I work with Fortinet Managed Rules for AWS WAF and have been using it for the last eight months. I am using it for Web Application Firewall and API protection.
External reviews
11 reviews
from
External reviews are not included in the AWS star rating for the product.
Advanced threat protection has secured payment transactions and improved API defenses
What is our primary use case?
What is most valuable?
What stands out for me about Fortinet Managed Rules for AWS WAF is that it implements protection against OWASP Top 10 application security threats.
In the financial segment, I am able to protect the Payment Card Industry Data Security Standards, and this PCI DSS compliance helps me configure payment gateway integrations while also protecting against bot mitigations and utilizing the machine learning capabilities of FortiWeb.
I am using customizable rule sets. Normally, what I do is first put the application in learning mode to observe the application traffic, identify vulnerabilities, and understand what zero-day protections are missing in the current application. FortiAI assist provides contextual decision-making for integrating policy fine-tuning. After observing traffic for 15 days, I then switch to blocking mode on the application front. Built-in analytics for real-time attacks include machine learning capabilities, which is why I opted for Fortinet Managed Rules for AWS WAF to protect against bot attacks, skimming, and DDoS attacks, along with API protection.
Continuous threat intelligence updates provide real-time protection, which has a significant impact on my web application security. FortiCare Elite solution options enable me to get immediate support, typically within 15 minutes, for any challenges I face with web application integration on the platform. I am utilizing real-time threat intelligence updates as a default configuration.
Fortinet Managed Rules for AWS WAF provides positive feedback by protecting web applications and API protection while blocking advanced threats. The purpose of implementing this application protection is working fine.
What needs improvement?
The basic functionality of protecting against OWASP Top 10 vulnerabilities is standard for any WAF solution; however, I am concerned about Fortinet's effectiveness with modern web applications since it protects not only monolithic applications but also Kubernetes applications.
My core concern regarding the product lies in the reporting functions, where I face limitations, particularly tenant-wise. I cannot generate individual reports for multiple tenants.
For how long have I used the solution?
I have only been using Fortinet Managed Rules for AWS WAF for the past eight months.
What do I think about the stability of the solution?
Stability for Fortinet Managed Rules for AWS WAF is good; there were issues during implementation, but the product has stabilized after that.
What do I think about the scalability of the solution?
Fortinet Managed Rules for AWS WAF is a scalable product, especially since it is currently running in the cloud.
How are customer service and support?
I have dealt with Fortinet support, and I would say their technical support is good.
I have taken FortiCare Elite, which allows me to receive support within 15 minutes.
I would rate the support an eight out of ten.
As of now, I am not facing many issues that they need to improve upon to reach a ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Earlier, I previously used F5 and Check Point due to multiple requirements, including multiple tenants, so I decided to avoid a single point of failure for every company and thus chose multiple products.
How was the initial setup?
The installation process for Fortinet Managed Rules for AWS WAF is usually straightforward and easy.
What about the implementation team?
I used a partner to deploy it, not in-house.
What was our ROI?
I have only been using Fortinet Managed Rules for AWS WAF for the past eight months, so I believe I would need a year to comment on return on investment.
What's my experience with pricing, setup cost, and licensing?
I would say the price for Fortinet Managed Rules for AWS WAF is somewhat reasonable compared to Check Point web application firewall and F5, making it an acceptable option.
Which other solutions did I evaluate?
In terms of the technical side, the primary difference I notice is that FortiWeb has fewer false positives compared to Check Point and F5. This efficiency is due to their threat intelligence sharing across platforms, including Fortinet firewall and all EDR solutions, which leverage threat intelligence from FortiGuard to easily identify bad actors.
What other advice do I have?
The AWS Marketplace is very new to me; I did not buy Fortinet Managed Rules for AWS WAF from there.
Some issues during implementation included signature blocking and other typical challenges that arise with application protection on any web application tool, which requires time to understand the operating system and backend environment.
I would rate this product closer to nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
AWS WAF - API Gateway
What do you like best about the product?
This feature makes it very easy for developers like me. With this feature, I can create new projects quickly and easily!
What do you dislike about the product?
So far I'm using this feature well for problems I can still fix and I still like it
What problems is the product solving and how is that benefiting you?
