I am familiar with Fortinet FortiWeb, and I'm working with the product. I have been using Fortinet FortiWeb in my organization for the last three years. We are using Fortinet FortiWeb as a security solution because a few applications are running on our website through which external users are hitting our application. We have installed this product for outside users, not inside users, especially for outside users from the organization.
Fortinet FortiWeb Web Application Firewall WAF (PAYG)
Fortinet Inc.External reviews
62 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Security threats have been reduced through seamless deployment and strong integration with other tools
What is our primary use case?
What is most valuable?
Reporting in Fortinet FortiWeb is very good. Fortinet FortiWeb has positively impacted my organization because most of our servers and applications are secure from hackers and other security threats. We have a lot of security challenges, but with the installation of Fortinet FortiWeb, we have reduced many security threats with its help.
What needs improvement?
The reason it took one week to ten days is that fine-tuning is a challenge, as we have many applications behind the product. Fine-tuning took this time; otherwise, installation is one to two days of work only. Fine-tuning is a room for improvement in Fortinet FortiWeb.
For how long have I used the solution?
I have been using Fortinet FortiWeb in my organization for the last three years.
How are customer service and support?
I would rate the technical support of Fortinet as fine; they provide very nice technical support and are responsive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We do not have options to replace it with another solution because we have installed it and we are using it. We have trained manpower, and it is not easy to replace.
How was the initial setup?
The deployment of Fortinet FortiWeb was actually easy and our team is managing it quite easily. The deployment of Fortinet FortiWeb in my case took one week to two weeks.
What about the implementation team?
I have a dedicated team to manage the product. For this purpose, we have only one engineer in our technical team.
What's my experience with pricing, setup cost, and licensing?
With pricing, I think Fortinet FortiWeb is a reasonable price compared to other products like Barracuda, as it is cheaper than Barracuda or maybe competitive. Most security products charge less at the time of purchase because of competition, but when we go to renewals, the prices become very high.
What other advice do I have?
I have used Fortinet FortiWeb's integration features. We have easily integrated all of the applications with the product. Most of the applications we are using are in-house built.
My technical team is looking after the best features. I have not used it extensively for maybe two and a half years. I have been involved in the installation, but I am not actually using the product. I work with it from time to time but not extensively.
I would assess Fortinet FortiWeb's adaptive machine learning and artificial intelligence as having new patches installed regarding artificial intelligence, but when we bought it, I think the learning feature was there. Now they have installed artificial intelligence features through patches.
We have a complete portfolio of Fortinet in our organization, including FortiMail, Fortinet FortiWeb, and FortiGate, along with multi-factor authentication. All of the products are from Fortinet. Fortinet tools integrate with each other and work in conjunction.
I think Fortinet FortiWeb has helped us meet regulatory compliance because we are not a regulatory organization, but our sister organization is regulatory. We have regulatory compliance with the International Civil Aviation Authority, whose audit teams have checked our data center and these security products, and they are satisfied with us. The question about leveraging Fortinet FortiWeb's automated policy management does not pertain to my domain because I am not so technical, but I am in a management role now. My engineer is more technical than me.
I would rate this product an eight point five out of ten.
Absolutely Love This Cloud Sec!
What do you like best about the product?
1. Extremely Simple and Fast Deployment
2.Ease of Integration
3.Ease of Use
4.Cost-effective
2.Ease of Integration
3.Ease of Use
4.Cost-effective
What do you dislike about the product?
1. Less Flexibility than Competitors like F5, Imperva
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
What problems is the product solving and how is that benefiting you?
FortiAppSec addresses two critical challenges in my web application: the expanding, invisible API attack surface and the complexity of traditional WAF management. It solves the visibility issue by automatically discovering and cataloging all API endpoints through analysis of live traffic, providing complete command over all exposed assets. Furthermore, it simplifies operations by deploying as a cloud service in minutes via a simple DNS change, which significantly reduces operational overhead and allows teams to focus on strategy rather than continuous, complex WAF tuning.
Review for FortiAppSec Cloud
What do you like best about the product?
This product is straightforward to use and implement. I appreciate its fully managed, cloud-based WAF approach, along with the real-time protection it offers and the responsive customer support. I rely on its machine learning and behavior-based detection features for daily monitoring, and I also value how seamlessly it integrates with other Fortinet products.
What do you dislike about the product?
