Try our new research platform with insights from 80,000+ expert users

Fortinet FortiWeb vs R&S Web Application Firewall (DenyAll) comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
74
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (14th)
Fortinet FortiWeb
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
94
Ranking in other categories
Web Application Firewall (WAF) (5th)
R&S Web Application Firewal...
Average Rating
9.0
Reviews Sentiment
8.5
Number of Reviews
1
Ranking in other categories
Web Application Firewall (WAF) (39th)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Kacem CHAMMALI - PeerSpot reviewer
Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb
The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead. Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb. Machine learning capabilities in FortiWeb: I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.
SS
Geo-localization and IP reputation help to keep our clients secure and more available
The area that should be improved is licensing. When using an active/passive cluster, we have to pay 70% of the master appliance and license for the passive server that does not work. Since we know that only one server works at a time, we should pay only one license for the appliances and for the support as well. In my opinion, this has to be improved. If possible, the client software should be a web application instead of downloading software for the management. This can avoid login problems when they update or patch.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"I like Cloudflare's application gateway and DDoS protection."
"The solution is very good at mitigating threats."
"There are key things that are used for our enterprise customers, such as Lambda and DNS."
"Easier http to https redirect using page rules"
"The DDoS protection is the most valuable aspect of the solution."
"Cloudflare is a security SaaS provider that provides security and protects us from any application layer attack."
"Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations."
"The most valuable feature of this solution is Fail-Open."
"It's easy to use and allows us to integrate solutions together."
"The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability."
"Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.)."
"I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions."
"It is easy to install and to maintain."
"The solution has a good sandbox feature."
"The ease of configuration is valuable. We have Azure WAF, we have OCI WAF, and we also have Cloud Armor for GCP, but their configuration isn't very easy. It's pretty simple in FortiWeb, and we can enable or configure whatever we want."
"The three most valuable features that I noticed are the geo-localization of the user, the IP reputation, and the compartmental analysis."
 

Cons

"We are a product integrator and reseller, and we would like to have a better partner relationship, similar to a channel sales relationship. Sometimes we are on our own or get diverted by Cloudflare because they have direct sales, which competes with us and makes it difficult to build a relationship with this company since we want to be an MSP or a managed service provider for the solution."
"In the last two years, there has been a certain amount of downtime when using the VDM."
"We have noticed multiple instances where Cloudflare falsely indicates that our servers are down, even when there is no actual load on them. This makes it challenging for us to identify the exact issue."
"The solution could be more user-friendly."
"It would be good if Cloudflare could have more servers for better traffic routing or an increase in the traffic routed. This is what I'd like to improve in Cloudflare."
"They lack a good way to manage DNS as a company, since everything is relegated to single account logins until you get to the higher levels. They have come out with a paid feature to remedy this, but I have not had a chance to fully review it yet to know if it fixes the access problem."
"The solution could work at being less expensive. It costs a lot to use it."
"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"The solution is not very scalable, to scale up would require another deployment with a new appliance and a change to the network."
"The support side of things can be improved."
"The initial setup is complex."
"The false positives are annoying.​"
"It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great."
"The Layer 7 DDoS attacks need improvement, it could be better."
"I would like to have an antivirus option."
"We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better."
"The area that should be improved is licensing."
 

Pricing and Cost Advice

"A free version of the solution is available."
"That is one of the great features. I was able to access the majority of the features and services for free."
"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"We are using the free tier of the solution."
"The cost primarily depends on the size of the organization."
"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"The solution is expensive when compared to other products but offers unlimited bandwidth."
"The pricing is pretty good. We do pass a lot of traffic through our API servers. Something like 100 gigs of web traffic is a fair amount for reduced JSON API calls, but the cost is $50. For that peace of mind, we have thousands and thousands of customers that are protected by that $50, so it's a no-brainer."
"The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features."
"The pricing is average; the product is neither particularly expensive nor affordable."
"The maintenance fee for this product could be improved."
"It's an expensive solution, although there are no additional costs."
"If one is cheap and ten is expensive, I rate the tool an eight."
"FortiWeb offers these services at a price that SME customers can afford, but it's also suitable for large enterprises. Still, they need to put in more work to gain a greater share of enterprise business because they face stiff competition in this segment from F5, Cloudflare, and some others."
"FortiWeb can be purchased in VM mode for a lower price and the same features."
Information not available
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
21%
Computer Software Company
13%
Comms Service Provider
9%
Financial Services Firm
8%
Educational Organization
41%
Computer Software Company
9%
Financial Services Firm
7%
Government
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What do you like most about Fortinet FortiWeb?
The WAF profiles has been effective at mitigating web-based threats.
What is your experience regarding pricing and costs for Fortinet FortiWeb?
I would rate the licensing cost as seven out of ten, considering it good value for money. The price is affordable and...
What needs improvement with Fortinet FortiWeb?
There is room for improvement in the portability on multi-cloud environments. Enhanced DDoS integration to make Forti...
Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot mana...
 

Also Known As

Cloudflare DNS
No data available
Rohde & Schwarz Web Application Firewall, R&S WAF, DenyAll Web Application Security
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
Information Not Available
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: March 2025.
845,040 professionals have used our research since 2012.