Fortinet FortiWeb is very good as a web application solution. I have been working with Fortinet FortiWeb since 2020.

When using Fortinet FortiWeb, it will not leak your real IP address. Your HTTP, HTTPS, and IMT file will be secured, and the signature should be upgraded. A VIP IP address is required. That IP will be translated to Fortinet FortiWeb. When the user browses the website, it will reach Fortinet FortiWeb only, not reaching the server directly.

Fortinet FortiWeb enhances web security with its effective features that handle inbound and outbound traffic.

There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firmware versions and releasing them before checking, which leads to many bugs in these versions.

The reason for not giving Fortinet FortiWeb an eight is because every 45 to 60 days, they are releasing a patch. Without checking these patches, users face many issues, which are called bugs, and some policies will not work.

I have been working with Fortinet FortiWeb since 2020.

Deploying Fortinet FortiWeb is not difficult. If you install the VM, it uses the same console. If you install on-premise, it also uses the same console. It depends on where the web server machine is available. If it is in the cloud, we need to use VM devices. If it is on-premises, we use on-premise devices.

Regarding stability, I would rate Fortinet FortiWeb a seven out of ten.

Regarding scalability, I would rate Fortinet FortiWeb a 4.5 out of ten.

Fortinet provides very good support and services for everyone regarding future updates of Fortinet FortiWeb.

I did not work with Cortex Xpanse and Cortex XCM solutions. A different cybersecurity team in our parent company handles those solutions.

If the customer provides the proper information, I can complete everything regarding installation, setup, and configuration of Fortinet FortiWeb within three hours.

I perform maintenance for Fortinet FortiWeb for my customers and help them troubleshoot. I am the person involved in the maintenance of Fortinet FortiWeb.

The pricing for Fortinet FortiWeb varies with different models having different prices. It depends on the requirement. For VM machines, the price increases based on CPU configurations of 2, 4, or 8 CPUs.

Compared to other vendors, Fortinet FortiWeb has competitive pricing in the market. For partners, pricing depends on partnership level, such as Gold or Silver.

I would recommend Fortinet FortiWeb to organizations specifically for two or three servers. For larger environments with more than 100 servers, I would recommend F5 BIG-IP.

I have not utilized Fortinet FortiWeb's machine learning capabilities, as I only perform configuration based on customer requirements.

The compliance version of Fortinet FortiWeb has firmware version stability issues.

Fortinet FortiWeb offers three solutions: on-premises and VM solutions.

My overall rating for Fortinet FortiWeb is six out of ten.

The primary use case involves using FortiWeb to protect web servers from various malicious activities by integrating it into a firewall with features like URL filtering and application control. Additionally, it was deployed to meet the requirements of PCI DSS.

FortiWeb has been helpful in securing our web servers effectively. Fortinet FortiWeb is reliable, providing seamless protection and peace of mind regarding the security of our web applications.

FortiWeb has antivirus, web filtering, and application control features. Being part of the next-generation firewall, it's highly effective in ensuring security. The capability to protect from malicious activities is significant, alongside other features like application control.

I cannot provide feedback on what needs improvement as I haven't used other solutions to compare it against and therefore cannot identify any areas lacking in FortiWeb. Overall, FortiWeb is reliable.

It's been a year since I last used FortiWeb, while I previously configured and used it actively.

FortiWeb is reliable in terms of stability. There haven't been specific downtimes or technical issues with FortiWeb.

We haven’t encountered issues necessitating contact with customer service for FortiWeb, implying stable support from Fortinet.

I have no experience with other solutions.

The initial setup depends on familiarity with the product. It's manageable with the right expertise. In cases of a simple application, setting up could be achieved in as little as one day.

I can't determine the exact cost of licensing as it was part of a bundle that offered multiple features and licenses.

I have no experience with other solutions.

I must emphasize the reliability.

I'd rate the solution seven out of ten.

The solution's most valuable feature is its security profile.

The solution could improve its ease of use and add more advanced WAF features in future releases.

