We use the solution in our headquarters. We have some agents outside our company.

The solution is transparent and smooth. So far, the tool has integrated well with our existing security infrastructure.

The price is a little higher than the competitors.

I have been using the solution for more than five years.

The technical support team is okay.

We have a consultant who gives us advice about the implementation.

Overall, I rate the product a nine out of ten.

The most valuable feature of FortiWeb Web Application Firewall (WAF) that has proven to be the most effective in protecting web applications stems from the fact that the product recently launched a SaaS model, making it a cost-effective solution, which is a major reason why we selected it in our company.

I don't see any issues with the tool apart from the pricing aspect of the product. The price of the product is an area where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for a year. My company is a reseller of the solution.

It is a stable solution.

It is a scalable solution since it offers a SaaS model, which is why we can increase the bandwidth and number of applications in our company.

There are around 1,000 people in a company where our organization has provided FortiWeb Web Application Firewall (WAF).

Considering the IT side of the company, there are no plans to increase the usage of the product in the future.

The solution's technical support is good. Compared to the previous year, Fortinet has taken a lot of steps to improve its support services. The response time of the support services offered by Fortinet is good, especially since the solution launched elite support for users. I rate the technical support an eight out of ten.

I have not used the products offered by Fortinet's competitors, but I know that most of the time, such tools can be available at a cheap price.

My company has a team that is ready to help our customers implement the product.

There is a person in my company who knows about the technical team that takes care of the implementation part. I am a part of the marketing team, so the tool's implementation phase is something I don't know about.

In terms of ROI, the product helps secure applications and due to the security, there is less downtime when it comes to applications. From a security point, the tool uses cross-site scripting.

The licensing cost of the product is pretty high compared to other OEMs in the market.

As a marketing executive, I don't get to see any machine learning capabilities in the product.

My company only deals with solutions from Fortinet.

I recommend the product for pharma companies.

For administration and management of the product, there are two or three people in my company working in the core IT team.

From a marketing perspective, the product has been promoted enough in my region. My company has been promoting the product for the past 12 years.

The product offers information on the internet, and it can provide sufficient knowledge to employees who support the tool.

In terms of interface, the product is easy to use and is mostly connected to its own protocols,like FortiLink.

I rate the solution an eight out of ten.

My company is a Fortinet partner and specializes in FortiWeb. We often compete against cloud-native solutions like Azure Application Gateway WAF. We typically conduct proof-of-concept tests for potential clients. They are usually looking for API protection and bot mitigation, which FortiWeb excels at. We take responsibility for implementing and supporting the solution for our customers.

We also conduct simulation tests and review feedback from colleagues and customers. Customers often seek solutions for bottlenecks, especially regarding machine learning. We can do a detailed review of the WAF services and provide a report for the customer.

If a customer has a website, a firewall alone is not enough. While a firewall can act as an application firewall, it may not be sufficient. If we have a firewall at layer four and layer seven, and the customer needs protection against OWASP Top 10 vulnerabilities or requires IT audits, a web application firewall becomes crucial.

Additionally, if DDoS protection is a concern, it often comes integrated with WAF. For networking, some WAFs can even provide load-balancing functionality.

In my experience, we put my customer's website in monitor mode, not protect mode. So, we initially set up FortiWeb in monitor mode to avoid disruptions to the customer's website.

While in monitor mode, machine learning observed the web application. Once machine learning had enough data to analyze, we discussed unusual traffic patterns with the customer.

FortiWeb identified potential DDoS attacks and suspicious domain activity, showcasing the value of its machine-learning capabilities.

The price could be close to Imperva; Imperva is the number one firewall.

FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that.

I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.

I used it for two years. I started working with it when a client company moved their web application to the cloud (Azure or AWS) and needed protection. We implemented a FortiWeb solution as their WAF.

I have used Check Point for email security.

For security products, from my experience, customers will compare costs if they have been attacked. They may consider insurance. If you provide more protection, the return on investment is the compromise to use the application.

