Try our new research platform with insights from 80,000+ expert users
Rio Wijaya Manalu - PeerSpot reviewer
Technical consultant at PT Net Sistem Infotama
Reseller
Top 5
Helpful to inspect traffic before a platform faces the internet
Pros and Cons
  • "Before a platform faces the internet, Fortinet FortiWeb inspects the traffic."
  • "The tool's WAF or web application firewall area has certain aspects that can be improved."

What is our primary use case?

Fortinet FortiWeb's use case is associated with WAF or web application firewall. Before a platform faces the internet, Fortinet FortiWeb inspects the traffic.

What is most valuable?

Fortinet FortiWeb is much cheaper compared to other solutions like the ones from F5 Networks, which have more capabilities. I think Fortinet FortiWeb is not as capable as F5 Networks, but it is cheaper. The key point for Fortinet FortiWeb is that when I give it to the customers, I see it is cheaper than F5 Networks.

All the players in the market are already using AI. In the AI area, I don't find any specific feature for Fortinet FortiWeb that is special compared to the other products in the market.

Fortinet FortiWeb's ML features are good, but they do not make the tool any special because all the products in the market, like F5 Networks, already use AI features. The AI feature does not make Fortinet FortiWeb any special.

What needs improvement?

The tool's WAF or web application firewall area has certain aspects that can be improved. I cannot find what features superficially can be improved in the WAF area of the tool.

Fortinet FortiWeb can be applicable for small or big networks. In my opinion, Fortinet FortiWeb can manage or improve its log management capabilities. As far as I know, FortiGate has a limit, which means it can be used for logging for seven days, and maybe it is because Fortinet wants to speed up the selling of another product called FortiAnalyzer. FortiAnalyzer is a device dedicated to logging analytic solutions. Fortinet may limit the capability of logging in Fortinet devices so that customers buy FortiAnalyzer for log analytics.

For how long have I used the solution?

I have been using Fortinet FortiWeb for three years. My company is a reseller of the solution.

Buyer's Guide
Fortinet FortiWeb
December 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the scalability of the solution?

I don't know about the tool's scalability.

How are customer service and support?

I rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I also use FortiAuthenticator.

How was the initial setup?

The product's initial setup phase can be somewhat complex depending on what software needs to be protected by Fortinet FortiWeb. If the web application is simple, the configuration can be made simple. If there is any specific need to protect the area in the web application, it is more tricky to configure Fortinet FortiWeb. It depends on what kind of web application needs to be protected by Fortinet FortiWeb. Overall, the tool's configuration is neither easy nor difficult.

What's my experience with pricing, setup cost, and licensing?

If one is cheap and ten is expensive, I rate the tool an eight.

What other advice do I have?

The product's document says that Forinet FortiWeb can detect zero-day attacks, but it needs more devices like FortiSandbox for help. Fortinet FortiWeb needs to be integrated with FortiSandbox. I think it is Fortinet's strategy to upsell other tools because Fortinet doesn't want to put the solution in one box or one device. If you want another feature, Fortinet wants you to buy another box.

I rate the tool an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Network Security Engineer at GAFI
Real User
Top 20
Offers good integration capabilities with other security tools
Pros and Cons
  • "The product's initial setup phase was straightforward, and since our company didn't have any problems with it, we didn't encounter many problems with the tool."
  • "Though the reporting is a nice aspect associated with the tool, I feel that it has certain shortcomings and can be made better."

What is our primary use case?

I use the solution in my company, as we mostly load some web applications at our data center and use it to ensure that the web pages are properly secured.

What is most valuable?

Actually, most of the features of the tool are really good, but I would like to emphasize the importance of its machine learning features, as it can be implemented smoothly in Fortinet FortiWeb, and it is very helpful for our company.

What needs improvement?

Though the reporting is a nice aspect associated with the tool, I feel that it has certain shortcomings and can be made better. The reporting part can provide more information and be more specific.

Fortinet FortiWeb's admin guide could offer more, like, examples or features on how to implement the tool. It can provide information on how a user can make use of it in different usages, and that can help a lot. The admin guide is satisfactory, and it meets our company's needs.

