Fortinet FortiWeb Reviews

The primary use case of this solution is to protect web applications, web servers, and our customers' mobile applications. We are a Fortinet partner and integrator, installing both appliances and VMs. I'm a network security consultant. 

There are many valuable features in this solution including vulnerability scanning, IPS, and geolocalization. The product is user-friendly and simple.

The solution currently lacks a VM demo to enable testing prior to purchasing. It would make things easier for our clients to choose this product if they had that ability. We are based in Tunisia and the lack of multilingual technical support is problematic at times. 

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

We generally use the chat or phone for technical support with the occasional remote session with the technical team. The customer service is good but lacks a multilingual element that would benefit us. 

Positive

I previously used the Cisco IOS CLI for the web interface. It's more complicated than Fortinet. Fortinet offers simple, easy-to-use solutions. We are also a vendor for F5 which offers similar features and functionality to Fortinet but is more expensive. 

The initial setup is straightforward, it's a matter of choosing the architecture, the deployment mode, and configuring. Deployment time depends on the client's application. If it's a matter of one or two applications, deployment can take between two or three days. If there are many more applications that require protection, it can take over a month.

This solution works best for medium and enterprise-size companies. One of our clients is a bank, another is an educational institute with over 20,000 users. 

I rate this solution eight out of 10. 

I used FortiWeb, and I was looking if the SIPTNA from Symantec had something to do with the one from Fortinet. I am a consultant and I propose Fortinet products to my customers. I usually recommend FortiWeb for companies that are looking for a WAF.

It's really easier for them to integrate. Sometimes we help them, and once it's integrated, it doesn't have a lot of requirements from their side. They just have to keep the site going with their security assessment. They do not need for us to help them more.

Usually, people want to change, solutions and we recommend that it is easy to use. Even though most products have the same functionality nowadays, FortiWeb is easy to integrate.

Fortinet's technical support is pretty slow, especially when you have quick questions. The support kind of delays itself and sometimes takes more time. That's the only thing that I can think of at the moment.

Fortinet's technical support is pretty slow and kind of delays itself when you have quick questions.

Positive

I was using another solution. I just wanted to research it to see if it had something extra. It was just some research for a project. I just wanted to know if any of them had some qualities that seemed similar to Symantec.

It's true that we are the ones that usually deploy it for our clients. Since we do it for many of them, we think it's really easy. But as for many products, it's really straightforward.

We are the ones that usually deploy it for our clients. Since we do it for many of them, we think it's really easy.

It's better. Yeah, it's really good. It's one of the main points why we offer it. Since we are partners with them, sometimes we offer our customers a lower price.

The clients that we know use both FortiWeb and Symantec. I used FortiWeb, and I was looking if the SIPTNA from Symantec had something to do with the one from Fortinet.

I would recommend FortiWeb for web application security. Most products work the same despite being different solutions.

I'd rate the solution nine out of ten.

The solution offers good configurations and works well with other Fortinet products.

The solution is scalable. 

We found the implementation process to be simple. 

If you want to block domains, you can do so. You do have the power to control access.

The product needs to be more stable. 

We have issues between primary and secondary IP. Secondary IP addresses cannot be on the same subnet as any primary or secondary subnet. You need to follow up between the primary and secondary. If you don't, there will be a problem. When your public applications are not working properly, the single point of communication from the public domain is an issue. If I want to resolve the situation, a quick solution is I need to fail over the primary to the secondary, and it will just start working. However, that is not a permanent solution. I don't know what the problem is exactly, and how we can permanently address the issue. 

If the price was lower, it would be a bit more attractive, as an option, to the customers. 

You do need to ensure you do the configurations carefully. Otherwise, you may have issues. 

I've been using the solution for two years. 

We can scale the solution. We typically work with enterprises, so, larger-scale companies. In our customer's company, they have about 6,000 to 10,000 people on the solution. 

Technical support is very good. they are quite helpful and responsive. 