This product offers two pricing options: a standard package and an advanced package. The advanced package includes credential stuffing protection, while the standard package includes automatic application learning, bot mitigation, and web application protection.

If you simply need to protect your website, the standard package is sufficient. However, if you need credential stuffing protection, the advanced package is necessary. This is the key difference between the two packages.

Overall, I would rate the solution an eight out of ten.

I use the solution in my company, as we mostly load some web applications at our data center and use it to ensure that the web pages are properly secured.

Actually, most of the features of the tool are really good, but I would like to emphasize the importance of its machine learning features, as it can be implemented smoothly in Fortinet FortiWeb, and it is very helpful for our company.

Though the reporting is a nice aspect associated with the tool, I feel that it has certain shortcomings and can be made better. The reporting part can provide more information and be more specific.

Fortinet FortiWeb's admin guide could offer more, like, examples or features on how to implement the tool. It can provide information on how a user can make use of it in different usages, and that can help a lot. The admin guide is satisfactory, and it meets our company's needs.

Actually, my company would like it if the product could implement scanning attachments for exchange for assets or exchange needs. The aforementioned area consists of the feature that my company wants to apply, but it is not supported in Fortinet yet. My company needs the product to support us in the aforementioned area, and it can help us a lot by providing a layer of security that can check files and attachments in emails and other stuff, which would be great.

I have been using Fortinet FortiWeb for three years. I am an end user of the solution.

Stability-wise, I rate the solution an eight out of ten.

In terms of stability, it is a good solution that is easy to use and has many features and resources. The support offered by the product is good, especially since the support team responds on time, keeps you informed, and even follows up. Generally, it is a good solution to have and use.

My company has not experienced any downtime while using the product.

In our company, we have not implemented the product on a large scale.

Around 2,000 people per month use the product in our company.

Every single day, the tool is used to host web applications.

If our company needs to implement more hosted web servers, we will use Fortinet FortiWeb, but if not, then it will remain at the current number. Increasing the use of the tool is not my decision, and I just accommodate the needs of the organization.

The solution's technical support is good. When my company faced some problems with the product, I found the solution's support team to be very supportive and helpful. I rate the technical support a nine out of ten.

On a scale of one to ten, where one is difficult and ten is easy, I rate the product's initial setup phase as eight or nine.

The product's initial setup phase was straightforward, and since our company didn't have any problems with it, we didn't encounter many problems with the tool. Maybe our company encountered some problems with the product's setup because we used to use it to set up the servers or stuff, which took time, but now Fortinet FortiWeb handles everything smoothly and easily.

The solution is deployed on an on-premises version.

The solution can be deployed in a week.

If my company did not have Fortinet FortiWeb, then I believe that we would have had to host some of the services in an external data center with extra fees and there we would have had to pay for the web services, but we don't need that anymore because now, we have an on-prem web service that can promote us to be able to host as much as we need of web services.

On a scale of one to ten, where one is zero percent and ten is a hundred percent, I rate the ROI as an eight.

If one is very cheap and ten is very expensive, I rate the product price as three or four. The tool is cost-effective and offers value for money. I didn't mean it was very expensive. The price is fixed, but some features need an extra license.

My company was considering F5, but you actually went for Fortinet FortiWeb after considering the cost aspect.

My company doesn't specifically host e-commerce platforms since we offer mainly government services.

The security part has been satisfactory till now, and we haven't faced any problems yet.

FortiGate FortiWeb's features that have been most effective in mitigating web-based threats are possible because of the signatures. My company doesn't need to enforce a lot of policies or stuff. Fortinet FortiWeb has a lot of internal databases that can help you, and you can use whatever platform you are hosting your web applications through whichever software you use. it can build up a web protection profile that matches your needs, making it a very helpful tool.