Actually, my company would like it if the product could implement scanning attachments for exchange for assets or exchange needs. The aforementioned area consists of the feature that my company wants to apply, but it is not supported in Fortinet yet. My company needs the product to support us in the aforementioned area, and it can help us a lot by providing a layer of security that can check files and attachments in emails and other stuff, which would be great.

For how long have I used the solution?

I have been using Fortinet FortiWeb for three years. I am an end user of the solution.

What do I think about the stability of the solution?

Stability-wise, I rate the solution an eight out of ten.

In terms of stability, it is a good solution that is easy to use and has many features and resources. The support offered by the product is good, especially since the support team responds on time, keeps you informed, and even follows up. Generally, it is a good solution to have and use.

My company has not experienced any downtime while using the product.

What do I think about the scalability of the solution?

In our company, we have not implemented the product on a large scale.

Around 2,000 people per month use the product in our company.

Every single day, the tool is used to host web applications.

If our company needs to implement more hosted web servers, we will use Fortinet FortiWeb, but if not, then it will remain at the current number. Increasing the use of the tool is not my decision, and I just accommodate the needs of the organization.

How are customer service and support?

The solution's technical support is good. When my company faced some problems with the product, I found the solution's support team to be very supportive and helpful. I rate the technical support a nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

On a scale of one to ten, where one is difficult and ten is easy, I rate the product's initial setup phase as eight or nine.

The product's initial setup phase was straightforward, and since our company didn't have any problems with it, we didn't encounter many problems with the tool. Maybe our company encountered some problems with the product's setup because we used to use it to set up the servers or stuff, which took time, but now Fortinet FortiWeb handles everything smoothly and easily.

The solution is deployed on an on-premises version.

The solution can be deployed in a week.

What was our ROI?

If my company did not have Fortinet FortiWeb, then I believe that we would have had to host some of the services in an external data center with extra fees and there we would have had to pay for the web services, but we don't need that anymore because now, we have an on-prem web service that can promote us to be able to host as much as we need of web services.

On a scale of one to ten, where one is zero percent and ten is a hundred percent, I rate the ROI as an eight.

What's my experience with pricing, setup cost, and licensing?

If one is very cheap and ten is very expensive, I rate the product price as three or four. The tool is cost-effective and offers value for money. I didn't mean it was very expensive. The price is fixed, but some features need an extra license.

Which other solutions did I evaluate?

My company was considering F5, but you actually went for Fortinet FortiWeb after considering the cost aspect.

What other advice do I have?

My company doesn't specifically host e-commerce platforms since we offer mainly government services.

The security part has been satisfactory till now, and we haven't faced any problems yet.

FortiGate FortiWeb's features that have been most effective in mitigating web-based threats are possible because of the signatures. My company doesn't need to enforce a lot of policies or stuff. Fortinet FortiWeb has a lot of internal databases that can help you, and you can use whatever platform you are hosting your web applications through whichever software you use. it can build up a web protection profile that matches your needs, making it a very helpful tool.

Speaking about how machine learning features enhance our security posture, I would say that some aspects of the website are not normally clear for our company, and machine learning helps in such areas. It just traces the normal usage of the web applications along with the websites or links most users visit while also checking which URLs are mostly used, after which the tool differentiates between the normal usage and any abnormalities, based on which it builds the model that can be used to improve the security. Sometimes, a person cannot do things manually and is not sure about all the aspects of our web applications because many are not developers. Machine learning comes into the picture because one may not know all the stuff associated with the product.

A team of four or five people is enough to deploy the tool. Maintaining the tool is actually not a very big task and not many people are required for it.

The integration capabilities of the product with other security tools have benefited our company's security strategy as it sits smoothly in our network. The tool doesn't cause any problems with the integration part.

I would recommend that users use the tool's high availability. With the tool, one box is not enough, so there is a need to have a cluster of two boxes. Users need to measure their needs regarding the logging process and everything else, including processing. Even before starting to use it, we have to set up everything, or you would be confused about how to use the tool in the future, and it would be difficult to figure out how much retention log retention we would need in our company. It is important to set up everything related to the users' needs so that they don't need to change a lot of settings in the future.

I rate the tool an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Fortinet FortiWeb
December 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Simone F - PeerSpot reviewer
Director of IT at a software factory
Real User
Is easy to configure and has pay-as-you-go pricing based on traffic, which is ideal for a start-up company
Pros and Cons
  • "I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions."
  • "We use Kubernetes, so I would like to have a plugin to configure FortiWeb Cloud automatically using Kubernetes Ingress. That would reduce the complexity of setting up an Ingress object in Kubernetes. Some competing solutions help you configure Ingress and Kubernetes automatically."