Limited advanced configurations and custom rule tuning.
What problems is the product solving and how is that benefiting you?
This tool makes both load balancing and security management much simpler.
Excellent Protection, Complex Interface
What do you like best about the product?
I like that FortiAppSec Cloud provides AI-driven, fully managed WAF protection with minimal tuning required, excellent integration with Fortinet Security Fabric, and strong coverage for web apps and APIs against evolving threats.
What do you dislike about the product?
The interface could be more intuitive, and deeper customization or reporting options would improve flexibility. Integration with non-Fortinet tools also requires extra configuration.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud protects our web apps and APIs from OWASP Top 10 threats and bot attacks while reducing manual management. It improves visibility, automates protection, and strengthens our overall security posture.
Effective in protecting web applications include web filtering, DDoS protection, and geo-location blocking
What is our primary use case?
The FortiWeb Web Application Firewall (WAF) is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS or Azure network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.
We focus on websites with FortiWeb Web Application Firewall (WAF). Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.
What is most valuable?
The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.
The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.
What needs improvement?
Their AI technology is good. Overall, Fortinet is only good.
The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.
If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.
The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.
There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.
For how long have I used the solution?
I have been working with them for Five years.
How are customer service and support?
The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.
When going for multiple websites, the price also reduces.
What other advice do I have?
I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).
Both web application firewalls and next-generation firewalls are available, which we are doing daily.
I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.
It is the best option on the market.
I rate FortiWeb Web Application Firewall (WAF) eight out of ten.
Delivers robust security with significant ROI and seamless integration
What is our primary use case?
Our primary use case for Fortinet FortiWeb is application security, specifically web application security for our customers. We focus on securing their web apps, as the major purpose is to provide strong application security.
What is most valuable?
The most valuable features of Fortinet FortiWeb are its basic features of WAS top ten, DDoS attacks, and bot attacks. Additionally, the machine learning-based threat detection is significant, as it uses a learning method that eases the configuration burden, making it very useful. The AI-driven threat detection enhances protection capabilities, and the product is equipped with hardware acceleration, improving performance considerably. Fortinet has improved its performance multifold.
What needs improvement?
The cloud-based security service of Fortinet FortiWeb could be enhanced to match the level of providers like Cloudflare. Right now, it is more focused on on-prem solutions, and there is a need to strengthen its cloud presence to offer comparable services.
For how long have I used the solution?
I have been working with Fortinet FortiWeb for three to four years.
What was my experience with deployment of the solution?
We have deployed Fortinet FortiWeb within a week for multiple setups, depending on the number of services. Generally, we have not encountered many difficulties with deployments across various use cases.
What do I think about the stability of the solution?
In terms of stability, Fortinet FortiWeb is very stable. We have not faced any significant issues during deployments, and it functions as expected without major hiccups.
What do I think about the scalability of the solution?
We haven't conducted very large deployments, but there have been no complaints regarding performance or scalability from our customers, so scalability has not been a challenge for us.
How are customer service and support?
Fortinet's customer support needs improvement. The expertise of engineers varies across different time zones, affecting the effectiveness of the support provided, especially during our daytime.
How would you rate customer service and support?
Negative
How was the initial setup?
The initial setup of Fortinet FortiWeb is easy. Compared to other solutions like Check Point, setting it up is straightforward.
What was our ROI?
Our customers have seen a significant ROI with Fortinet FortiWeb. The three to five years TCO (Total Cost of Ownership) is very favorable.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiWeb is cost-effective compared to solutions like F5. It offers strong performance for the price, providing substantial value for our customers.
What other advice do I have?
Fortinet FortiWeb is a good and underrated product for web application security. It's especially beneficial for those already using Fortinet firewalls, offering a unified interface and comprehensive security. Integration with existing infrastructures, including custom applications, has been smooth without notable challenges. I would rate the overall solution as an 8 out of 10.
I'm an technical support for a lot of network security products
What do you like best about the product?
FortiWeb is the best Solution for the company that publish it's Website or the company that need to access the internet
What do you dislike about the product?
Nothing it's a customized product for the big organization
What problems is the product solving and how is that benefiting you?
It can filter all the URLs and customize the sites that I can login and also help me to protect my network from any attacks.
Offers competitive pricing and robust channel support with good training
What is our primary use case?