Speaking about how machine learning features enhance our security posture, I would say that some aspects of the website are not normally clear for our company, and machine learning helps in such areas. It just traces the normal usage of the web applications along with the websites or links most users visit while also checking which URLs are mostly used, after which the tool differentiates between the normal usage and any abnormalities, based on which it builds the model that can be used to improve the security. Sometimes, a person cannot do things manually and is not sure about all the aspects of our web applications because many are not developers. Machine learning comes into the picture because one may not know all the stuff associated with the product.

A team of four or five people is enough to deploy the tool. Maintaining the tool is actually not a very big task and not many people are required for it.

The integration capabilities of the product with other security tools have benefited our company's security strategy as it sits smoothly in our network. The tool doesn't cause any problems with the integration part.

I would recommend that users use the tool's high availability. With the tool, one box is not enough, so there is a need to have a cluster of two boxes. Users need to measure their needs regarding the logging process and everything else, including processing. Even before starting to use it, we have to set up everything, or you would be confused about how to use the tool in the future, and it would be difficult to figure out how much retention log retention we would need in our company. It is important to set up everything related to the users' needs so that they don't need to change a lot of settings in the future.

I rate the tool an eight out of ten.

We use the solution for web filtering purposes. We use it to allow or block any application.

The most valuable features of the solution are SD-WAN, filtration, web filter, application filter, and IPS. The solution's console is very user-friendly and very easy to manage. The solution has good stability and a user-friendly interface.

It would be good if the solution integrated with other solutions, like SAP.

I have been using FortiWeb Web Application Firewall (WAF) for nine to ten years.

FortiWeb Web Application Firewall is a very stable solution.

I rate the solution’s stability ten out of ten.

Every location with 200 to 300 people has installed the FortiWeb Web Application Firewall.

I rate the solution a nine out of ten for scalability.

Our experience with the solution's technical support has been good. We promptly get support from the technical support team.

The solution’s initial setup is easy and can be done in a few hours.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine or ten out of ten.

I would recommend FortiWeb Web Application Firewall to other users because it is a good product.

Overall, I rate the solution a nine out of ten.

We use FortiWeb to protect our web applications, including web servers, websites, and mobile apps – especially mobile payment apps. As an integrator, we also sell FortiWeb to our clients.

It is mainly for banking and NCS sector clients, but we also have others like universities and industrial companies.

After configuring security profiles and policies in FortiWeb, it does its best to block all web attacks, including SQL injections and other types of attacks. While I don't have the interface in front of me to provide exact details, FortiWeb is highly effective in this regard.

Most of our clients use reverse proxy mode. In this mode, FortiWeb acts as a reverse proxy, preventing attackers from directly connecting to the server or web server. All traffic passes through FortiWeb, allowing us to inspect everything.

The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead.

Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb.

Machine learning capabilities in FortiWeb:

I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.

Maybe the load balancing options could be enhanced. FortiWeb provides very good protection for web applications, web servers, and mobile apps, but the load-balancing capabilities and mechanisms are not as well-developed as those of other products like F5.

Currently, we need to purchase another solution, like FortiADC, for load balancing. It would be better if the load balancing features were more integrated and advanced within FortiWeb itself so it could handle both load balancing and web application firewall functions.

I have been using it for four years.

It's stable. We haven't had any issues, except for maybe some hardware problems with the hard disk. But the Fortinet team and their advanced support team were great. We received a new firewall in less than a week. It was just a logistical issue.

That's the best thing about working with Fortinet's support. If there's a hardware issue or failure, we can contact them directly, they open a ticket, and send a new device. Then they check if the issue was due to human error or a hardware problem.

I would rate the scalability a ten out of ten. We passed this test with one of our clients. They initially had the FortiWeb VM01, which is the fifth model of virtual machines. As the number of servers and applications behind FortiWeb grew, they needed to upgrade their license. We were able to easily upgrade the license and adjust the virtual machine specs like CPU and memory.

It's scalable without any issues. This applies to virtual machines but not necessarily to hardware appliances.