What is our primary use case?

We sell a SaaS product deployed on the Azure cloud platform using Kubernetes. We offer a bundle of cloud-based services. The Azure firewall solution is too expensive, so we need to find an alternative solution. 

We are currently testing FortiWeb in a QA environment and plan to deploy it on top of our SaaS product. We are about 95 percent covered now, but we still need to work out some technical details. I believe we will be ready to deploy it into production in the next few months. 

How has it helped my organization?

We currently are using Azure's WAF solution, but it is a little bit expensive for a startup project. The Azure firewall has limited configuration options that aren't helpful in our use case. FortiWeb is easier to configure and has pay-as-you-go pricing based on traffic, which is ideal for a startup company. Once our product starts having steadier traffic, switching to something with fixed pricing might make more sense. Currently, it's a risk for the company. 

It's too soon to say what other benefits we'll see from FortiWeb because we're still in the testing phase. We've watched some training presentations, and we're still working on a strategy for how we'll use the tool. Once we have a clear plan, we'll put it into development, configure the template, and deploy it into production when it's ready. 

it isn't in production. If the developers say a setting isn't working, we adjust the firewall rule, the goal is complete the template before going into production. 

What is most valuable?

I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions. I'm interested in the AI attack pattern-matching feature, but we haven't tested it yet. 

API is another feature that we haven't used in production, but I'm generally pleased that FortiWeb has this ability, and we can customize our application how we want. 

What needs improvement?

We use Kubernetes, so I would like to have a plugin to configure FortiWeb Cloud automatically using Kubernetes Ingress. That would reduce the complexity of setting up an Ingress object in Kubernetes. Some competing solutions help you configure Ingress and Kubernetes automatically. 

For how long have I used the solution?

We have been testing FortiWeb for the last four months. 

What do I think about the stability of the solution?

FortiWeb seems to be stable so far. 

What do I think about the scalability of the solution?

FortiWeb features automatic scaling because it's in the cloud, so scaling up is easy. 

How are customer service and support?

I rate Fortinet support an eight out of ten. We have only contacted them with a few questions, and they responded promptly. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

In recent years, we've spent money on various projects that required us to protect applications. We have the Azure firewall deployed, and we paid a third-party SOC company to monitor it for attacks. It didn't offer out-of-the-box complete protection easy to customize, so we configure it for watching threats and raised alerts, that's means additional effort. 

We feel that FortiWeb is a better way to go than Azure Web Firewall in our scenario because FortiWeb has some advantages in pricing and features. It's easier to configure and maintain. Also, FortiWeb uses templates. 

How was the initial setup?

There was no initial setup because it's a SaaS solution. We only needed to configure it for our environment. The configuration was straightforward and only took a couple of hours. The only maintenance required is updating the templates. 

What was our ROI?

I would like to use the product based on our initial testing, so I think it's a sound investment. 

What's my experience with pricing, setup cost, and licensing?

We still don't know what the real cost will be because the pricing is based on traffic, and the solution isn't in production. However, we expect it to be cheaper than the Azure Web Firewall.

What other advice do I have?

I rate Fortinet FortiWeb an eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Muhammad-Jahangir - PeerSpot reviewer
Senior Manager Tech Compliance at Qenta Inc
Real User
Top 10
Reliable, effective web server protection with room for deployment expertise improvement
Pros and Cons
  • "FortiWeb has antivirus, web filtering, and application control features."
  • "The initial setup depends on familiarity with the product. It's manageable with the right expertise."

What is our primary use case?

The primary use case involves using FortiWeb to protect web servers from various malicious activities by integrating it into a firewall with features like URL filtering and application control. Additionally, it was deployed to meet the requirements of PCI DSS.

How has it helped my organization?

FortiWeb has been helpful in securing our web servers effectively. Fortinet FortiWeb is reliable, providing seamless protection and peace of mind regarding the security of our web applications.

What is most valuable?

FortiWeb has antivirus, web filtering, and application control features. Being part of the next-generation firewall, it's highly effective in ensuring security. The capability to protect from malicious activities is significant, alongside other features like application control.

