What is our primary use case?
We're using the Fortinet FortiWeb firewall to front-end the production and test applications we run on Azure. We're an Azure environment, and it front-ends those applications.
We currently aren't using any of the advanced features.
How has it helped my organization?
Fortinet FortiWeb has given us a more cost-effective security solution. Because it's a software-as-a-service or infrastructure type of platform, we've been able to replace our dedicated hardware platforms. It has given us more flexibility to be able to utilize it as a service.
It has minimized the number of technical resources and the amount of time that we've had to dedicate to setting up and managing the front-end firewall capability. From that standpoint, it has saved us time. I don't know exactly how machine learning is attached to that, but if that had anything to do with the simplification and the ability to give us the information we need reporting-wise, then it has helped us with that.
It has allowed us to not spend as many resources on trying to manage the setups that we used to have to do in the past on the security side. It has taken care of that, so at a higher level, we can manage and configure that. It has reduced some of the time that the staff spent on that, but it's hard to measure the time saved.
What is most valuable?
Some of the threat detection analytics and the filtering capabilities they give us for filtering a certain type of information that we don't want coming into the site are its valuable features. The analytics are pretty good in terms of being able to see what threats have been detected and mitigated, where they're coming from, and things like that. That has allowed us to do some additional filtering because by looking at threats, we can apply additional filters and try to minimize some of them.
Fortinet FortiWeb works well for what we do and what we use it for. It's fairly easy to use, easy to set up, and easy to monitor. It's easy to configure, monitor, and manage.
What needs improvement?
Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up. It sometimes takes a little bit of research to dig into figuring out exactly what it is. More examples would be helpful on what they have. The information sometimes doesn't relate directly to the state of the product at the time, so examples would be helpful.
For how long have I used the solution?
We've been using this solution for a little over a year.
What do I think about the stability of the solution?
It has been very good. In the time we've had it, we've had only one issue when they had some sort of outage for themselves that affected us. That was the only one that I've encountered so far.
What do I think about the scalability of the solution?
We haven't done a lot on scaling, but just from configuring the product and looking at it, it appears to be fairly good at scaling. It appears to be fairly or moderately simple to set up for scaling, but we haven't done a lot of scaling with it yet.
It's an in-house hosted web application environment that we utilize. We probably have around 500 to 1,000 people using it. We use it within our company environment. We've anywhere from 500 to 1,000 people depending on the customers that we have linked into it.
How are customer service and support?
I've contacted their tech support. For the times that I contacted them, they were very helpful. I'd rate them seven out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We did have some specific hardware firewall solutions that were in place at data centers. When we went to the cloud for our applications, we wanted to move to a cloud-based front-end firewall infrastructure. We didn't want to be managing the hardware at locations.
How was the initial setup?
It was fairly straightforward. It was fairly easy to implement, but the documentation with some examples might have made it simpler. Overall, it was fairly easy to get the initial implementation in place and get things worked out.
What about the implementation team?
We did it all in-house. We had probably three people for its implementation.
It requires minimal maintenance. We probably have two people involved in the maintenance.
What was our ROI?
We have seen an ROI. The previous hardware solutions we had were fairly expensive. They had a higher cost of maintenance and actual manual support because we had to support the infrastructure and we had to support the product itself. By FortiWeb providing us with a service solution that does that, we're not managing hardware. We're not investing in the hardware upfront, and we're not providing the labor to maintain and install that particular part of it. The only thing we focus on now is the setup and then the constant monitoring of what goes on and any actions we need to take as we move forward. It has helped us in that sense because we don't have the ongoing hardware licensing and hardware infrastructure that we have to mess with. So, it has definitely been a more cost-effective solution.
What's my experience with pricing, setup cost, and licensing?
So far, I have been pretty pleased with the way it's priced and licensed. The way it's done makes it easy, especially for an organization like us, so I've been pleased with the way it's priced and licensed right now.
Which other solutions did I evaluate?
We didn't evaluate any cloud-based products. We've used Cisco products and Meraki products in the past, but they all were hardware products. When we were looking for a software solution, I had gotten a recommendation for the product from another person I worked with in the past. That person was using it and mentioned to me that I should give it a try. That's how I got into it. It was through a referral. Once I got it and tested it, it seemed like a pretty good product for what we needed, so that's how we went with it.
What other advice do I have?
Fortinet FortiWeb seems to have worked well for blocking unknown threats and attacks. It hasn't necessarily helped us streamline anything, but it has simplified how we provide the front-end firewall capability.
It has reduced false positives to some degree. It tries to identify those to tell us what are the different threats, but it's hard to provide metrics without measuring what false positives might have been there. However, I do know that the reporting that it gives can identify that.
Similarly, I don't know if it has reduced the number of alerts. However, I do know that it has allowed us to categorize and understand what types of threats we get. From the threat alerts, we get to know whether they're alerts we should be concerned about or whether they're just alerts notifying us that those are things that have come in that it has taken care of. So, I don't know if it has really reduced them as much as it has helped us to understand what they are and be able to focus more on if there are alerts that we need to take action on and investigate, or whether they're alerts for things that have been taken care of and we don't necessarily have to spend any time on.
Overall, I'd rate Fortinet FortiWeb an eight out of ten for what it does.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.