I mentioned that the firewalls, such as the one from Fortinet, help protect my infrastructure from outside attacks. They perform a lot of network scanning and do not allow any unauthorized person to access my details and data. That's their application. A similar action is performed by the web application firewall, where web applications are restricted to certain users. This means that not anyone with malicious intent can access my web application content.
What is most valuable?
The good thing about Fortinet is that their enablement is very good in terms of training me and enabling resources on their technology.
Secondly, if I look at their pricing, Fortinet's pricing is way more competitive than Cisco or Palo Alto. They have almost 45% share in the firewall market, as per IDC. Fortinet is a large-sized company where their channel program is very robust and very flexible. They also understand the different personas of the channel stakeholders. In that way, they are rapidly growing in the channel ecosystem space and have started getting a lot of business. They are replacing many big traditional players in that space.
What needs improvement?
There are some issues pertaining to the migration. If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall. There is some integration work required to do that.
For how long have I used the solution?
I have been working with Fortinet for almost one year and eight or nine months.
How are customer service and support?
Their support is truly exceptional when I compare it with similar large-sized companies. In that category, they are top-notch at this point in time.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I was with SquadCast earlier.
Which other solutions did I evaluate?
F5 is a leader. They have some technical supremacy. F5 is more in demand, however, other players like Radware are also available in the market.
What other advice do I have?
I would rate the solution eight out of ten at least.
Seamless integration and has enhanced security management
What is our primary use case?
FortiWeb is used for protecting against malicious activities, such as SQL injections, for outward-facing web forms.
What is most valuable?
The most valuable features of FortiWeb include its dashboard and out-of-the-box integrations with other Fortinet products, which enhance its effectiveness. FortiWeb's position as part of the Fortinet platform makes it particularly beneficial for Fortinet customers, offering seamless integration and operational cost savings.
What needs improvement?
There is room for improvement in the portability on multi-cloud environments. Enhanced DDoS integration to make FortiWeb more unified with other Fortinet products could be beneficial.
For how long have I used the solution?
I have personally been working with FortiWeb for approximately two years.
What do I think about the stability of the solution?
I would rate the stability of FortiWeb as nine out of ten, indicating highly stable performance.
What do I think about the scalability of the solution?
I would rate the scalability of the product a seven out of ten. While it is multicloud-enabled, there is more automation in other products that may better suit complex environments.
How are customer service and support?
I would rate the customer service and support as nine out of ten.
How would you rate customer service and support?
Positive
What about the implementation team?
Our team, consisting of three certified Fortinet engineers, handles the deployment, although globally, Exclusive Networks has a large team of certified engineers.
What was our ROI?
Operational costs decrease when using FortiWeb within the Fortinet stack due to integrated assessments and security event management.
What's my experience with pricing, setup cost, and licensing?
I would rate the licensing cost as seven out of ten, considering it good value for money. The price is affordable and reasonable for the features offered.
Which other solutions did I evaluate?
We also work with other vendors such as F5, Proofpoint, and Palo Alto, however, Fortinet stands out for its holistic vision of cybersecurity.
What other advice do I have?
Overall, I would rate FortiWeb an eight out of ten for existing Fortinet customers due to its seamless integration and good value for money.
Secures APIs with effective protection against web threats
What is our primary use case?
We use FortiWeb to connect external APIs to our on-prem data center solutions.
What is most valuable?
We use FortiWeb for extended protection profiles to mitigate SQL injection and other web application threats. It is effective against web application threats and helps with our API protection and load balancing.
Additionally, it is cost-effective compared to other solutions.
What needs improvement?
They could integrate some kind of machine learning and AI facilities to automate workflows. We need to update regular patches frequently, and it requires regular installation and testing of these patches.
For how long have I used the solution?
We have been working with FortiWeb for almost five years.
What do I think about the stability of the solution?
It is stable for us, showing good performance in handling web security.
What do I think about the scalability of the solution?
I would rate its scalability at six because we have to increase our CPU and memory capacities, as it is confined to CPU and memories.
How are customer service and support?
I would rate the customer service and technical support between eight and nine out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The setup is easy to manage.
What was our ROI?
It helps us save costs, about 20% to 30%.
What's my experience with pricing, setup cost, and licensing?
In comparison to other solutions, the price is reasonable.
What other advice do I have?
FortiWeb is suitable for medium-scale companies. I recommend using this solution.
I'd rate the solution nine out of ten.
showing 1 - 10