What needs improvement?

I cannot provide feedback on what needs improvement as I haven't used other solutions to compare it against and therefore cannot identify any areas lacking in FortiWeb. Overall, FortiWeb is reliable.

For how long have I used the solution?

It's been a year since I last used FortiWeb, while I previously configured and used it actively.

What do I think about the stability of the solution?

FortiWeb is reliable in terms of stability. There haven't been specific downtimes or technical issues with FortiWeb.

How are customer service and support?

We haven’t encountered issues necessitating contact with customer service for FortiWeb, implying stable support from Fortinet.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have no experience with other solutions.

How was the initial setup?

The initial setup depends on familiarity with the product. It's manageable with the right expertise. In cases of a simple application, setting up could be achieved in as little as one day.

What's my experience with pricing, setup cost, and licensing?

I can't determine the exact cost of licensing as it was part of a bundle that offered multiple features and licenses.

Which other solutions did I evaluate?

I have no experience with other solutions.

What other advice do I have?

I must emphasize the reliability.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PawanKumar10 - PeerSpot reviewer
Senior Manager at a computer software company with 201-500 employees
Reseller
A user-friendly solution that features excellent traffic filtering and reduced false positives
Pros and Cons
  • "The policies and the filtering are the most valuable features, especially traffic, URL, and application filtering. The solution is excellent at detecting vulnerabilities."
  • "We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better."

What is our primary use case?

We use the solution as a web access firewall (WAF) to secure our applications and use URL mapping to ensure only traffic filtered through the WAF is allowed. 

The environment the product is used in is one project in our GCP, and we're located in the Western USA. Two members of the infrastructure team operate FortiWeb within our organization.

How has it helped my organization?

FortiWeb filters a lot of unwanted traffic, which is good for our organization, as it would negatively impact our reputation if this traffic weren't screened.

The solution helps us to streamline tasks as it features a user-friendly console, and we can apply the WAF to all the URLs required for our publicly available applications. The templates offer either advanced or extended protection for those URLs, and we can see insights for specific URLs, such as total hits and how many requests are being blocked and allowed.  

The FortiWeb Cloud also saved our organization time through machine learning, which analyses traffic based on IP origin and geographic region. This is one of the solution's better features and saved us significant time. 

We have seen time to value with the product. After implementation, we let the solution run for a month, then reconfigured a few policies and templates. Within three months, we were getting the desired results.  

What is most valuable?

The policies and the filtering are the most valuable features, especially traffic, URL, and application filtering. The solution is excellent at detecting vulnerabilities. 

The product is great for blocking unknown threats and attacks. We've had excellent results over the past two years, and the way it detects and filters traffic is outstanding.  

The FortiWeb Cloud is straightforward to use; with a basic overview of how to apply policies, create NAT rules, etc., it's easy. The console is user-friendly enough that anyone can create and apply policies. 

The solution also helped reduce our false positives by 20-25%. 

Our organization receives fewer alerts thanks to the solution, and we don't have to think about the security of the URLs for applications. We put the whole domain behind the WAF, and if it's configured correctly from the beginning, we spend minimal time making changes and get the precise results we need. Our alerts have been reduced by approximately 5%.  

What needs improvement?

We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better.

For how long have I used the solution?

We've been using the solution for nearly two years. 

What do I think about the stability of the solution?

The solution is very stable. 

What do I think about the scalability of the solution?

The product is scalable; we can easily scale up and down as required. 

How was the initial setup?

I did the initial setup, which was very straightforward; the process includes putting an instance in the cloud and then adding the URLs of the domains to the template. The initial deployment took under two hours, but we needed to spend time reconfiguring the template later to reduce the number of false positives. One staff member can complete the setup, and it only requires basic knowledge.

Outside of updates and the initial reconfiguration, the solution requires minimal maintenance. 

What's my experience with pricing, setup cost, and licensing?

The pricing is average; the product is neither particularly expensive nor affordable. 

Regarding the price-performance ratio, the solution is definitely worth the money.

What other advice do I have?

I rate the tool nine out of ten. 

I advise anyone evaluating the solution to carry out a POC and recommend it overall.

We use the templates available in the Fortinet Web Cloud or WAF, which is sufficient to provide extended protection, traffic filtering, request blocking, and virus detection. 