I have been working with the product for more than five years.

I've worked with both F5 and Fortinet and find F5 to be much better. F5 is easier to implement, more compatible with applications, and more robust and stable. Regarding securing applications behind the WAF, F5 generally provides better security.

The solution's implementation is not complex and depends on the number and complexity of customers' applications.

Fortinet FortiWeb's pricing is reasonable. Its licensing costs are yearly.

The product has been in the WAF business for a long time. Its maturity cannot be compared to other alternatives. Based on my experience with Fortinet FortiWeb, I'd recommend it in specific cases, especially if you have a limited budget. It can meet basic requirements. However, other vendors have better features and support. I rate the overall product a six out of ten.

We use it for all our hosted web applications, so they are routed via FortiWave and Fortinet. We use both the network firewall and the application firewall. The whole infrastructure and everything else are protected. Fortinet protects the web infrastructure.

There are very few specific things that are not present in cloud-native firewalls, like Azure Firewall or AWS Firewall. They lack many features, such as the ability to handle paths in requests larger than eight KB. For example, if you upload a document or the page size exceeds eight KB, you might face issues with AWS and other cloud-native firewalls. FortiWeb can handle requests of up to 10MB, providing this capability. It also has a very user-friendly UI. Even someone new to FortiWeb or any firewall system, with the right contextual knowledge, can configure it effectively. The support and documentation provided by Fortinet are generally sufficient for any team to manage infrastructure using Fortinet and FortiWeb.

Native cloud firewalls, like AWS WAF or Azure Firewall, have limitations compared to next-generation firewalls like Fortinet FortiWeb or other solutions. While AWS and Azure have security features, they are often tailored to their specific technologies and may lack some advanced capabilities in next-generation firewalls. This is why we sometimes opt for solutions like Fortinet, even in a cloud environment.

Fortinet FortiWeb has strengths, but there is room for improvement. For example, its threat intelligence capabilities may not be as advanced as some competitors. While Fortinet excels in many areas, it could enhance its advanced intelligence features. However, in terms of configuration, maintenance, and securing infrastructure, Fortinet remains a strong option.

I have been using Fortinet FortiWeb as a partner for five to five years.

I rate the solution’s stability a seven out of ten.

It is suitable for enterprises.

I rate the solution’s scalability as seven or eight out of ten.

We have a procurement team and a support engagement team that is helping us with issues. They are maintaining the SLA and all those things.

Deployment can be straightforward, like spinning up EC2 instances or Azure VMs with Fortinet, which can be a one-click process. The complexity arises from configuring Fortinet within your specific ecosystem. The configuration depends on the size and nature of your infrastructure, including the number of machines and appliances and the types of systems you are protecting, such as APIs, normal instances, or mobile applications. While deploying Fortinet itself might be quick, configuring it to fit your environment and security needs takes additional time and effort.

Many other companies offer similar capabilities. We also use other solutions, but Fortinet FortiWeb has strong bot capabilities for threat protection and excellent geo-restriction features. It also handles malicious IP prevention and is easy to use. Our experience has been positive. We’ve only enabled the algorithms provided by FortiWeb and haven’t customized the configuration beyond what FortiWeb offers. The existing rules and features for FortiWeb are good.

If you need a next-generation firewall to meet industry and security demands, relying solely on native cloud firewalls like Azure Firewall, AWS Firewall, or Google Cloud Firewall may not be sufficient. These native firewalls often lack the advanced features to protect against various threats. It is advisable to consider solutions like Fortinet FortiWeb or Cloudflare to ensure robust protection.

It's a trade-off between price and the service you receive. If you're paying less for a solution that provides good services compared to a competitor where you might pay more for similar support and features, then Fortinet could be a viable option. It might be better if another solution, like Cloudflare, offers better value across multiple aspects such as service, cost, and support.

Overall, I rate the solution a seven out of ten.