It is suitable for all types of businesses, including small, medium, or enterprise. The difference between SMBs and large enterprises is the type of license or model, such as hardware. For example, we have a bank client using FortiWeb-1000B, a cluster of two FortiWeb hardware appliances. Another client, a university in Tunisia, started with the minimum GB1 or GB0 license and upgraded to GB8.

We also have a smaller client with around 30 users and five applications, and they use FortiWeb without any issues. FortiWeb is especially needed for clients working with specific sectors like banks, mobile-payment apps and insurance companies, as they often need to comply with PCI DSS and other standards.

I've been working with the Fortinet team for over five years, so I know how to contact them directly and ask the right questions.

There's F5, and also Radware. FortiWeb performs the same functions as F5, Cloudflare (which is cloud-based), and other products.

But, some of these other products are more developed, especially in terms of load-balancing services. But they all do the same basic functions. F5 and FortiWeb have similar features. FortiWeb is not as expensive as F5 and other products.

The security features, like SSL offloading, are the same. There's no latency in accessing our web apps with or without the WAF. The difference lies in the security of our web and mobile apps. There's no latency, so it's the same.

The deployment is easy, maybe because I'm familiar with Fortinet products and their deployment, whether it's hardware or virtual machines. Most of our clients are also familiar with Fortinet products and find the FortiWeb interface to be user-friendly, as it's similar to other Fortinet products like FortiGate and FortiAnalyzer.

There might be some technical aspects to the interface, but overall it's easy to use. For example, network settings are under "Network," system settings are under "System," and so on. It's consistent across all Fortinet products.

Integration with other products:

Most of our clients use Fortinet products like FortiGate firewalls, but there's no problem deploying FortiWeb with other products like Cisco or others. On the firewall, we create a virtual IP to pass traffic to FortiWeb, and then configure the virtual server and other settings on FortiWeb. FortiWeb also gives us the option to allow synchronization with SIEMs like QRadar and ArcSight.

So it can integrate with third-party tools. We can use any SIEM solution, like FortiSIEM or LogRhythm. We just need to configure the Syslog option on FortiWeb to forward logs to our SIEM server.

I work as a FortiWeb integrator.

It's not cheap, but it's not expensive either. It depends on the features you need and whether you choose hardware or a virtual machine.

I would rate the pricing a five out of ten, where one is high, and ten is low

As an integrator, I recommend FortiWeb to our clients and all other clients.

Overall, I would rate it an eight out of ten.

We have websites that clients access from the internet, so we use it to protect these websites and to load balance between the backend servers.

We have FortiGate firewalls with IPS sensors and so on.

The WAF profiles has been most effective at mitigating web-based threats – probably something standardized, but again, we haven't tested it on heavily used websites. The websites that we use it for so far are just average websites. It can likely protect from some requests like bots and stuff like that.

The AI/ML-based detection in FortiWeb has enhanced our web security posture to some extent. It's good with general stuff. Again, it's not specialized. So, standard WAF threats, like bots, it can detect those faster. It's good for the average website, average requests, and the average security setup. But we have other malicious requests that are probably outside the typical OWASP threats – they're specialized for our organization.

For example, if you have the FIX protocol, the financial protocol... if attackers can get into it with a targeted client ID... these threats aren't in the standard OWASP list because they're not general attacks that everybody faces. They're very specific. Now, many companies use the FIX protocol on private circuits, so they're protected outside of breach attempts. But, believe it or not, we have FIX open on the public internet for some websites, and those need protection. They need something outside the WAF that FortiWeb doesn't have. You can try to apply the WAF, and it might catch a threat if it originated from a bot. But if somebody is malicious enough to go under the bot detection radar, they could still process it.

So, for known threats, like bots, the detection is good. For APIs, it's also good because it can detect anomalies with standard API attacks. Again, these are mostly average, non-targeted attacks.

If an attacker specifically targets your organization, understands your protocols and business model... the standard protection is good because it detects things that aren't coming from a browser – it recognizes that it's not normal user activity or anomalies on your website. That's beneficial.

