Sold by
Fortinet FortiWeb Web Application Firewall WAF (PAYG)
The FortiWeb web application firewall (WAF) defends web-based applications from known and zero-day threats. Its AI-based machine learning identifies threats with virtually no false positive detections.
Reviews (76)
Prasanth K.
Easy-to-Implement AppSec with Strong Signature Detection, Bot Protection, and Cloud Integration
Reviewed on Feb 21, 2026
Review provided by G2
What do you like best about the product?
While we use it as an mirror alternate to AWS WAF for our China accounts, It brings in lot of value ad interms of very less manual effort and almost covers all of our security aspects for both our internal and external apps.
Its Signature based detection and Advanced Bot protection defn needs a praise.
Synthetic Testing, Fabric Connector options really put forti's Appsec in driver position.
Its very easy implementation, to use and configuration and integration with cloud (AWS & Azure market place pfferings) comes in handy.
Its Signature based detection and Advanced Bot protection defn needs a praise.
Synthetic Testing, Fabric Connector options really put forti's Appsec in driver position.
Its very easy implementation, to use and configuration and integration with cloud (AWS & Azure market place pfferings) comes in handy.
What do you dislike about the product?
Just like any other software, its initial setup initial setup can be a head-scratching because the platform offers an overwhelming number of useful but complex options.
Reporting is some what limited which we got to knwo during our training and it pretty much remained the same today.
Reporting is some what limited which we got to knwo during our training and it pretty much remained the same today.
What problems is the product solving and how is that benefiting you?
Since AWS WAF is not allowed in China mainland, we use Forti products to cover our applications in place of this. Due to its general availability in AWS/Azure market place, we sort of setteled on this and it continue to impress us securing our products from almost all attacks.
Because of its powerful and multi option features, it covers all ur firewall needs not just for our application but DNS, ELB's nd other API security needs as part of our hybrid security strategy
Because of its powerful and multi option features, it covers all ur firewall needs not just for our application but DNS, ELB's nd other API security needs as part of our hybrid security strategy
Piotr M.
Streamlines Web Security but Needs UI Enhancements
Reviewed on Feb 18, 2026
Review provided by G2
What do you like best about the product?
I really like the ease of deployment and the AI-powered automation in FortiAppSec Cloud, which make protecting and accelerating web apps and APIs much more manageable. The initial setup was very straightforward and I appreciate the unified management and reduced complexity it offers.
What do you dislike about the product?
I find the custom rule tuning tricky at first and the UI/UX lacks intuitiveness. It could use better incident timelines and risk scoring for an overall polish. There's also occasional performance dip or latency under high traffic or complex rules.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to protect web apps and APIs, handling issues like false positives, evolving threats, and security challenges.
Alexandru R.
Secure, User-Friendly with Great Support, Minor Lag Issues
Reviewed on Feb 16, 2026
Review provided by G2
What do you like best about the product?
I really appreciate the ease of access with FortiAppSec Cloud, along with its reliable customer support which is very beneficial for me. The dashboard is also great because it allows us to monitor all activities conveniently. I found the initial setup process to be very easy, and we got everything set up in under one hour.
What do you dislike about the product?
There's some lag in the platform when we reach a large number of endpoints.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud helps us deliver secure endpoints in the cloud to customers, with ease of access and reliable customer support.
Mansi S.
Robust Protection with Room for UI Improvement
Reviewed on Feb 13, 2026
Review provided by G2
What do you like best about the product?
I like the FortiAppSec Cloud's clean dashboard, which lets me quickly understand what’s happening without digging through endless logs. I also appreciate that I can log in and immediately see what types of attacks are being blocked, where traffic is coming from, and whether there are any unusual spikes. It's our security shield in front of our applications.
What do you dislike about the product?
The UI is clean overall, but sometimes when you're trying to troubleshoot something specific, you have to click around more than you'd like. A more straightforward log search or clearer explanations inside the dashboard would help. The UI is not customizable as well. I would love to see that option.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud as a security shield for our web apps and APIs, providing deep visibility into traffic, reducing bot activity, preventing web attacks, and simplifying security reporting.
Shiv A.
Strong Security but Initial Setup Woes
Reviewed on Feb 11, 2026
Review provided by G2
What do you like best about the product?
I think the automatic security and centralized dashboard in FortiAppSec Cloud are pretty good. It's easy to integrate with Fabric, which is helpful, and it's pretty fast and easy to deploy and scale. The automatic security reduces manual rule tuning, and the centralized dashboard improves visibility and response time. The Fabric integration allows automated threat sharing across network and application layers, which improves both security posture and operational efficiency and also improves application latency.
