I initially deployed it for my company, but now I administrate it for a client.

We use it to secure VMs and applications in Azure. It protects against DDoS attacks.

It's very user-friendly.

There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support.

In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.

I have been using it for three months now.

It is a stable solution.

It is a scalable product.

For some initial issues. It's good, but not during the first year. FortiWeb could improve response time and first-level support clarity.

The first implementation with an expert took two hours. My solo attempt took three weeks.

Take time to test it thoroughly. Consider buying an existing solution if needed.

Overall, I would rate the solution an eight out of ten.

We use the solution for securing the Internet-facing servers where you can do the load balancing with the web appliance.

FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.

I have been using FortiWeb as a partner for two years. We are using V7.2 of the solution.

Fortinet has many issues, like the zero-day attacks. Certain critical work vulnerabilities need to be immediately upgraded as an enterprise. You cannot initiate the upgrade anytime because it affects production. Usually, we schedule the upgrade. We do the configuration and scheduling of the updates. Fortinet is a 24/7 company that can release updates any time, regardless of the day of the week. FortiWeb WAF is a security solution that can be updated at any time, irrespective of the day of the week.

The solution is scalable.

On two recent occasions, I experienced delays in resolving technical issues with Fortiweb WAF, particularly when configuring explicit proxies on FortiGate firewalls. As a Fortinet partner, I was disappointed that our dedicated support channel was unavailable and that I could not obtain licenses or hardware assistance despite escalating to the country manager. Additionally, the technical support response times in the Middle East region have been inconsistent, with some areas providing excellent support while others have been unresponsive. This inconsistency has been particularly frustrating when dealing with urgent issues at remote sites. Overall, the support experience for Fortiweb WAF has been inconsistent and frustrating, particularly for Fortinet partners.

I have used Kemp before, but I also dislike the FortiWeb. I'm trying to move to F5 because F5 is very good.

FortiWeb comes with an IP address. You need to log into the web console, and you can do it with the CLI using the console cable. You have to go in; it will initially give you a setup wizard and configure the hostname, interfaces, etc. The setup is relatively easy, but when it comes to advanced deployments. Kemp is a relatively affordable and capable solution. Fortiweb WAF offered all the features, making Kemp less appealing for enterprise-level applications. Kemp is suitable for smaller or regional websites, but it may not be as robust for global deployments.

Additionally, I could not locate the virtual domain feature in Fortiweb WAF. This feature would allow me to assign different domain names to a single website based on the user's location. Fortiweb WAF presented EDS as a workaround, but the process was overly complex and inconvenient.

Firstly, expect load balancing and a web application firewall for the same product Fortinet is offering. Start by booting up the device and use FortiWeb to connect the file by application firewall. There's a default IP address without any password. You log in, and then it shows your initial setup wizard. The wizard helps you set up the host names, Fortinet account, FortiCloud account, etc. After that, you start setting up your physical servers; then you give a virtual server, which will be a point. In a network with a firewall and port forwarding, the FortiWeb WAF device can act as a load balancer and a security gateway. It can receive traffic from the firewall, decrypt SSL/TLS traffic, inspect traffic for layer seven vulnerabilities, and then forward traffic to the appropriate internal server based on load-balancing algorithms and application-specific information provided by the servers. The FortiWeb WAF can monitor server health and performance and automatically switch traffic away from unhealthy servers.

Deployment depends on how much complexity you want to add to the product. If the customer requirement is easy, you may deploy it in one day. For example, I was working on a project with around 16 servers. Each server has a different data source; one server gives the back end, whereas the other provides the front end. That was a complex deployment. It will take around four to five days to deploy if you want to go deeper into it.

We have achieved 70% ROI.

FortiWeb is expensive. F5 is also very expensive, but it is value for money.

The solution’s maintenance and UI are easy, but some features are hidden. Their quality assurance needs to work. We used to have the upgrades and patches every month or 15 days, but now they are coming every week too. We have vulnerability.

The product needs to get more mature.

Overall, I rate the solution a six out of ten.

We use FortiWeb for protecting web applications.

The product has a very user-friendly dashboard.

The software's support services could be better compared to Sophos.

The product's scalability could be better compared to Sophos.

It is challenging to communicate with the FortiWeb's support team.

We use Sophos as well.

FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.

The product is expensive. I rate the pricing a ten out of ten.

I rate FortiWeb a five out of ten.

The product has some unique features. The machine learning feature reduces the false positives. The tool detects zero-day attacks. It has an in-built antivirus, which most WAF tools do not have.

Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.

I have been using the solution for almost six years.

The technical support is fine. The support team gives delayed responses if there is a complex issue.

I have worked with F5 Advanced WAF. It is a robust product and is suitable for complex environments. It is flexible. However, it depends on other solutions for inbuilt security and packet inspection.

The initial setup is easy. It requires less intervention.

I recommend the product to others. Overall, I rate the solution an eight out of ten.

The tool's HTTP traffic, website fixing, and blocking are fantastic. It is user-friendly with easy configuration.

