has improved its performance multifold.
What needs improvement?
The cloud-based security service of Fortinet FortiWeb could be enhanced to match the level of providers like Cloudflare. Right now, it is more focused on on-prem solutions, and there is a need to strengthen its cloud presence to offer comparable services.
For how long have I used the solution?
I have been working with Fortinet FortiWeb for three to four years.
What was my experience with deployment of the solution?
We have deployed Fortinet FortiWeb within a week for multiple setups, depending on the number of services. Generally, we have not encountered many difficulties with deployments across various use cases.
What do I think about the stability of the solution?
In terms of stability, Fortinet FortiWeb is very stable. We have not faced any significant issues during deployments, and it functions as expected without major hiccups.
What do I think about the scalability of the solution?
We haven't conducted very large deployments, but there have been no complaints regarding performance or scalability from our customers, so scalability has not been a challenge for us.
How are customer service and support?
Fortinet's customer support needs improvement. The expertise of engineers varies across different time zones, affecting the effectiveness of the support provided, especially during our daytime.
How would you rate customer service and support?
Negative
How was the initial setup?
The initial setup of Fortinet FortiWeb is easy. Compared to other solutions like Check Point, setting it up is straightforward.
What was our ROI?
Our customers have seen a significant ROI with Fortinet FortiWeb. The three to five years TCO (Total Cost of Ownership) is very favorable.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiWeb is cost-effective compared to solutions like F5. It offers strong performance for the price, providing substantial value for our customers.
What other advice do I have?
Fortinet FortiWeb is a good and underrated product for web application security. It's especially beneficial for those already using Fortinet firewalls, offering a unified interface and comprehensive security. Integration with existing infrastructures, including custom applications, has been smooth without notable challenges. I would rate the overall solution as an 8 out of 10.
showing 11 - 20