I am familiar with Fortinet FortiWeb, and I'm working with the product. I have been using Fortinet FortiWeb in my organization for the last three years. We are using Fortinet FortiWeb as a security solution because a few applications are running on our website through which external users are hitting our application. We have installed this product for outside users, not inside users, especially for outside users from the organization.
Fortinet FortiWeb Web Application Firewall WAF (PAYG)
Fortinet Inc.External reviews
70 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Streamlines Web Security but Needs UI Enhancements
What do you like best about the product?
I really like the ease of deployment and the AI-powered automation in FortiAppSec Cloud, which make protecting and accelerating web apps and APIs much more manageable. The initial setup was very straightforward and I appreciate the unified management and reduced complexity it offers.
What do you dislike about the product?
I find the custom rule tuning tricky at first and the UI/UX lacks intuitiveness. It could use better incident timelines and risk scoring for an overall polish. There's also occasional performance dip or latency under high traffic or complex rules.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to protect web apps and APIs, handling issues like false positives, evolving threats, and security challenges.
Secure, User-Friendly with Great Support, Minor Lag Issues
What do you like best about the product?
I really appreciate the ease of access with FortiAppSec Cloud, along with its reliable customer support which is very beneficial for me. The dashboard is also great because it allows us to monitor all activities conveniently. I found the initial setup process to be very easy, and we got everything set up in under one hour.
What do you dislike about the product?
There's some lag in the platform when we reach a large number of endpoints.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud helps us deliver secure endpoints in the cloud to customers, with ease of access and reliable customer support.
Robust Protection with Room for UI Improvement
What do you like best about the product?
I like the FortiAppSec Cloud's clean dashboard, which lets me quickly understand what’s happening without digging through endless logs. I also appreciate that I can log in and immediately see what types of attacks are being blocked, where traffic is coming from, and whether there are any unusual spikes. It's our security shield in front of our applications.
What do you dislike about the product?
The UI is clean overall, but sometimes when you're trying to troubleshoot something specific, you have to click around more than you'd like. A more straightforward log search or clearer explanations inside the dashboard would help. The UI is not customizable as well. I would love to see that option.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud as a security shield for our web apps and APIs, providing deep visibility into traffic, reducing bot activity, preventing web attacks, and simplifying security reporting.
Centralized Threat Management, Easy Setup
What do you like best about the product?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs. It helps us detect vulnerabilities, manage security policies, and maintain visibility into potential threats in our cloud environment. FortiAppSec Cloud centralizes monitoring, improves alerting, and helps us respond to risks more efficiently. One of the best features is its centralized board and control center, which offers a consolidated view of application health, threat activity, and policy status in one place. This allows me to quickly see recent alerts, traffic patterns, and any flagged vulnerabilities from a single screen. The initial setup was pretty easy.
What do you dislike about the product?
I think the personalized UI could be improved. I would like to be able to change the data into a format I like, including the color scheme.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs, centralizing monitoring and improving alerting. It solves the problem of requiring multiple tools and manual effort. I appreciate the consolidated view of application health, threat activity, and policy status from a single dashboard.
Robust WAF Security and Bot Mitigation in a Single Console
What do you like best about the product?
I evaluated it for WAF solution & liked it's security, bot mitigation measures, & everything security under single console. I particularly liked how it's designed to handle coming of age security threats, with agentic AI proliferation.
What do you dislike about the product?
I felt there are improvements possible in it's overall UI/UX experience & onboarding flows, making it a li'll more intuitive & performant will help smoothen the experience
What problems is the product solving and how is that benefiting you?
I like the strong AI driven security approach in its solution & offerings, allowing teams to focus on business problems, modernize their infrastructure with least worries about it's security.
Security threats have been reduced through seamless deployment and strong integration with other tools
What is our primary use case?
What is most valuable?
Reporting in Fortinet FortiWeb is very good. Fortinet FortiWeb has positively impacted my organization because most of our servers and applications are secure from hackers and other security threats. We have a lot of security challenges, but with the installation of Fortinet FortiWeb, we have reduced many security threats with its help.
What needs improvement?
The reason it took one week to ten days is that fine-tuning is a challenge, as we have many applications behind the product. Fine-tuning took this time; otherwise, installation is one to two days of work only. Fine-tuning is a room for improvement in Fortinet FortiWeb.
For how long have I used the solution?
I have been using Fortinet FortiWeb in my organization for the last three years.
How are customer service and support?
I would rate the technical support of Fortinet as fine; they provide very nice technical support and are responsive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We do not have options to replace it with another solution because we have installed it and we are using it. We have trained manpower, and it is not easy to replace.