My company is a Fortinet partner and specializes in FortiWeb. We often compete against cloud-native solutions like Azure Application Gateway WAF. We typically conduct proof-of-concept tests for potential clients. They are usually looking for API protection and bot mitigation, which FortiWeb excels at. We take responsibility for implementing and supporting the solution for our customers.

We also conduct simulation tests and review feedback from colleagues and customers. Customers often seek solutions for bottlenecks, especially regarding machine learning. We can do a detailed review of the WAF services and provide a report for the customer.

If a customer has a website, a firewall alone is not enough. While a firewall can act as an application firewall, it may not be sufficient. If we have a firewall at layer four and layer seven, and the customer needs protection against OWASP Top 10 vulnerabilities or requires IT audits, a web application firewall becomes crucial.

Additionally, if DDoS protection is a concern, it often comes integrated with WAF. For networking, some WAFs can even provide load-balancing functionality.

In my experience, we put my customer's website in monitor mode, not protect mode. So, we initially set up FortiWeb in monitor mode to avoid disruptions to the customer's website.

While in monitor mode, machine learning observed the web application. Once machine learning had enough data to analyze, we discussed unusual traffic patterns with the customer.

FortiWeb identified potential DDoS attacks and suspicious domain activity, showcasing the value of its machine-learning capabilities.

The price could be close to Imperva; Imperva is the number one firewall.

FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that.

I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.

I used it for two years. I started working with it when a client company moved their web application to the cloud (Azure or AWS) and needed protection. We implemented a FortiWeb solution as their WAF.

I have used Check Point for email security.

For security products, from my experience, customers will compare costs if they have been attacked. They may consider insurance. If you provide more protection, the return on investment is the compromise to use the application.

This product offers two pricing options: a standard package and an advanced package. The advanced package includes credential stuffing protection, while the standard package includes automatic application learning, bot mitigation, and web application protection.

If you simply need to protect your website, the standard package is sufficient. However, if you need credential stuffing protection, the advanced package is necessary. This is the key difference between the two packages.

Overall, I would rate the solution an eight out of ten.

I use the solution for some of my company's clients who want to protect their websites from malware and adware attacks.

From a benefit perspective, FortiWeb Web Application Firewall (WAF) protects the customers’ websites, which are used to communicate with the audience or clients.

I am not sure about what I like in the solution because I think most of the customers ask for the product whenever they want a WAF tool for any of their projects. After our company had a discussion with one of our local teams, we sold it by providing the features of the FortiWeb Web Application Firewall (WAF) that our customers like, as we mostly follow the customer requirements. Our company sells FortiWeb Web Application Firewall (WAF) if it meets our customers' requirements.

To deal with zero-day attacks, FortiWeb Web Application Firewall (WAF) needs to expand and update its database since it is one of the areas where the tool currently lacks. In short, FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database.

In FortiWeb Web Application Firewall (WAF), there is a substantial amount of improvement required in the scalability area.

I have been using FortiWeb Web Application Firewall (WAF) for less than a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a five out of ten.

My company only has two customers who use FortiWeb Web Application Firewall (WAF). My company wants to sell the tool to medium and large-sized businesses with 500 or more users.

The solution is deployed on an on-premises model.

Sometimes, the product's deployment takes over one or two days because customers need to check their requirements and then may want some features. In general, it takes a minimum of two or three days to deploy the product.

Compared to the other products in the market, FortiWeb Web Application Firewall (WAF) is a reasonably priced product, but sometimes people may consider it a bit expensive. I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price.

The product is easy to configure.

I have a separate team of three engineers in the company to manage FortiWeb Web Application Firewall (WAF).

Based on my experience and the comments from our company's customers who use the solution, I can say that FortiWeb Web Application Firewall (WAF) is a good product. Our company's customers who use the solution like it since they have been using it for about a year without any bad opinions or comments about it.

Feature-wise, FortiWeb Web Application Firewall (WAF) needs to add more functionalities. Some of the customers who use it want it to have more features, but we cannot find any in the tool presently. I can say what kind of features are required right now in the product. One customer who may want 20 features in the tool may get only 15 features that comply with the customer's requirements.