Most bot-generated attacks don't come from a browser. I did notice that it can detect when the request is not coming from a browser – it recognizes that it's not normal user activity on your website. It can detect anomalies publicly, which is good.

So, what would be good is this: put FortiWeb in front as the first line of defense. It can take care of a lot of the average user traffic and filter it out. You can keep that for your average applications, but when you have specialized applications behind that, then we need specialized protection for those applications – whether it's F5 or something else.

I like the integration with our existing Fortinet infrastructure. It's easy to integrate, and it's easy to make policy-driven. That's the feature I like – usability, simplicity, and ease of use.

I'd like more customization. I'm not sure if everyone would agree, as it might add complexity. But for advanced users, it would be really useful to have access and the ability to manipulate packets.

If we can access and manipulate the contents of packets, even encrypted packets... that would be powerful. Since we're looking at packets arriving at our network, we would have the private key to access those packets and their information.

For example, I have an encrypted packet, and I have the private key for the certificate provided in that client. If I could tell FortiWeb, "After the packet is decrypted, if you see this thing, do that thing," that would be beneficial for advanced users.

It would open up the possibilities for load balancing and specialized protection that we need but might be outside of the standard feature set.

Maybe we need to manipulate a variable with a specific name that's only relevant to our security needs. That customization would be very beneficial.

I have been using it for a year now. We use Fortinet solution – firewall, then FortiWeb, and all that. We have versions six and seven deployed since we're a global company with many different sites.

In my experience, it's mostly stable. But, when new versions come out, we've found issues. It seems like new versions fix some problems from older releases, but they also introduce new issues that we have to discover later. So, I'm not a big fan of always going to the latest and greatest version, particularly with Fortinet, since this might be a newer product area for them.

I need to be very careful with availability and reliability when upgrading versions. In comparison to vendors who have been in the business longer – like AWS WAF, or even desktop solutions with more experience – those tend to be more stable. They've been around longer, they've seen more issues, and they've fixed them.

So, FortiWeb's stability is a bit… it depends on how you use it. Let me put it that way. If you want to use something more advanced, be prepared for potential issues.

I would rate the stability a five out of ten because we've encountered a few issues that weren't great. We only discovered later that they were bugs in the system that would get fixed in future updates. So, Fortinet needs to work on that in my opinion. There wasn't the level of thoroughness I would have expected.

It's not very scalable. I would put it on the low end of the scale. But again, that's my opinion because I work with a different business model where we use more advanced products – not just F5, but others as well.

F5 is the main comparison point for FortiWeb. We also use other protection solutions, and those are more scalable. So, I would rate FortiWeb's scalability as low. However, that might be an advantage for some people. If you have an average model and are protecting an average website, that's exactly what you need. You don't want a product with so many features that someone could accidentally misconfigure it and bring everything down.

In that scenario, it could take hours to get it back online, and there would be significant financial losses.

So, overall, I would rate the scalability a four out of ten. We have five endpoints for this solution in our company.

The customer service and support are very good. They're responsive.

We switched from Check Point to FortiWeb. There were two main reasons behind it:

1. FortiNet offers more options when compared to Check Point.
2. Also, support is cheaper. Like support-wise, it's significantly cheaper to get support from Fortinet.

Those were the main reasons.

We actually considered Palo Alto. I have lots of experience with Palo Alto, but we ended up not going with them because it's more expensive. The expense is not just in terms of support, but also the hardware itself. Check Point is more expensive in terms of support.

Fortinet wins in terms of lower cost, both for support and comparable hardware. And they have more options – a broader product line. It seems like Fortinet is trying to cover everything in the network. Check Point specifically focuses on firewalls.

Palo Alto offers broader security coverage than Check Point, but not as much as FortiNet, and they're the most expensive option. So, Check Point is just a standard firewall company – not flexible and very expensive for support.

We're still evaluating FortiWeb. In my opinion, it's a good solution for simple websites that you can set up and then mostly leave alone.