Fortinet is our only WAF application because we've had excellent experiences with it. If any project requires security checks, we go with the solution.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer2078280 - PeerSpot reviewer
CTO at a tech services company with 11-50 employees
MSP
Top 20
People can run a pen test on our system whenever they like and we'll pass with flying colors
Pros and Cons
  • "When it comes to blocking unknown threats and attacks, I would give it the highest score possible. We first started using AWS and its Web Application Firewalls. That was okay, but it was quite a manual process to keep it up to date, whereas Fortinet is always up to date, and the default rules or the modules that you can turn on are very easy to use."
  • "It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great."

What is our primary use case?

We use it in front of AWS Web Application Firewalls for our web-based management console, as well as for all of our API services for our Windows agents.

How has it helped my organization?

Being a data protection company, we have to meet a lot of specific requirements for customers. When people would say, "Our standard practice is to do a pen test against your outward-facing servers," there was always a little bit of worry in the back of my mind: "Oh, man, is there something that I've forgotten about?" But nowadays, I don't have that at all. I know that it's all configured and running well. I know that people can run a pen test whenever they like and we'll pass with flying colors.

It can take a little bit of time if you want to be very particular about the traffic that you allow. FortiWeb is very configurable and that can take a little bit of time if you do want to be that particular. But apart from that, we don't really touch it much these days except if we get an email to say there's been a node attack. In that case, we might just want to check on things. But in general, once it has been configured, we can forget about that side of things and just get on with all of our other normal tasks.

Machine learning could be a little bit of a buzzword, but that's the whole advantage of using a cloud-based platform. You get the benefits of another site seeing an attack and Fortinet works out if traffic should be filtered or not. It's great all around.

Before this, we had our AWS Web Application Firewalls. The process would be to look at our web servers and see if there was any suspicious-looking traffic that had gotten to those web servers through the AWS firewalls, and then we would adjust the AWS firewalls accordingly to filter that out. We might even have had to write new code to stop things at the server level. FortiWeb has saved us hundreds of hours.

I'm quite particular about what I allow into our network. There were some false positives as we were configuring everything the way that I wanted it, but I can't even remember the last time someone had an issue with a false positive because we had it set too securely. With the machine learning and getting the benefit of traffic that is going to many different sites, Fortinet is able to know which traffic is legit and which isn't. As a result, we get fewer false positives.

Although the number of alerts is not that relevant for us, FortiWeb has definitely reduced the overall stress levels, especially at the management level. It's good to be able to present a report to C-level executives saying, "This is the amount of traffic that we've had coming in, and this is what has been blocked by Fortinet." We're able to show them that it is benefiting the business.

In addition, it has helped free up our infrastructure team, as they don't have to look after the AWS Web Application Firewalls.

What is most valuable?

When it comes to blocking unknown threats and attacks, I would give it the highest score possible. We first started using AWS and its Web Application Firewalls. That was okay, but it was quite a manual process to keep it up to date, whereas Fortinet is always up to date, and the default rules or the modules that you can turn on are very easy to use.

Overall, the solution is extremely easy to use. It's all very step-by-step. We just tell it what DNS records to approve and it sets up an SSL certificate. And then, all traffic just starts flowing through Fortinet and then straight over to us. Our network is quite secure, so we have allowed individual IPs that are listed by Fortinet so that we're not just blanket-accepting everything. It's enabling our web servers to be more secure by only allowing Fortinet, instead of the whole world, like we used to.

Also, if you want to diagnose something, rather than outright blocking it, you can just log it so you can see what's happening.

You can go through the audit trail as well. There might be a situation where it will prompt you to block everyone's traffic from a specific IP.

In terms of FortiWeb's advanced modules, we have two main, different Fortinet applications. One is for our web-based stuff and the other is for our Windows agents, which is all API traffic. We use different sets of the modules, or the advanced features, but across both, we use pretty much everything.

What needs improvement?

At the moment, it's very easy to see if an attack has come in, and what they've done. What I would like to see is that they turn on all logging so that we can even see legitimate traffic. But still, that's a very minimal issue.

It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great. Then I wouldn't have to do it myself.

For how long have I used the solution?

I have been using FortiWeb for two to three years.

What do I think about the stability of the solution?