I also use F5. It's got better pricing and is quite stable as well. However, if you don't know how to configure it, it can be a disaster. 

The initial setup is easy. It's not overly complex or difficult. 

It can be deployed in about half an hour. It doesn't take long to have it up and running. 

I handle a lot of implementations and can handle the process. 

The pricing could be better. They charge a bit more. That's why F5 is everywhere right now. The customer can see that F5 is stable and everything is working well, and then they see the price, and it's very attractive to them. 

I'm just a customer and end-user. 

I'm a consultant. Our customers are working with Fortiweb in their companies.

I'd rate the solution eight out of ten. 

We use Fortinet FortiWeb for industrial companies. We are making doing network segmentation inside the industrial park, which is quite difficult and we have to design, develop and maintain all of the different kinds of solutions. We brought Fortinet FortiWeb to protect against forbidden access and for special access for providers in the industry.

We do not use this solution for our organization but for clients' organizations. For example, one customer uses the solution for the protection of all their different applications. Additionally, the solution has protected the servers that are in the DMC, such as services for people in other countries that have to have access.

You have the ability to control everything from one single dashboard.

The solution could improve by being able to handle different use cases.

I have used Fortinet FortiWeb within the past 12 months.

The stability is good.

The scalability is quite good. The scalability has been good for each industry. You can integrate Fortinet FortiWeb with all kinds of products of the same vendor. This allows the ability for a lot of different functions that you don't have to have really competent staff because you do not have different vendors. You don't have to call another vendor for solving one ticket or problem. This made everything simple, it was very good.

We have approximately 2,000 people using this solution.

When our customers have acquired more industrial plants we will propose this solution for all those industrial plant customers.

The technical support is good.

I would rate the technical support of Fortinet FortiWeb an eight out of ten.

We previously used F5.

The installation was straightforward and it took us approximately one month. There are a lot of services, approximately 15, and other parts to configure.

We used consultants, technicians and, an integrator for the implementation.

We do not need more than three people to do the maintenance and support of Fortinet FortiWeb.

We have seen a return on investment. It has been decent but not the best. We choose to work with one large customer and it has been similar to an investment.

We are on an annual license for this solution and the price is approximately €100.

We have evaluated a number of solutions, such as Citrix NetScaler.

I would recommend those wanting to implement this solution to use good integrators, there are not too many people who know about this solution. I lived in Spain and there are not too many installations made, it's quite difficult to find people that know a lot about it. It's not a difficult installation and the vendor helped us a lot and is very helpful. You have professional services you can use from the vendor if you choose, but they are quite expensive for customers.

One of the biggest lessons I have learned from using Fortinet FortiWeb is Fortinet helps you a lot. They can develop something specifically for a customers' use case without any costs for them.

I rate Fortinet FortiWeb a nine out of ten.

FortiWeb is an application firewall. We deployed it as a web application firewall for our 16-plus web applications. We integrate this with Fortigate and the FortiSandbox, and all the applications we are hosting in the data center.

With the feat of cyber attack, the most important thing we can do is protect the web application. We can protect it from attacks like DDoS. It's helping to maintain our cyber security posture.

The most valuable product feature is the web application firewall. It still includes the inline. Its mode of operation is great. It comes with four modes of operation, reverse proxy, two transplant nodes, and WCCP. One node is there for transplant, just to have one more. Any customer, based on their network of topology and deployment type, can choose it and have an easy deployment. 

The solution has a good sandbox feature.

It is stable.

It can be better with web application firewalls. 

It is already close to the best in class. This product is up to the mark right now. 

I've used the solution for around three years. 

This is a stable, reliable solution. There are no bugs or glitches. It doesn't crash or freeze. 

Capacity-wise, since there is hardware involved, it cannot scale too much. There are some technical limitations.

We have around 2,000 users right now. 

We do not have plans to increase usage in the future.

We did not previously use a different solution. 

How easy or difficult the implementation is depends on the deployment type. It is very easy if you employ reverse proxy. However, it can be a little complex depending on what you need to do. 

