Fortinet FortiWeb Reviews

Our company uses the solution to provide firewall and web security services to our customers around the globe.

Our use cases are on the back end for banks and the financial sector where we automate monitoring and deployment. 

We do not have a portal, so are limited to a maximum of 3,000 users. We currently have 2,000 users and three maintenance technicians. 

In the future, we will add front-end service. 

Depending on our client's needs, we pair the solution with other business applications.

The solution is easy to configure and deploy.

There is a richness in the rules and out-of-the-box tools that is not available with native firewall solutions.

A user interface or dashboard for troubleshooting is needed so technicians without knowledge of the network or common hardware can visualize the environment. 

Accounts should be set up in the user's name, not the company's name. 

I have been using the solution for two years. 

The solution is stable and I rate it an eight out of ten. 

The solution is scalable and I rate it a ten out of ten. 

The initial setup was a bit complex for us because we were new to the solution. 

Technical support helped and trained us so we now handle setups with ease. 

We worked with the solution's technical support for our initial implementation but our internal team now handles setup and implementation for customers. 

The solution is a bit expensive when compared to other products. 

There are many security constraints that cannot be fulfilled by native cloud firewalls such as Azure and AWS. 

For example, AWS has a limitation of 8GB with regard to request values. 

We recommend the solution and its next-generation capabilities including ease of configuration, code being contained within the IIC engine, how templates and terraforms are handled, and superior wave and firewall security.

We are continually conducting research on next-generation firewalls because the solution can be a bit expensive.  

I use solution a lot and recommend it with a rating of seven out of ten.

We use Fortinet FortiWeb for industrial companies. We are making doing network segmentation inside the industrial park, which is quite difficult and we have to design, develop and maintain all of the different kinds of solutions. We brought Fortinet FortiWeb to protect against forbidden access and for special access for providers in the industry.

We do not use this solution for our organization but for clients' organizations. For example, one customer uses the solution for the protection of all their different applications. Additionally, the solution has protected the servers that are in the DMC, such as services for people in other countries that have to have access.

You have the ability to control everything from one single dashboard.

The solution could improve by being able to handle different use cases.

I have used Fortinet FortiWeb within the past 12 months.

The stability is good.

The scalability is quite good. The scalability has been good for each industry. You can integrate Fortinet FortiWeb with all kinds of products of the same vendor. This allows the ability for a lot of different functions that you don't have to have really competent staff because you do not have different vendors. You don't have to call another vendor for solving one ticket or problem. This made everything simple, it was very good.

We have approximately 2,000 people using this solution.

When our customers have acquired more industrial plants we will propose this solution for all those industrial plant customers.

The technical support is good.

I would rate the technical support of Fortinet FortiWeb an eight out of ten.

We previously used F5.

The installation was straightforward and it took us approximately one month. There are a lot of services, approximately 15, and other parts to configure.

We used consultants, technicians and, an integrator for the implementation.

We do not need more than three people to do the maintenance and support of Fortinet FortiWeb.

We have seen a return on investment. It has been decent but not the best. We choose to work with one large customer and it has been similar to an investment.

We are on an annual license for this solution and the price is approximately €100.

We have evaluated a number of solutions, such as Citrix NetScaler.

I would recommend those wanting to implement this solution to use good integrators, there are not too many people who know about this solution. I lived in Spain and there are not too many installations made, it's quite difficult to find people that know a lot about it. It's not a difficult installation and the vendor helped us a lot and is very helpful. You have professional services you can use from the vendor if you choose, but they are quite expensive for customers.

One of the biggest lessons I have learned from using Fortinet FortiWeb is Fortinet helps you a lot. They can develop something specifically for a customers' use case without any costs for them.

I rate Fortinet FortiWeb a nine out of ten.

• FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
• Rewrite
• Redirect
• Proxy reverse mode

It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.

I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:

• Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
  • If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
  • If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
• Upgrading from 5.3.x to 5.5.x:
  • Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
  • Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.

I have used it for three years.

It really is a powerful WAF; more than one year running with no stability issues.

We did not have to scale our web servers; we just added new servers without any issue.

The support is good, but they need more experts, because sometimes they take too much time to provide solutions.

Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.

The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.

I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.

For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.

I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.

The solution offers good configurations and works well with other Fortinet products.

The solution is scalable. 

We found the implementation process to be simple. 

If you want to block domains, you can do so. You do have the power to control access.

The product needs to be more stable. 

We have issues between primary and secondary IP. Secondary IP addresses cannot be on the same subnet as any primary or secondary subnet. You need to follow up between the primary and secondary. If you don't, there will be a problem. When your public applications are not working properly, the single point of communication from the public domain is an issue. If I want to resolve the situation, a quick solution is I need to fail over the primary to the secondary, and it will just start working. However, that is not a permanent solution. I don't know what the problem is exactly, and how we can permanently address the issue. 

If the price was lower, it would be a bit more attractive, as an option, to the customers. 

You do need to ensure you do the configurations carefully. Otherwise, you may have issues. 

I've been using the solution for two years. 

We can scale the solution. We typically work with enterprises, so, larger-scale companies. In our customer's company, they have about 6,000 to 10,000 people on the solution. 

Technical support is very good. they are quite helpful and responsive. 

I also use F5. It's got better pricing and is quite stable as well. However, if you don't know how to configure it, it can be a disaster. 

The initial setup is easy. It's not overly complex or difficult. 

It can be deployed in about half an hour. It doesn't take long to have it up and running. 

