We use it for all our hosted web applications, so they are routed via FortiWave and Fortinet. We use both the network firewall and the application firewall. The whole infrastructure and everything else are protected. Fortinet protects the web infrastructure.

There are very few specific things that are not present in cloud-native firewalls, like Azure Firewall or AWS Firewall. They lack many features, such as the ability to handle paths in requests larger than eight KB. For example, if you upload a document or the page size exceeds eight KB, you might face issues with AWS and other cloud-native firewalls. FortiWeb can handle requests of up to 10MB, providing this capability. It also has a very user-friendly UI. Even someone new to FortiWeb or any firewall system, with the right contextual knowledge, can configure it effectively. The support and documentation provided by Fortinet are generally sufficient for any team to manage infrastructure using Fortinet and FortiWeb.

Native cloud firewalls, like AWS WAF or Azure Firewall, have limitations compared to next-generation firewalls like Fortinet FortiWeb or other solutions. While AWS and Azure have security features, they are often tailored to their specific technologies and may lack some advanced capabilities in next-generation firewalls. This is why we sometimes opt for solutions like Fortinet, even in a cloud environment.

Fortinet FortiWeb has strengths, but there is room for improvement. For example, its threat intelligence capabilities may not be as advanced as some competitors. While Fortinet excels in many areas, it could enhance its advanced intelligence features. However, in terms of configuration, maintenance, and securing infrastructure, Fortinet remains a strong option.

I have been using Fortinet FortiWeb as a partner for five to five years.

I rate the solution’s stability a seven out of ten.

It is suitable for enterprises.

I rate the solution’s scalability as seven or eight out of ten.

We have a procurement team and a support engagement team that is helping us with issues. They are maintaining the SLA and all those things.

Deployment can be straightforward, like spinning up EC2 instances or Azure VMs with Fortinet, which can be a one-click process. The complexity arises from configuring Fortinet within your specific ecosystem. The configuration depends on the size and nature of your infrastructure, including the number of machines and appliances and the types of systems you are protecting, such as APIs, normal instances, or mobile applications. While deploying Fortinet itself might be quick, configuring it to fit your environment and security needs takes additional time and effort.

Many other companies offer similar capabilities. We also use other solutions, but Fortinet FortiWeb has strong bot capabilities for threat protection and excellent geo-restriction features. It also handles malicious IP prevention and is easy to use. Our experience has been positive. We’ve only enabled the algorithms provided by FortiWeb and haven’t customized the configuration beyond what FortiWeb offers. The existing rules and features for FortiWeb are good.

If you need a next-generation firewall to meet industry and security demands, relying solely on native cloud firewalls like Azure Firewall, AWS Firewall, or Google Cloud Firewall may not be sufficient. These native firewalls often lack the advanced features to protect against various threats. It is advisable to consider solutions like Fortinet FortiWeb or Cloudflare to ensure robust protection.

It's a trade-off between price and the service you receive. If you're paying less for a solution that provides good services compared to a competitor where you might pay more for similar support and features, then Fortinet could be a viable option. It might be better if another solution, like Cloudflare, offers better value across multiple aspects such as service, cost, and support.

Overall, I rate the solution a seven out of ten.

My company is a Fortinet partner and specializes in FortiWeb. We often compete against cloud-native solutions like Azure Application Gateway WAF. We typically conduct proof-of-concept tests for potential clients. They are usually looking for API protection and bot mitigation, which FortiWeb excels at. We take responsibility for implementing and supporting the solution for our customers.

We also conduct simulation tests and review feedback from colleagues and customers. Customers often seek solutions for bottlenecks, especially regarding machine learning. We can do a detailed review of the WAF services and provide a report for the customer.

If a customer has a website, a firewall alone is not enough. While a firewall can act as an application firewall, it may not be sufficient. If we have a firewall at layer four and layer seven, and the customer needs protection against OWASP Top 10 vulnerabilities or requires IT audits, a web application firewall becomes crucial.

Additionally, if DDoS protection is a concern, it often comes integrated with WAF. For networking, some WAFs can even provide load-balancing functionality.

In my experience, we put my customer's website in monitor mode, not protect mode. So, we initially set up FortiWeb in monitor mode to avoid disruptions to the customer's website.

While in monitor mode, machine learning observed the web application. Once machine learning had enough data to analyze, we discussed unusual traffic patterns with the customer.

FortiWeb identified potential DDoS attacks and suspicious domain activity, showcasing the value of its machine-learning capabilities.

The price could be close to Imperva; Imperva is the number one firewall.

FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that.

I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.

I used it for two years. I started working with it when a client company moved their web application to the cloud (Azure or AWS) and needed protection. We implemented a FortiWeb solution as their WAF.

I have used Check Point for email security.

For security products, from my experience, customers will compare costs if they have been attacked. They may consider insurance. If you provide more protection, the return on investment is the compromise to use the application.

This product offers two pricing options: a standard package and an advanced package. The advanced package includes credential stuffing protection, while the standard package includes automatic application learning, bot mitigation, and web application protection.

If you simply need to protect your website, the standard package is sufficient. However, if you need credential stuffing protection, the advanced package is necessary. This is the key difference between the two packages.

Overall, I would rate the solution an eight out of ten.