So far I'm using this feature well for issues I can still fix and I still like it
34
What do you like best about the product?
Fortinet Managed Rules for AWS WAF - API Gateway offers robust pre-configured security rules, real-time threat intelligence, and seamless AWS integration, providing a comprehensive and easy-to-manage solution for safeguarding your API Gateway deployments.
What do you dislike about the product?
but I do not have access to specific user feedback or examples regarding Fortinet Managed Rules for AWS WAF - API Gateway. If you have specific questions or concerns about the service, I recommend reaching out to Fortinet directly or consulting online resources and reviews to gather information on user experiences, likes, and dislikes related to this product.
What problems is the product solving and how is that benefiting you?
Fortinet Managed Rules for AWS WAF - API Gateway aims to address several common security challenges associated with protecting web applications and APIs. Here's how it can benefit organizations:
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
Definitely recommend
What do you like best about the product?
Fortinet Managed Rules for AWS WAF are a game-changer when it comes to securing your AWS API Gateway. In a nutshell, this solution provides robust protection against a wide array of threats while offering ease of implementation and customization options.
One of the standout features is the ease of implementation. Even for those with limited prior experience in WAF management, setting up Fortinet's Managed Rules is a breeze. Well-documented guides and responsive support make the process straightforward.
The core strength of Fortinet Managed Rules lies in its comprehensive protection. It offers a broad set of rules that cover numerous threats, from SQL injection to cross-site scripting. This breadth enhances security by safeguarding against both known and emerging threats.
One of the standout features is the ease of implementation. Even for those with limited prior experience in WAF management, setting up Fortinet's Managed Rules is a breeze. Well-documented guides and responsive support make the process straightforward.
The core strength of Fortinet Managed Rules lies in its comprehensive protection. It offers a broad set of rules that cover numerous threats, from SQL injection to cross-site scripting. This breadth enhances security by safeguarding against both known and emerging threats.
What do you dislike about the product?
Complexity for Beginners: While Fortinet provides documentation and support, users who are new to web application firewall (WAF) management might find the initial setup and rule configuration process somewhat complex. It may require a learning curve, especially for those unfamiliar with AWS WAF concepts.
Cost Considerations: The cost of implementing Fortinet Managed Rules can be a concern for smaller organizations or startups. Depending on the level of protection and customization needed, the pricing might not fit every budget.
Cost Considerations: The cost of implementing Fortinet Managed Rules can be a concern for smaller organizations or startups. Depending on the level of protection and customization needed, the pricing might not fit every budget.
What problems is the product solving and how is that benefiting you?
Fortinet Managed Rules for AWS WAF in API Gateway tackle various security challenges and deliver substantial benefits to organizations. They provide protection against web application attacks, including common threats like SQL injection and cross-site scripting. This proactive defense prevents data breaches and unauthorized access to APIs. Real-time threat detection and mitigation capabilities are pivotal. Quick identification and response to potential threats minimize attack impact and maintain data integrity.
I have 2 project experiences using Fortinet Managed Rules for AWS WAF with API Gateway
What do you like best about the product?
as a .NET Core developer, you might find that one of the benefits of using Fortinet Managed Rules for AWS WAF - API Gateway is that it provides an easy-to-use solution for adding an extra layer of security to your web applications running on AWS API Gateway. The service offers pre-configured rules that can be easily integrated into your application, helping to protect against common web-based attacks. This can save you time and effort when it comes to implementing security measures for your application.
What do you dislike about the product?
as a .NET Core developer, you might find that one of the potential drawbacks of using Fortinet Managed Rules for AWS WAF - API Gateway is that it may add some additional latency to your application. This is because the service inspects incoming web requests and applies the configured rules before allowing the request to reach your application. While this added latency may be minimal, it is something to consider when deciding whether or not to use this service. Additionally, the cost of using this service may be a concern for some users as it is a paid service.
What problems is the product solving and how is that benefiting you?
Security: Fortinet Managed Rules provide pre-configured rules that help protect your web applications from common web-based attacks such as SQL injection and cross-site scripting (XSS). By using these rules, you can enhance the security of your applications running on AWS API Gateway.