The stability is a 10 out of 10. We haven't had any issues.

What do I think about the scalability of the solution?

We have thousands of customers that use our platform around the world. All of them go through Fortinet. We also have a few thousand Windows agents that all go through Fortinet. With the load balancing inside Fortinet, we're able to scale up our servers and Fortinet can always handle the traffic.

How are customer service and support?

I haven't had to contact support much. These days, people don't really like contacting support. I have needed to do it on one or two occasions and they have been very helpful. It was by email and I got the answers that I needed straight away.

But the fact that I haven't had to contact support speaks to the ease of use of the system itself.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We just had web servers on the internet and the AWS Web Application Firewalls in front of them. I wasn't happy with those, so I added Fortinet in front of them. We still use AWS, but Fortinet is the first line.

We switched because I'm very paranoid. I'm big on security. Working in IT for many years, Fortinet was always a trusted name in routers, so I thought I'd give the FortiWeb web application firewalls a go and I haven't looked back.

How was the initial setup?

The initial setup was a piece of cake, done step-by-step. We just had to add some DNS entries and that was about it. It tells you exactly what you need to do. I didn't need to contact support or ask for any help.

There were a lot of additional modules that I wanted to check out and that took a little bit of time. But getting a basic setup running was very quick.

There is no maintenance involved.

What was our ROI?

We haven't been hacked. I don't know what price tag you'd put on that.

I'm very security conscious, but at the same time, I can be somewhat cheap and I will only spend money if I think it's worthy or providing the value that it should. At no point have I thought of getting rid of Fortinet.

We saw value from it immediately. We were uncertain about how AWS Web Application Firewalls were protecting us. We weren't that confident, because we couldn't really see what was happening. Management was kind of uneasy as a result. As soon as we had this implemented, we could see the stats and a few graphs. Immediately, that peace of mind was had by all.

What's my experience with pricing, setup cost, and licensing?

The pricing is pretty good. We do pass a lot of traffic through our API servers. Something like 100 gigs of web traffic is a fair amount for reduced JSON API calls, but the cost is $50. For that peace of mind, we have thousands and thousands of customers that are protected by that $50, so it's a no-brainer.

Which other solutions did I evaluate?

I had a look around, but I didn't test anything else. Fortinet was the first one that I did testing with and it met all my criteria, so I figured, "Why waste time looking at some others when this does the job?"

What other advice do I have?

I recommend it to everyone. Because we're a data protection company, we have a lot of people who want to do pen testing against us, and I'm very confident that we're protected because of Fortinet.

If you're looking for a very comprehensive web application firewall, which is both simple to set up and also has a huge number of features to turn on, features that can give you some added protection for specific needs, give Fortinet a go. It's worth your time, and it won't take much time either.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1985148 - PeerSpot reviewer
Cloud Architect/Solution Architect at a consultancy with 10,001+ employees
Real User
Out-of-the-box tools are abundant but the solution lacks an interface for troubleshooting
Pros and Cons
  • "The solution is easy to configure and deploy."
  • "A user interface or dashboard for troubleshooting is needed."

What is our primary use case?

Our company uses the solution to provide firewall and web security services to our customers around the globe.

Our use cases are on the back end for banks and the financial sector where we automate monitoring and deployment. 

We do not have a portal, so are limited to a maximum of 3,000 users. We currently have 2,000 users and three maintenance technicians. 

In the future, we will add front-end service. 

Depending on our client's needs, we pair the solution with other business applications.

What is most valuable?

The solution is easy to configure and deploy.

There is a richness in the rules and out-of-the-box tools that is not available with native firewall solutions.

What needs improvement?

A user interface or dashboard for troubleshooting is needed so technicians without knowledge of the network or common hardware can visualize the environment. 

Accounts should be set up in the user's name, not the company's name. 

For how long have I used the solution?

I have been using the solution for two years. 

What do I think about the stability of the solution?

The solution is stable and I rate it an eight out of ten. 

What do I think about the scalability of the solution?

The solution is scalable and I rate it a ten out of ten. 

How was the initial setup?

The initial setup was a bit complex for us because we were new to the solution. 

Technical support helped and trained us so we now handle setups with ease. 

What about the implementation team?

We worked with the solution's technical support for our initial implementation but our internal team now handles setup and implementation for customers. 