If it's an average website without advanced features or one that won't be developed into something more complex, then FortiWeb fits well. This simplicity could be an advantage for some users. I try not to rate things as simply good or bad – it depends on how you use them. It's a good product, especially since we have a lot to handle. If I have an average website, the last thing I want is someone making a wrong configuration change or an application update crashing everything. That would waste our department's time and money to troubleshoot.

FortiWeb is actually ideal if I have a small website with basic features – a place where people can go to read, post text, and maybe make simple purchases.

I would set it up and then mostly forget about it. It's great when it gives you no headaches and works reliably. It's like using the right vehicle for the job. You don't want a huge truck to go grocery shopping. You need a small, efficient car. But if you're in the moving business, a truck is what you want. So again, it's a tool for its purpose. I don't see it as good or bad, but rather if it's good for this specific thing. I do see scalability as a limitation, but it's scalable for its intended use. It's a great tool for what it's designed to do.

We might use it more in the future, likely as a result of more website development, not driven by our IT plans. Our websites might evolve as the market does. I'd put FortiWeb on our standard user sites. I'm happy with that. But if we need specialized features, then we'll need a specialized solution. That's just my opinion.

Ultimately, how FortiWeb evolves depends on business needs and justification. If something new and big comes along in the market – something that needs to move huge amounts of data – we might need different tools. Or, if the market just demands short video clips, then maybe FortiWeb is fine.

There are limited options with FortiWeb, and there's not much you can configure incorrectly. So it's easier in that sense – you go next, next, next, and it works.

So, the initial setup was pretty easy. I would rate my experience with the initial setup an eight out of ten, with ten being easy to set it up. That's really what I like about it.

In my understanding, I'd position FortiWeb as a first line of defense, a tier-one solution. It would remove all the known attacks easily. I set it up once, and it handles probably 80% to 90%of undesirable traffic. But then, for the remaining ten percent, where specialized attacks require more tailored protection, I'd need a second line of defense – something more specialized.

It passed all the standard attacks; now I need to detect those malicious actors who are deliberately trying to stay under the radar of published detection mechanisms.

That's something FortiWeb could improve upon for advanced users. And it's really about advanced features for specialized applications or specific business models. It's for those companies where they need deeper protection.

I didn't deploy it myself. We received a solution where our firewall was changed, and FortiWeb was included. We migrated policies, so our situation was different. However, something like this could be deployed over a weekend. If you have a Fortinet firewall and want to add FortiWeb for protection, it's likely a weekend project. That's just my opinion.

I don't think this solution needs dedicated maintenance. But with any product like this, you need someone to monitor it. It depends on your company's model. If you're a 24/7 operation, you probably need 24/7 support.

From a technical perspective, it's been reliable for average applications and doesn't consume a lot of our time for management.

The support is handled by Fortinet, so our administrative overhead is low, which seems like an acceptable return.

The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features, but it might get more expensive in the future. Also, keep in mind that Check Point's support contracts are particularly expensive.

In general, there is additional cost for support. But Fortinet support is generally cheaper than Check Point support. Palo Alto is even more expensive. This information is publicly available – you can compare comparable hardware and support contracts on their websites.

Check Point tends to be the most expensive. This is just general information, and my understanding might not be perfectly accurate.

We also use F5. What happened is that we used Check Point as well. So when we replaced Check Point, we were offered this product with FortiWeb. So, we use it for some websites, but we have another solution we use for web applications. We want to test how FortiWeb works before potentially replacing F5. That's the advantage. We offered to use it with that POC first, and then we rolled it to a few of our websites since we have many different websites in the organization.

In my personal experience, F5 gives us more flexibility to do whatever we want. Fortinet FortiWeb is very restricted. We have templates and some profiles, but there's limited customization.

F5 is a more open platform. You can customize how you want to handle requests and what you want the device to do. FortiWeb is an easy solution to implement; F5 is not as easy.