I handle a lot of implementations and can handle the process. 

The pricing could be better. They charge a bit more. That's why F5 is everywhere right now. The customer can see that F5 is stable and everything is working well, and then they see the price, and it's very attractive to them. 

I'm just a customer and end-user. 

I'm a consultant. Our customers are working with Fortiweb in their companies.

I'd rate the solution eight out of ten. 

The primary use case of this solution is to protect web applications, web servers, and our customers' mobile applications. We are a Fortinet partner and integrator, installing both appliances and VMs. I'm a network security consultant. 

There are many valuable features in this solution including vulnerability scanning, IPS, and geolocalization. The product is user-friendly and simple.

The solution currently lacks a VM demo to enable testing prior to purchasing. It would make things easier for our clients to choose this product if they had that ability. We are based in Tunisia and the lack of multilingual technical support is problematic at times. 

I've been using this solution for five years. 

The solution is stable. 

The solution is scalable. 

We generally use the chat or phone for technical support with the occasional remote session with the technical team. The customer service is good but lacks a multilingual element that would benefit us. 

Positive

I previously used the Cisco IOS CLI for the web interface. It's more complicated than Fortinet. Fortinet offers simple, easy-to-use solutions. We are also a vendor for F5 which offers similar features and functionality to Fortinet but is more expensive. 

The initial setup is straightforward, it's a matter of choosing the architecture, the deployment mode, and configuring. Deployment time depends on the client's application. If it's a matter of one or two applications, deployment can take between two or three days. If there are many more applications that require protection, it can take over a month.

This solution works best for medium and enterprise-size companies. One of our clients is a bank, another is an educational institute with over 20,000 users. 

I rate this solution eight out of 10. 

The features I found valuable were web filtering, reporting, and the dashboards. We use these features for controlling the traffic in our network, mainly for our security. This means that we can have policies there that allow or don't allow certain connections.

I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted. 

I have been using Fortinet FortiWeb for more than ten years.

The only instance where we have had issues with stability was a recent one where the solution was blocking some websites that we did not intend to block and which were even whitelisted in some instances.

Our partners explained that this happened because of an issue with the SSL setup. I'm not sure if they then sorted it out or if they just switched off that functionality.

But for the past 10 years that we've used it, that was the first error or problem that we ran into. Maybe it was just teething problems since we only deployed it end of last year.

My impression is that it's quite scalable because I know they have different sizes. In one of our organizations, we had fewer users, so we're using a smaller one, which was a 60-day or something like that. And then when you are using it for a bigger organization, they also have that type of device for many users.

They'll ask you how many users are going to be governed by this firewall. So when we had fewer users, we got a smaller firewall. And then when we expanded and had many more users, we got a bigger one. It's quite scalable I think.

Their technical support is good. They'll jump onto the occasion. When you submit a log report or you request some support, they quickly respond. I would rate them a ten. Very good.

Positive

Prior to Fortinet, we used Netgear, but this was a long time ago. I think this was 15 years ago.

The initial setup was not straightforward. You need an expert to set it up with you and to configure it for you. I think the more you work with it, the better accustomed you are to it. The initial setup did not take longer than a week.

The deployment was done in a team of three people.

We implemented it with a third party, and they're the ones who always then deploy and implement it for us. The deployment didn't take more than a week.

I would say that the ROI is visible because we are happy with the security it provides.

The pricing is a bit high. It is not a cheap product.

The reason I recommend this product is because it guarantees that your network will be safe if it is set up properly and you fully utilize most of the functions.

Overall, I would rate FortiWeb solution a nine out of 10.

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

I have been using this solution for three months. 

Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

I would rate Fortinet FortiWeb a nine out of ten.

FortiWeb is an application firewall. We deployed it as a web application firewall for our 16-plus web applications. We integrate this with Fortigate and the FortiSandbox, and all the applications we are hosting in the data center.

With the feat of cyber attack, the most important thing we can do is protect the web application. We can protect it from attacks like DDoS. It's helping to maintain our cyber security posture.

The most valuable product feature is the web application firewall. It still includes the inline. Its mode of operation is great. It comes with four modes of operation, reverse proxy, two transplant nodes, and WCCP. One node is there for transplant, just to have one more. Any customer, based on their network of topology and deployment type, can choose it and have an easy deployment. 

The solution has a good sandbox feature.

It is stable.

It can be better with web application firewalls. 

It is already close to the best in class. This product is up to the mark right now. 

I've used the solution for around three years. 

This is a stable, reliable solution. There are no bugs or glitches. It doesn't crash or freeze. 

Capacity-wise, since there is hardware involved, it cannot scale too much. There are some technical limitations.

We have around 2,000 users right now. 

We do not have plans to increase usage in the future.

We did not previously use a different solution. 

How easy or difficult the implementation is depends on the deployment type. It is very easy if you employ reverse proxy. However, it can be a little complex depending on what you need to do. 

There was a team that helped deploy the solution, however, for maintenance, you only need one network security engineer.

We used a third party to assist us with the setup.

We have witnessed an ROI. I'd rate the level of ROI we've seen a four out of five as it helps mitigate cyber attacks.

I'd rate the pricing at a four out of five in terms of affordability.

I'm exploring two or three products right now. We did not evaluate anything before choosing this product.

I highly recommend that any web application firewall be deployed in the IT infrastructure where companies host web applications. It should be there. Whatever you choose should integrate with a third-party load balancer.

I'd rate the solution a ten out of ten.