Compliance: If your application needs to meet specific compliance requirements, such as PCI DSS or HIPAA, Fortinet Managed Rules can help you meet those requirements by providing a set of security rules and configurations that align with industry standards.
Simplified Implementation: Fortinet Managed Rules offer an easy-to-use solution for adding security to your applications. The rules are designed to integrate seamlessly with AWS API Gateway, making it convenient for .NET developers to implement and manage security measures without extensive manual configuration.
Time and Cost Savings: By leveraging Fortinet Managed Rules, you can save time and effort in implementing and maintaining custom security rules. The pre-configured rules provided by the service eliminate the need for you to create and manage complex rule sets from scratch, potentially reducing development and maintenance costs.
Overall, Fortinet Managed Rules for AWS WAF - API Gateway is solving security-related problems that can benefit .NET developers by providing an easy-to-use, pre-configured solution that enhances the security of their web applications running on AWS API Gateway, while also potentially saving time and cost.
Compliance: If your application needs to meet specific compliance requirements, such as PCI DSS or HIPAA, Fortinet Managed Rules can help you meet those requirements by providing a set of security rules and configurations that align with industry standards.
Simplified Implementation: Fortinet Managed Rules offer an easy-to-use solution for adding security to your applications. The rules are designed to integrate seamlessly with AWS API Gateway, making it convenient for .NET developers to implement and manage security measures without extensive manual configuration.
Time and Cost Savings: By leveraging Fortinet Managed Rules, you can save time and effort in implementing and maintaining custom security rules. The pre-configured rules provided by the service eliminate the need for you to create and manage complex rule sets from scratch, potentially reducing development and maintenance costs.
Overall, Fortinet Managed Rules for AWS WAF - API Gateway is solving security-related problems that can benefit .NET developers by providing an easy-to-use, pre-configured solution that enhances the security of their web applications running on AWS API Gateway, while also potentially saving time and cost.
Strict rules for adequate security
What do you like best about the product?
Through Fortinet rules we can achieve many things, security, vpn, proxy, data wherehouse, scalability, functionality, usability, all this can be achieved through a rules and policies appropriate and optimized for each business, we could say that the cost benefit is adequate and functional, achieving adequate levels of connectivity without much investment.
What do you dislike about the product?
In the world of security there is no time to criticize or belittle the policies that are handled, for the management of these rules must have an expert and especially the extent that these should be clear and optimized for the company because not all work for everything.
What problems is the product solving and how is that benefiting you?
They are necessary for all connectivity and perimeter security throughout the company in a transversal and horizontal way, so you can maintain scalability and robust connectivity, balancing services and this helps all important areas, from sales to logistics, Fortinet is a strong ally to achieve fundamental objectives of any company.
fortinet is good
What do you like best about the product?
Waf is protect my website and applications
What do you dislike about the product?
I very like fortinet products, so i like it
What problems is the product solving and how is that benefiting you?
It bock all traffic phishing, protect my Web site
AWS WAF managed services rules
What do you like best about the product?
It gives the desired security features and is customized to ones needs
What do you dislike about the product?
there is sp much to explore that sometimes one is done with personal options where much more is still to explore
What problems is the product solving and how is that benefiting you?
Its saving a lot of my time in terms of managing the security while you work with peace of mind for the projects deliveries
Better than other API gateways as kong
What do you like best about the product?
The most helpful of using Fortinet Managed Rules is that organizations can enhance their web application security posture without the need for manual rule creation and maintenance. Fortinet's security team monitors emerging threats and updates the rules accordingly, ensuring that the WAF remains effective against the evolving threat landscape.
What do you dislike about the product?
Honestly I don't have anything to dislike about fortinet products not just the managed rules product.
What problems is the product solving and how is that benefiting you?
It helps me to enhance the security.
Awesome Network visibility
What do you like best about the product?
Comprehensive Protection and Simplified Deployment and Management
What do you dislike about the product?
Not enough capabilities to detect things such as bots and anomolys.
What problems is the product solving and how is that benefiting you?
being able to be deployed locally is huge in terms of configuration and scalability. It protects for many intrusion attempts, web filtering and stops malware.
showing 1 - 10