I find F5 easy because I've been working with it for a long time. If you're a newcomer without experience, it would be easier for you to get FortiWeb working than F5, definitely. There are limited options with FortiWeb, and there's not much you can configure incorrectly. So it's easier in that sense – you go next, next, next, and it works.

To summarize my personal opinion, I see FortiWeb as targeting people who don't want to spend a lot of time configuring or customizing. If you need something quick and not very customizable, FortiWeb is an option. You don't need people with lots of experience with it because there aren't many choices. It seems, and this is again my personal opinion, that the people who designed FortiWeb are the same people who designed their firewall, which makes sense.

With the Fortinet NG firewall, you have a GUI to allow traffic from point A to point B – anyone can do this from the get-go. It's the same concept with FortiWeb, but it's very limited in what you can do. It's restricted, so it's ideal for somebody who just has a classic website without many options and they have average clients accessing it from the Internet. You don't have many options to make a mistake. But for our organization, and others with in-house developed products, you need something more flexible.

Fortinet won't cut it if you need people to come in and log in to trade stocks or exchange data using custom-built clients. You want to restrict and control these things. You have to go with something like F5 because it gives you that flexibility. With F5, you can capture a packet and rewrite it – it's programmable. You cannot do that with Fortinet.

Another limitation is with load balancing. FortiWeb gives you limited options, good for someone who has three or four servers and wants to load balance between them. F5 has a plethora of load-balancing algorithms, plus you can create your own.

To give examples, we have applications with a set of servers in different sites. We use geolocation, but also user behavior. Based on where the user is coming from and what they do on the site, we direct them to different servers. Fortinet FortiWeb doesn't have that flexibility, F5 does. Those are the main differences from my perspective.

So, FortiWeb is good for somebody who wants something to turn on, doesn't have a lot of experience, and just needs to protect a couple of servers behind a load balancer. If something goes wrong, troubleshooting is easier, and you can raise a ticket with Fortinet. With F5, you need to go deeper into troubleshooting code if you have complex configurations.

FortiWeb is good for classic websites. We do use it for situations like a couple of servers, or three or four servers – even seven in certain data centers – where we need to load balance between them, protect them, and have web access from the internet for public access. Your average users and average requests, it works fine. You turn it on, you don't touch it, and it works fine. But if we want something with a lot of products that we develop in-house, you can't do all these things. You need different load balancing algorithms because of specific use cases.

For example: We also have users uploading a lot of data. We can't just put them with many other users because they cause congestion. So, we need to load balance them – when they do normal requests, send them to the regular servers, but when they do bulk data transfers, we want to send them elsewhere. We need to do this, and these requests come from the same users on the same webpage, but they're clicking a different button. So we need to intercept that and say, "Oh, now the user wants to do this, let's send them there."

I can't give general advice because I work with medium to large-scale organizations – my perspective is different from someone who uses a few servers in a data center. So, my advice for larger companies is that you need to have a very clear analysis of your specific needs. Each configuration option can make or break your business at that scale.

In my opinion, FortiWeb would be a good fit for load balancing between three or four servers in a single physical data center location. And if you primarily want protection from standard, known web threats – OWASP type of stuff. If you have an application in one place and don't need to do specialized manipulation of requests to the website, then it's a good solution.

Overall, I would rate the solution a five out of ten because it lacks advanced options and isn't very scalable. It seems suitable for average websites – that's my personal opinion.

The tool is a valuable web application that protects our internal mobile money application. It enforces policies, ensuring secure access for users connecting to the application. It complies with PCI DSS, safeguarding financial transactions and contributing to our revenue. The solution effectively addresses malware threats.

The tool secures our critical applications, especially the mobile money application, which is often targeted by attacks. The solution provides rapid protection and has proven reliable against various threats. It blocks malicious traffic, including dormant and DDoS attacks, and offers integrated Web Application Firewall features to safeguard against compromises.

You can set it up for customer-facing web applications because customers don't necessarily know all the IP addresses. It uses a source-based approach where any source accessing the application is defined by its IP. When accessing the application, it checks if they are using HTTP or HTTPS and blocks them if necessary.