There was a team that helped deploy the solution, however, for maintenance, you only need one network security engineer.

We used a third party to assist us with the setup.

We have witnessed an ROI. I'd rate the level of ROI we've seen a four out of five as it helps mitigate cyber attacks.

I'd rate the pricing at a four out of five in terms of affordability.

I'm exploring two or three products right now. We did not evaluate anything before choosing this product.

I highly recommend that any web application firewall be deployed in the IT infrastructure where companies host web applications. It should be there. Whatever you choose should integrate with a third-party load balancer.

I'd rate the solution a ten out of ten.

We primarily view the VPN net and use the WAF as our web protection.

The interface is very straightforward and easy to use.

It's stable. 

The support is quite good.

We found the initial setup pretty simple. 

Sometimes, even if you follow the documentation, it doesn't work as expected. 

The solution can be a bit pricey.

I've used the solution for about one year, or maybe a bit more than that.

Sometimes it is not as stable as it could be. We've had some issues. Sometimes the loading will be disrupted for no apparent reason. It might be due to the WAF.

We have not tested the scalability of the product.

We have two people working on the solution right now. 

It's possible that we will scale the solution in the future. There is the potential that we will use it on another project.

We have contacted support for reliability issues, and they have been able to resolve everything within a matter of hours. They are very quick. 

Positive

We previously used F5. F5 needs a bit of a higher skill set. It takes some experience to operate.

The implementation took about two months. It's not so hard to set everything up. It's easier than, for example, F5, to set up.

In terms of maintenance, for WAF, I need about three people to handle various tasks. 

We hired a consultant to assist us during the setup. The consultant helped my people learn the process so we could become self-sufficient. 

We have not seen any ROI at this time. 

The solution is a little expensive. I'd rate it a three out of five in terms of affordability.

I cannot speak to the exact price we pay for the product.

We didn't really look into other options as my boss is pretty well versed in other options. However, we are always looking into comparisons. 

We are using the latest version of the solution.

I'd rate the solution an eight out of ten.

We're using the Fortinet FortiWeb firewall to front-end the production and test applications we run on Azure. We're an Azure environment, and it front-ends those applications.

We currently aren't using any of the advanced features.

Fortinet FortiWeb has given us a more cost-effective security solution. Because it's a software-as-a-service or infrastructure type of platform, we've been able to replace our dedicated hardware platforms. It has given us more flexibility to be able to utilize it as a service.

It has minimized the number of technical resources and the amount of time that we've had to dedicate to setting up and managing the front-end firewall capability. From that standpoint, it has saved us time. I don't know exactly how machine learning is attached to that, but if that had anything to do with the simplification and the ability to give us the information we need reporting-wise, then it has helped us with that.

It has allowed us to not spend as many resources on trying to manage the setups that we used to have to do in the past on the security side. It has taken care of that, so at a higher level, we can manage and configure that. It has reduced some of the time that the staff spent on that, but it's hard to measure the time saved.

Some of the threat detection analytics and the filtering capabilities they give us for filtering a certain type of information that we don't want coming into the site are its valuable features. The analytics are pretty good in terms of being able to see what threats have been detected and mitigated, where they're coming from, and things like that. That has allowed us to do some additional filtering because by looking at threats, we can apply additional filters and try to minimize some of them.

Fortinet FortiWeb works well for what we do and what we use it for. It's fairly easy to use, easy to set up, and easy to monitor. It's easy to configure, monitor, and manage.

Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up. It sometimes takes a little bit of research to dig into figuring out exactly what it is. More examples would be helpful on what they have. The information sometimes doesn't relate directly to the state of the product at the time, so examples would be helpful.

We've been using this solution for a little over a year.

It has been very good. In the time we've had it, we've had only one issue when they had some sort of outage for themselves that affected us. That was the only one that I've encountered so far.

We haven't done a lot on scaling, but just from configuring the product and looking at it, it appears to be fairly good at scaling. It appears to be fairly or moderately simple to set up for scaling, but we haven't done a lot of scaling with it yet.