FortiWeb Web Application Firewall needs to improve its performance.

FortiWeb Web Application Firewall is scalable.

The tool's tech support is good.

The tool's installation is straightforward.

FortiWeb Web Application Firewall is not expensive.

I rate the solution an eight out of ten.

I have a multi-cloud environment. I have a production workload in Nigeria, with some data centers in Continental Europe and in the East US in multiple regions.

We have two different public clouds, AWS and Azure. Because of how Fortinet works, we connect to our customers via a remote access VPN.

The fact that I can log into the platform and see everybody, see logs, authentication failure, and see everything on one platform, is the most valuable feature.

Emails can be configured, and text messages can be sent via the mobile app.

It is a cheap solution.

The user interface can be improved. Also, there are authentication failures that need improvement in the next release.

The technical support team is bad.

I would rate the overall solution a eight out of ten due to the support and user interface issues.

We use the solution for the office in Oracle.

Fortinet FortiWeb is priced well.

The product’s stability could be improved.

I have been using Fortinet FortiWeb for one year. We are using the latest version of the solution.

The product’s stability is normal. I rate it six out of ten.

The solution is scalable.

The initial setup depends on technical knowledge.

The solution is cheaper compared with other solutions. It has a yearly license.

Overall, I rate the solution a seven out of ten.

We use FortiWeb Web Application Firewall for security features while working in the financial area.

The product has good integration features.

The product's integration with Cisco needs improvement.

I have been using FortiWeb Web Application Firewall for 30 years.

The platform's stability is good, with good assessment and low-level design.

FortiWeb Web Application Firewall's scalability is good.

I have used Palo Alto and Check Point before.

The product is complicated to set up. The deployment time depends on the customer. Some customers have a deployment time of six to seven months, while others have a deployment time of two months. The process involves an assessment for a month, then a low-level design for another month.

FortiWeb has a good presence because of its price.

We are integrators with all the product certifications. We have a good team. We prefer assessment and low-level design before starting with the project.

I rate FortiWeb Web Application Firewall an eight out of ten.

In my company, we use FortiWeb Web Application Firewall (WAF) for security.

FortiWeb is a small tool that can be used by those of our customers who use Fortinet FortiGate as their firewall. I will use Barracuda Email Protection for any customer who uses a firewall from a solution provider other than Fortinet FortiGate.

The product lacks features offered by enterprise-level firewall tools. The solution needs to offer more enterprise features like other brands.

It would be great if FortiWeb Web Application Firewall (WAF) had something like a wizard to allow for more integrations with other popular firewall products like Fortinet, Palo Alto, and so on.

I have been using FortiWeb Web Application Firewall (WAF) for three years. I use the solution's latest version.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight out of ten.

There are 2,000 users of the solution in my company.

The solution's technical support was helpful and responsive. I rate the technical support an eight out of ten.

I have previously used SonicWall.

The initial setup was easy since it was possible to get remote support for the product.

The solution is deployed on-premises.

It is a cost-effective product. If you need an extra module in the product, there will be an extra cost in addition to the licensing fee.

There are five engineers needed for the maintenance of the solution.

If there is a requirement and one is already using a firewall from Fortinet, then it is easier to deploy FortiWeb Web Application Firewall (WAF). Overall, I rate the solution an eight out of ten.

In most cases, the customer uses WAF to protect web applications.

The machine learning on FortiWeb WAF is valuable. It is useful for new customers because it provides new signatures, and machine learning, which can help provide new information to customers about their websites.

WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks. I hope the next release includes integration with the vulnerability scanner, a great feature of FortiWeb. If customers have vulnerability scanners, they can export the scan's result and post it to FortiWeb to patch completely.

I have been working with FortiWeb WAF for four years. We are working with the latest version.

The solution is stable.

The solution is not scalable. If you are running medium-sized hardware, you must upgrade and purchase new hardware. Fortinet has an issue with scalability at this point.

I have received fantastic support.

The initial setup and config are a piece of cake. The steps followed during deployment depend on the customer since not all customers have the same deployment phases. We guide deployment depending on the customer's needs. Most of the time I have deployed FortiWeb, it took one month. We needed to boot up vulnerability and configure security controls on each website. After that, the administrator on the customer's side will continue working with FortiWeb.

Maintenance is easy because WAF has a powerful view of logs.

Fortinet has a single license, and it's easy to deploy the license and doesn't take time to retrieve it. WAF is just plug-and-play, unlike other vendors. WAF wins this point. FortiWeb WAF is priced well for customers compared to other vendors' solutions.

I also work with F5 Networks. The comparison is a little bit complicated. Depending on the customer's needs, we do not recommend deploying F5 in a small environment. F5 needs a lot of administrators and an IT department. On the other hand, Fortinet will be better in this situation. We need a few people to support WAF. Otherwise, both vendors are perfect.

If you plan to deploy FortiWeb, you must have the right device to achieve high availability. I rate FortiWeb WAF a ten out of ten.