The tool's performance and security reporting capabilities contribute positively to IT security management. Consolidating management within the solution makes it easier for IT to handle the solutions. All functionalities managed on a single box reduce the number of boxes needed for management.

We have encountered issues with webhooks and management of FortiWeb Web Application Firewall's on-premise version.

I have been using the product for three years.

You may encounter problems if you don't have FortiAnalyzer.

My company has 11,000 users.

We've encountered several issues before, like the web and firmware's lack of responsiveness for 50 minutes. The Firewall, FortiWeb Manager firmware, and firmware updates must sync properly. We've addressed this, and our partners have helped resolve these issues.

I tried to work with Cisco, but it wasn't working well.

FortiWeb Web Application Firewall's deployment is not complex. The setup involves connecting the switch and the firewall. Our main task is to redirect all traffic from the application to the website. The overall process can be completed in two weeks. Maintaining it isn't challenging, but the issue arises when the firmware becomes outdated; you must check and update it.

FortiWeb Web Application Firewall helped us with the deployment.

I rate the overall solution a nine out of ten.

I use the solution for some of my company's clients who want to protect their websites from malware and adware attacks.

From a benefit perspective, FortiWeb Web Application Firewall (WAF) protects the customers’ websites, which are used to communicate with the audience or clients.

I am not sure about what I like in the solution because I think most of the customers ask for the product whenever they want a WAF tool for any of their projects. After our company had a discussion with one of our local teams, we sold it by providing the features of the FortiWeb Web Application Firewall (WAF) that our customers like, as we mostly follow the customer requirements. Our company sells FortiWeb Web Application Firewall (WAF) if it meets our customers' requirements.

To deal with zero-day attacks, FortiWeb Web Application Firewall (WAF) needs to expand and update its database since it is one of the areas where the tool currently lacks. In short, FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database.

In FortiWeb Web Application Firewall (WAF), there is a substantial amount of improvement required in the scalability area.

I have been using FortiWeb Web Application Firewall (WAF) for less than a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a five out of ten.

My company only has two customers who use FortiWeb Web Application Firewall (WAF). My company wants to sell the tool to medium and large-sized businesses with 500 or more users.

The solution is deployed on an on-premises model.

Sometimes, the product's deployment takes over one or two days because customers need to check their requirements and then may want some features. In general, it takes a minimum of two or three days to deploy the product.

Compared to the other products in the market, FortiWeb Web Application Firewall (WAF) is a reasonably priced product, but sometimes people may consider it a bit expensive. I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price.

The product is easy to configure.

I have a separate team of three engineers in the company to manage FortiWeb Web Application Firewall (WAF).

Based on my experience and the comments from our company's customers who use the solution, I can say that FortiWeb Web Application Firewall (WAF) is a good product. Our company's customers who use the solution like it since they have been using it for about a year without any bad opinions or comments about it.

Feature-wise, FortiWeb Web Application Firewall (WAF) needs to add more functionalities. Some of the customers who use it want it to have more features, but we cannot find any in the tool presently. I can say what kind of features are required right now in the product. One customer who may want 20 features in the tool may get only 15 features that comply with the customer's requirements.

I rate the overall tool a six out of ten.

My main use case is for security and routing.

It is good for web tracking applications.

There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.

I've been using it for a long time. It has been more than three years now.

Stability is guaranteed stability. I'm okay with stability. I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

I am okay with the support. The support's subscription is high.

pfSense is open-source and free, while FortiWeb is subscription-based. Both are manageable, but FortiWeb's features scale up connections per second, depending on the payment plan.

I would rate my experience with the initial setup a nine out of ten, where one is difficult, and ten is easy.

It took us two days to set up.

I deployed it myself. I just got a reference from the old system, and I configured it.

I would rate the pricing a seven out of ten, where one is cheap and ten is expensive.

Overall, I would rate it a solid eight out of ten.