It's an in-house hosted web application environment that we utilize. We probably have around 500 to 1,000 people using it. We use it within our company environment. We've anywhere from 500 to 1,000 people depending on the customers that we have linked into it. 

I've contacted their tech support. For the times that I contacted them, they were very helpful. I'd rate them seven out of ten.

Neutral

We did have some specific hardware firewall solutions that were in place at data centers. When we went to the cloud for our applications, we wanted to move to a cloud-based front-end firewall infrastructure. We didn't want to be managing the hardware at locations. 

It was fairly straightforward. It was fairly easy to implement, but the documentation with some examples might have made it simpler. Overall, it was fairly easy to get the initial implementation in place and get things worked out.

We did it all in-house. We had probably three people for its implementation.

It requires minimal maintenance. We probably have two people involved in the maintenance.

We have seen an ROI. The previous hardware solutions we had were fairly expensive. They had a higher cost of maintenance and actual manual support because we had to support the infrastructure and we had to support the product itself. By FortiWeb providing us with a service solution that does that, we're not managing hardware. We're not investing in the hardware upfront, and we're not providing the labor to maintain and install that particular part of it. The only thing we focus on now is the setup and then the constant monitoring of what goes on and any actions we need to take as we move forward. It has helped us in that sense because we don't have the ongoing hardware licensing and hardware infrastructure that we have to mess with. So, it has definitely been a more cost-effective solution.

So far, I have been pretty pleased with the way it's priced and licensed. The way it's done makes it easy, especially for an organization like us, so I've been pleased with the way it's priced and licensed right now.

We didn't evaluate any cloud-based products. We've used Cisco products and Meraki products in the past, but they all were hardware products. When we were looking for a software solution, I had gotten a recommendation for the product from another person I worked with in the past. That person was using it and mentioned to me that I should give it a try. That's how I got into it. It was through a referral. Once I got it and tested it, it seemed like a pretty good product for what we needed, so that's how we went with it.

Fortinet FortiWeb seems to have worked well for blocking unknown threats and attacks. It hasn't necessarily helped us streamline anything, but it has simplified how we provide the front-end firewall capability.

It has reduced false positives to some degree. It tries to identify those to tell us what are the different threats, but it's hard to provide metrics without measuring what false positives might have been there. However, I do know that the reporting that it gives can identify that.

Similarly, I don't know if it has reduced the number of alerts. However, I do know that it has allowed us to categorize and understand what types of threats we get. From the threat alerts, we get to know whether they're alerts we should be concerned about or whether they're just alerts notifying us that those are things that have come in that it has taken care of. So, I don't know if it has really reduced them as much as it has helped us to understand what they are and be able to focus more on if there are alerts that we need to take action on and investigate, or whether they're alerts for things that have been taken care of and we don't necessarily have to spend any time on.

Overall, I'd rate Fortinet FortiWeb an eight out of ten for what it does.

The most valuable feature of Fortinet FortiWeb is the reports and the AI-based features.

Fortinet FortiWeb could improve data integration.

I have been using Fortinet FortiWeb for approximately six months.

Fortinet FortiWeb is a stable solution.

The Fortinet FortiWeb is scalable.

We have three administrators using the solution and more than 300 end users using it.

The support from Fortinet FortiWeb is good, but they could improve their response time.

Positive

We did not use another solution prior to Fortinet FortiWeb.

In the initial setup of Fortinet FortiWeb, we wanted to deploy it with WCCP mode, but we cannot do it because of the limitation with our Cisco ASA firewalls. It's difficult to integrate with FortiWeb. It is difficult to integrate Fortinet FortiWeb with other vendors other than Fortinet solutions. We cannot integrate it into our existing Cisco Firewall environment. We had to change the system to true transparent deployment mode.

The price of Fortinet FortiWeb is expensive in our Ethiopian currency.

I rate Fortinet FortiWeb a nine out of ten.