How was the initial setup?
The deployment of Fortinet FortiWeb was actually easy and our team is managing it quite easily. The deployment of Fortinet FortiWeb in my case took one week to two weeks.
What about the implementation team?
I have a dedicated team to manage the product. For this purpose, we have only one engineer in our technical team.
What's my experience with pricing, setup cost, and licensing?
With pricing, I think Fortinet FortiWeb is a reasonable price compared to other products like Barracuda, as it is cheaper than Barracuda or maybe competitive. Most security products charge less at the time of purchase because of competition, but when we go to renewals, the prices become very high.
What other advice do I have?
I have used Fortinet FortiWeb's integration features. We have easily integrated all of the applications with the product. Most of the applications we are using are in-house built.
My technical team is looking after the best features. I have not used it extensively for maybe two and a half years. I have been involved in the installation, but I am not actually using the product. I work with it from time to time but not extensively.
I would assess Fortinet FortiWeb's adaptive machine learning and artificial intelligence as having new patches installed regarding artificial intelligence, but when we bought it, I think the learning feature was there. Now they have installed artificial intelligence features through patches.
We have a complete portfolio of Fortinet in our organization, including FortiMail, Fortinet FortiWeb, and FortiGate, along with multi-factor authentication. All of the products are from Fortinet. Fortinet tools integrate with each other and work in conjunction.
I think Fortinet FortiWeb has helped us meet regulatory compliance because we are not a regulatory organization, but our sister organization is regulatory. We have regulatory compliance with the International Civil Aviation Authority, whose audit teams have checked our data center and these security products, and they are satisfied with us. The question about leveraging Fortinet FortiWeb's automated policy management does not pertain to my domain because I am not so technical, but I am in a management role now. My engineer is more technical than me.
I would rate this product an eight point five out of ten.
Absolutely Love This Cloud Sec!
What do you like best about the product?
1. Extremely Simple and Fast Deployment
2.Ease of Integration
3.Ease of Use
4.Cost-effective
2.Ease of Integration
3.Ease of Use
4.Cost-effective
What do you dislike about the product?
1. Less Flexibility than Competitors like F5, Imperva
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
2.Feature Depth Compared to Specialized WAFs
3.Potential for Performance Latency
What problems is the product solving and how is that benefiting you?
FortiAppSec addresses two critical challenges in my web application: the expanding, invisible API attack surface and the complexity of traditional WAF management. It solves the visibility issue by automatically discovering and cataloging all API endpoints through analysis of live traffic, providing complete command over all exposed assets. Furthermore, it simplifies operations by deploying as a cloud service in minutes via a simple DNS change, which significantly reduces operational overhead and allows teams to focus on strategy rather than continuous, complex WAF tuning.
Review for FortiAppSec Cloud
What do you like best about the product?
This product is straightforward to use and implement. I appreciate its fully managed, cloud-based WAF approach, along with the real-time protection it offers and the responsive customer support. I rely on its machine learning and behavior-based detection features for daily monitoring, and I also value how seamlessly it integrates with other Fortinet products.
What do you dislike about the product?
Limited advanced configurations and custom rule tuning.
What problems is the product solving and how is that benefiting you?
This tool makes both load balancing and security management much simpler.
Excellent Protection, Complex Interface
What do you like best about the product?
I like that FortiAppSec Cloud provides AI-driven, fully managed WAF protection with minimal tuning required, excellent integration with Fortinet Security Fabric, and strong coverage for web apps and APIs against evolving threats.
What do you dislike about the product?
The interface could be more intuitive, and deeper customization or reporting options would improve flexibility. Integration with non-Fortinet tools also requires extra configuration.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud protects our web apps and APIs from OWASP Top 10 threats and bot attacks while reducing manual management. It improves visibility, automates protection, and strengthens our overall security posture.
Effective in protecting web applications include web filtering, DDoS protection, and geo-location blocking
What is our primary use case?
The FortiWeb Web Application Firewall (WAF) is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS or Azure network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.
We focus on websites with FortiWeb Web Application Firewall (WAF). Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.
What is most valuable?
The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.
The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.
What needs improvement?
Their AI technology is good. Overall, Fortinet is only good.
The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.
If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.
The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.
There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.
For how long have I used the solution?
I have been working with them for Five years.
How are customer service and support?
The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.
When going for multiple websites, the price also reduces.
What other advice do I have?
I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).
Both web application firewalls and next-generation firewalls are available, which we are doing daily.
I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.
It is the best option on the market.
I rate FortiWeb Web Application Firewall (WAF) eight out of ten.
showing 1 - 10