I rate the overall tool a six out of ten.

We use the solution for securing the Internet-facing servers where you can do the load balancing with the web appliance.

FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.

I have been using FortiWeb as a partner for two years. We are using V7.2 of the solution.

Fortinet has many issues, like the zero-day attacks. Certain critical work vulnerabilities need to be immediately upgraded as an enterprise. You cannot initiate the upgrade anytime because it affects production. Usually, we schedule the upgrade. We do the configuration and scheduling of the updates. Fortinet is a 24/7 company that can release updates any time, regardless of the day of the week. FortiWeb WAF is a security solution that can be updated at any time, irrespective of the day of the week.

The solution is scalable.

On two recent occasions, I experienced delays in resolving technical issues with Fortiweb WAF, particularly when configuring explicit proxies on FortiGate firewalls. As a Fortinet partner, I was disappointed that our dedicated support channel was unavailable and that I could not obtain licenses or hardware assistance despite escalating to the country manager. Additionally, the technical support response times in the Middle East region have been inconsistent, with some areas providing excellent support while others have been unresponsive. This inconsistency has been particularly frustrating when dealing with urgent issues at remote sites. Overall, the support experience for Fortiweb WAF has been inconsistent and frustrating, particularly for Fortinet partners.

I have used Kemp before, but I also dislike the FortiWeb. I'm trying to move to F5 because F5 is very good.

FortiWeb comes with an IP address. You need to log into the web console, and you can do it with the CLI using the console cable. You have to go in; it will initially give you a setup wizard and configure the hostname, interfaces, etc. The setup is relatively easy, but when it comes to advanced deployments. Kemp is a relatively affordable and capable solution. Fortiweb WAF offered all the features, making Kemp less appealing for enterprise-level applications. Kemp is suitable for smaller or regional websites, but it may not be as robust for global deployments.

Additionally, I could not locate the virtual domain feature in Fortiweb WAF. This feature would allow me to assign different domain names to a single website based on the user's location. Fortiweb WAF presented EDS as a workaround, but the process was overly complex and inconvenient.

Firstly, expect load balancing and a web application firewall for the same product Fortinet is offering. Start by booting up the device and use FortiWeb to connect the file by application firewall. There's a default IP address without any password. You log in, and then it shows your initial setup wizard. The wizard helps you set up the host names, Fortinet account, FortiCloud account, etc. After that, you start setting up your physical servers; then you give a virtual server, which will be a point. In a network with a firewall and port forwarding, the FortiWeb WAF device can act as a load balancer and a security gateway. It can receive traffic from the firewall, decrypt SSL/TLS traffic, inspect traffic for layer seven vulnerabilities, and then forward traffic to the appropriate internal server based on load-balancing algorithms and application-specific information provided by the servers. The FortiWeb WAF can monitor server health and performance and automatically switch traffic away from unhealthy servers.

Deployment depends on how much complexity you want to add to the product. If the customer requirement is easy, you may deploy it in one day. For example, I was working on a project with around 16 servers. Each server has a different data source; one server gives the back end, whereas the other provides the front end. That was a complex deployment. It will take around four to five days to deploy if you want to go deeper into it.

We have achieved 70% ROI.

FortiWeb is expensive. F5 is also very expensive, but it is value for money.

The solution’s maintenance and UI are easy, but some features are hidden. Their quality assurance needs to work. We used to have the upgrades and patches every month or 15 days, but now they are coming every week too. We have vulnerability.

The product needs to get more mature.

Overall, I rate the solution a six out of ten.

We use the solution for the office in Oracle.

Fortinet FortiWeb is priced well.

The product’s stability could be improved.

I have been using Fortinet FortiWeb for one year. We are using the latest version of the solution.

The product’s stability is normal. I rate it six out of ten.

The solution is scalable.

The initial setup depends on technical knowledge.

The solution is cheaper compared with other solutions. It has a yearly license.

Overall, I rate the solution a seven out of ten.