What's my experience with pricing, setup cost, and licensing?

The solution is a bit expensive when compared to other products. 

Which other solutions did I evaluate?

There are many security constraints that cannot be fulfilled by native cloud firewalls such as Azure and AWS. 

For example, AWS has a limitation of 8GB with regard to request values. 

We recommend the solution and its next-generation capabilities including ease of configuration, code being contained within the IIC engine, how templates and terraforms are handled, and superior wave and firewall security.

We are continually conducting research on next-generation firewalls because the solution can be a bit expensive.  

What other advice do I have?

I use solution a lot and recommend it with a rating of seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1985148 - PeerSpot reviewer
Cloud Architect/Solution Architect at a consultancy with 10,001+ employees
Real User
Provides good services and support at low cost
Pros and Cons
  • "Deployment can be straightforward"
  • "Its threat intelligence capabilities may not be as advanced as some competitors."

What is our primary use case?

We use it for all our hosted web applications, so they are routed via FortiWave and Fortinet. We use both the network firewall and the application firewall. The whole infrastructure and everything else are protected. Fortinet protects the web infrastructure.

What is most valuable?

There are very few specific things that are not present in cloud-native firewalls, like Azure Firewall or AWS Firewall. They lack many features, such as the ability to handle paths in requests larger than eight KB. For example, if you upload a document or the page size exceeds eight KB, you might face issues with AWS and other cloud-native firewalls. FortiWeb can handle requests of up to 10MB, providing this capability. It also has a very user-friendly UI. Even someone new to FortiWeb or any firewall system, with the right contextual knowledge, can configure it effectively. The support and documentation provided by Fortinet are generally sufficient for any team to manage infrastructure using Fortinet and FortiWeb.

What needs improvement?

Native cloud firewalls, like AWS WAF or Azure Firewall, have limitations compared to next-generation firewalls like Fortinet FortiWeb or other solutions. While AWS and Azure have security features, they are often tailored to their specific technologies and may lack some advanced capabilities in next-generation firewalls. This is why we sometimes opt for solutions like Fortinet, even in a cloud environment.

Fortinet FortiWeb has strengths, but there is room for improvement. For example, its threat intelligence capabilities may not be as advanced as some competitors. While Fortinet excels in many areas, it could enhance its advanced intelligence features. However, in terms of configuration, maintenance, and securing infrastructure, Fortinet remains a strong option.

For how long have I used the solution?

I have been using Fortinet FortiWeb as a partner for five to five years.

What do I think about the stability of the solution?

I rate the solution’s stability a seven out of ten.

What do I think about the scalability of the solution?

It is suitable for enterprises.

I rate the solution’s scalability as seven or eight out of ten.

How are customer service and support?

We have a procurement team and a support engagement team that is helping us with issues. They are maintaining the SLA and all those things.

How was the initial setup?

Deployment can be straightforward, like spinning up EC2 instances or Azure VMs with Fortinet, which can be a one-click process. The complexity arises from configuring Fortinet within your specific ecosystem. The configuration depends on the size and nature of your infrastructure, including the number of machines and appliances and the types of systems you are protecting, such as APIs, normal instances, or mobile applications. While deploying Fortinet itself might be quick, configuring it to fit your environment and security needs takes additional time and effort.

What other advice do I have?

Many other companies offer similar capabilities. We also use other solutions, but Fortinet FortiWeb has strong bot capabilities for threat protection and excellent geo-restriction features. It also handles malicious IP prevention and is easy to use. Our experience has been positive. We’ve only enabled the algorithms provided by FortiWeb and haven’t customized the configuration beyond what FortiWeb offers. The existing rules and features for FortiWeb are good.

If you need a next-generation firewall to meet industry and security demands, relying solely on native cloud firewalls like Azure Firewall, AWS Firewall, or Google Cloud Firewall may not be sufficient. These native firewalls often lack the advanced features to protect against various threats. It is advisable to consider solutions like Fortinet FortiWeb or Cloudflare to ensure robust protection.

It's a trade-off between price and the service you receive. If you're paying less for a solution that provides good services compared to a competitor where you might pay more for similar support and features, then Fortinet could be a viable option. It might be better if another solution, like Cloudflare, offers better value across multiple aspects such as service, cost, and support.

Overall, I rate the solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.