What do you dislike about the product?
The initial configuration and setup for complex rules can be tricky, which is challenging for first-time users. Also, the UI and UX could be improved, particularly with richer incident storytelling like timeline-based views and smarter risk scoring. Sometimes, there's a bit of performance issue during peak traffic, and there's a lack of detailing in incident reports.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to reduce bot traffic, prevent API abuse, and protect from DDoS attacks and credential stuffing. It reduces manual rule management, improves visibility, and enhances security posture and operational efficiency.
Manav S.
Centralized Threat Management, Easy Setup
Reviewed on Feb 11, 2026
Review provided by G2
What do you like best about the product?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs. It helps us detect vulnerabilities, manage security policies, and maintain visibility into potential threats in our cloud environment. FortiAppSec Cloud centralizes monitoring, improves alerting, and helps us respond to risks more efficiently. One of the best features is its centralized board and control center, which offers a consolidated view of application health, threat activity, and policy status in one place. This allows me to quickly see recent alerts, traffic patterns, and any flagged vulnerabilities from a single screen. The initial setup was pretty easy.
What do you dislike about the product?
I think the personalized UI could be improved. I would like to be able to change the data into a format I like, including the color scheme.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs, centralizing monitoring and improving alerting. It solves the problem of requiring multiple tools and manual effort. I appreciate the consolidated view of application health, threat activity, and policy status from a single dashboard.
Information Technology and Services
Robust WAF Security and Bot Mitigation in a Single Console
Reviewed on Feb 10, 2026
Review provided by G2
What do you like best about the product?
I evaluated it for WAF solution & liked it's security, bot mitigation measures, & everything security under single console. I particularly liked how it's designed to handle coming of age security threats, with agentic AI proliferation.
What do you dislike about the product?
I felt there are improvements possible in it's overall UI/UX experience & onboarding flows, making it a li'll more intuitive & performant will help smoothen the experience
What problems is the product solving and how is that benefiting you?
I like the strong AI driven security approach in its solution & offerings, allowing teams to focus on business problems, modernize their infrastructure with least worries about it's security.
Ritika K.
Easy Web and API Security at Scale
Reviewed on Feb 09, 2026
Review provided by G2
What do you like best about the product?
The ease of use and the way it can protect applications and APIs effectively while aggregating all logs into one system that requires little maintenance.
What do you dislike about the product?
Greater reporting and analytics capabilities (more customization, flexibility). Would help with visibility/troubleshooting.
No big problems reported so far, but the product could be a bit more user-friendly and have better reporting.
No big problems reported so far, but the product could be a bit more user-friendly and have better reporting.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud offers an answer to the problem of securing web applications and APIs against modern threats, including OWASP Top 10 attacks, bots, and abuse – without increasing operational complexity. To that end, it helps us in mitigating risk, simplifying security administration and increasing visibility of apps.
Jovan Jovanovic
Integration with existing infrastructure has improved efficiency and centralized management
Reviewed on Nov 20, 2025
Review provided by PeerSpot
What is our primary use case?
The main use case for Fortinet FortiWeb is handling huge amounts of data from the customer side when they lack proper data structure. Customers request a solution that can manage large volumes of data and classify it, which is the primary reason they select Web Application Firewalls.
Additionally, they seek to protect and separate applications within their network between production and non-production environments, as well as define bandwidth allocation for approved applications and restrict forbidden ones.
What is most valuable?
Fortinet does not have the best Web Application Firewall in the world, but they do have interoperable systems. From the customer side, especially if they are already buying FortiGates, firewalls, mail, proxy, and other solutions, it becomes much easier for them to purchase Fortinet FortiWeb. This is because there is one technical support team and a single point of contact from the vendor side when they need technical expertise.
The main benefits provided to users who already have other Fortinet solutions include better economics and easier maintenance due to unified technical support and a convenient single point of contact. Updates are much easier because Fortinet has one operating system for all their products. If the customer buys a manager as the central console of the whole system, they can operate all systems from one console and deploy all updates, renewals, or other changes.
What needs improvement?
Fortinet can improve their technical support, especially the response time. There appears to be an issue with their SLA. When a customer opens a ticket, it is picked up within one or two hours. However, after the customer submits a specific question and requests troubleshooting help from Fortinet support, it takes at least three to five days to provide a proper answer. The response time from the support team is an area that requires improvement.
For how long have I used the solution?
We are a distributor and I continue to work with Fortinet solutions as a reseller distributor.
What do I think about the stability of the solution?
I have not received any complaints or reports of issues from our partners or our technical team regarding stability. Perhaps three or four years ago there was an incident at a customer site in Serbia, but that was not related to Fortinet. The issue was related to network segmentation because they could not reach all logs from their network. The problem was not from Fortinet but from the Cisco ASA, not the switch.
What do I think about the scalability of the solution?
For scalability on a scale from one to ten, Fortinet FortiWeb is very scalable and it is easy to improve the bandwidth and the system. You can add additional boxes that combine together to achieve a bigger throughput for investigation and research.
How was the initial setup?
I have not received any complaints from the partner side regarding troubles or issues with implementation. The implementation of Fortinet FortiWeb and WAF into the Fortinet ecosystem proceeded very smoothly.
What about the implementation team?
That is a question for the technical part of my team and is not within my area of responsibility.
What other advice do I have?
We primarily sell Fortinet's flagship model, which is FortiGate, their next-generation firewall. After that, we sell switches, wireless devices, and solutions such as mail, web protection, and EDR. These are the most sold products in Serbia from Fortinet's portfolio.
We have recently closed a deal in Serbia with Fortinet FortiWeb.
The documentation is excellent, particularly the implementation manual. The pricing is very competitive compared to most vendors producing similar solutions. When comparing Fortinet FortiWeb to F5 BIG-IP, which is their matching solution, Fortinet FortiWeb uses smaller boxes while meeting the same technical specifications. This automatically makes Fortinet FortiWeb cheaper than F5. F5 is considered the most sold vendor in this area for Web Application Firewalls globally, and Fortinet FortiWeb offers better pricing in comparison. I would rate this product a ten out of ten.
HameedAhmed
Security threats have been reduced through seamless deployment and strong integration with other tools
Reviewed on Nov 14, 2025
Review provided by PeerSpot
What is our primary use case?
I am familiar with Fortinet FortiWeb, and I'm working with the product. I have been using Fortinet FortiWeb in my organization for the last three years. We are using Fortinet FortiWeb as a security solution because a few applications are running on our website through which external users are hitting our application. We have installed this product for outside users, not inside users, especially for outside users from the organization.
What is most valuable?
Reporting in Fortinet FortiWeb is very good. Fortinet FortiWeb has positively impacted my organization because most of our servers and applications are secure from hackers and other security threats. We have a lot of security challenges, but with the installation of Fortinet FortiWeb, we have reduced many security threats with its help.
What needs improvement?
The reason it took one week to ten days is that fine-tuning is a challenge, as we have many applications behind the product. Fine-tuning took this time; otherwise, installation is one to two days of work only. Fine-tuning is a room for improvement in Fortinet FortiWeb.
For how long have I used the solution?
I have been using Fortinet FortiWeb in my organization for the last three years.
How are customer service and support?
I would rate the technical support of Fortinet as fine; they provide very nice technical support and are responsive.
Which solution did I use previously and why did I switch?
We do not have options to replace it with another solution because we have installed it and we are using it. We have trained manpower, and it is not easy to replace.
How was the initial setup?
The deployment of Fortinet FortiWeb was actually easy and our team is managing it quite easily. The deployment of Fortinet FortiWeb in my case took one week to two weeks.
What about the implementation team?
I have a dedicated team to manage the product. For this purpose, we have only one engineer in our technical team.
What's my experience with pricing, setup cost, and licensing?
With pricing, I think Fortinet FortiWeb is a reasonable price compared to other products like Barracuda, as it is cheaper than Barracuda or maybe competitive. Most security products charge less at the time of purchase because of competition, but when we go to renewals, the prices become very high.
What other advice do I have?
I have used Fortinet FortiWeb's integration features. We have easily integrated all of the applications with the product. Most of the applications we are using are in-house built.
My technical team is looking after the best features. I have not used it extensively for maybe two and a half years. I have been involved in the installation, but I am not actually using the product. I work with it from time to time but not extensively.
I would assess Fortinet FortiWeb's adaptive machine learning and artificial intelligence as having new patches installed regarding artificial intelligence, but when we bought it, I think the learning feature was there. Now they have installed artificial intelligence features through patches.
We have a complete portfolio of Fortinet in our organization, including FortiMail, Fortinet FortiWeb, and FortiGate, along with multi-factor authentication. All of the products are from Fortinet. Fortinet tools integrate with each other and work in conjunction.
I think Fortinet FortiWeb has helped us meet regulatory compliance because we are not a regulatory organization, but our sister organization is regulatory. We have regulatory compliance with the International Civil Aviation Authority, whose audit teams have checked our data center and these security products, and they are satisfied with us. The question about leveraging Fortinet FortiWeb's automated policy management does not pertain to my domain because I am not so technical, but I am in a management role now. My engineer is more technical than me.
I would rate this product an eight point five out of ten.