Fortinet FortiWeb Reviews

Mostly we use FortiWeb for replacing reverse proxy from our systems and add some security features to it to protect the web portal we are providing to our customers.  We use it to rewrite URLs and redirect FQDNs, et cetera, et cetera. That's the normal part.

The main feature I like is the ability to redirect web traffic from a readable URL to a real URL. All the security features are good.

One main feature we are very happy about is file security and upload functionality. It will restrict the number of file types that can be uploaded to our portal and prevents any malware. It helps with security.

We had some trouble using some features. Maybe we understood it the wrong way when reading the manual. We had to implement some workarounds to help this problem.

The GUI could be better. It's limited. 

I've been using the solution for one year. 

There are no complaints on our side. The performance and stability are fine. We used to have a cluster of two appliances. Everything seems to be fine when we update the firmware. We haven't had any issues.

The scalability may be slightly limited. We use hardware appliances. We need to buy appliances which have enough performance. You need to think about the sizing before you buy it. Scalability is not really possible with hardware. 

We use it more and more. We are going to migrate all the connections which are directed to a proxy to the classification firewall.

Normally, technical support is very good. All the tickets I opened have been solved in an average time.

Positive

It was the very first time that we used a web application firewall. We never used anything before.

We had some difficulties at the beginning in terms of setting it up. It was a very new product for us. We never had web protection firewalls before. We had some support from our supplier, so we referred to the initial implementation to get it done with external support.

I'd rate the ease of implementation at a three out of five. 

From a technical perspective, the deployment does not take a long time. Our problem internally was the organization and the planning as well as the communication with the other teams. That's what took so long. We started maybe one and a half years ago with the implementation and productive status was reached at the end of 2021. That's a long time. That said, one would say the management is at fault, not the actual technical staff.

At a cluster, so single point of failure, all this stuff, it kind of took around 24 hours to get it up. The offline time was very difficult, however.

We have two good people on staff that can handle deployment and maintenance. We are looking for another employee in the market, however, it's been very difficult to find someone.

The implementation was done in-house with some help from our supplier.

We have not noted an ROI yet.

We actually expanded our subscription for the next three years. I don't remember the exact price. It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced. I'd rate the general cost at a three out of five. 

We thought about other options, however, since we had a very good experience with the FortiGate Firewall, I decided to buy FortiWeb. They operate well together. 

We are just customers and end-users.

Potential new users should compare different products from different vendors to make a decision on a web application firewall. It doesn't matter if it is FortiWeb, or F5, or something else, just take some time to compare. 

I'd rate the solution six out of ten.

The features I found valuable were web filtering, reporting, and the dashboards. We use these features for controlling the traffic in our network, mainly for our security. This means that we can have policies there that allow or don't allow certain connections.

I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted. 

I have been using Fortinet FortiWeb for more than ten years.

The only instance where we have had issues with stability was a recent one where the solution was blocking some websites that we did not intend to block and which were even whitelisted in some instances.

Our partners explained that this happened because of an issue with the SSL setup. I'm not sure if they then sorted it out or if they just switched off that functionality.

But for the past 10 years that we've used it, that was the first error or problem that we ran into. Maybe it was just teething problems since we only deployed it end of last year.

My impression is that it's quite scalable because I know they have different sizes. In one of our organizations, we had fewer users, so we're using a smaller one, which was a 60-day or something like that. And then when you are using it for a bigger organization, they also have that type of device for many users.

They'll ask you how many users are going to be governed by this firewall. So when we had fewer users, we got a smaller firewall. And then when we expanded and had many more users, we got a bigger one. It's quite scalable I think.

Their technical support is good. They'll jump onto the occasion. When you submit a log report or you request some support, they quickly respond. I would rate them a ten. Very good.

Positive

Prior to Fortinet, we used Netgear, but this was a long time ago. I think this was 15 years ago.

The initial setup was not straightforward. You need an expert to set it up with you and to configure it for you. I think the more you work with it, the better accustomed you are to it. The initial setup did not take longer than a week.

The deployment was done in a team of three people.

We implemented it with a third party, and they're the ones who always then deploy and implement it for us. The deployment didn't take more than a week.

I would say that the ROI is visible because we are happy with the security it provides.

The pricing is a bit high. It is not a cheap product.

The reason I recommend this product is because it guarantees that your network will be safe if it is set up properly and you fully utilize most of the functions.

Overall, I would rate FortiWeb solution a nine out of 10.

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.

It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product. 

They could improve their support a little bit for faster response time. 

I have been using Fortinet FortiWeb for two years.

It is very stable.

It is very scalable. The web application firewall is protecting the web servers in an organization from outside to inside. It probably has more than 1,000 users.

Their technical support needs a little bit of improvement in terms of faster response time.

The initial setup is very straightforward. It took about 30 to 40 minutes for one web application for default settings. If you want to go with complex settings, then it would probably take three to four days to understand the application backend and everything else.

We used a system integrator. One Admin is more than enough to deploy and maintain it. It is very stable and easy to configure and deploy.

Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor.

Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough.

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. 

We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. 

I would rate Fortinet FortiWeb an eight out of ten.

We are using FortiWeb for publishing web services and some web applications.

The interface makes it easy to identify vulnerabilities.

The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.

This product is very user-friendly.

The security is very good.

FortiWeb needs to have support for the newest technology being used in web applications. For example, some companies have developed new features using the latest technology, but we are still waiting for Fortinet to support them.

I have been using FortiWeb for between four and five years.

The stability is very good and we're fortunate that we haven't had any issues.

We have had no issues with scalability.

We are in Iran and working under sanctions, which means that we cannot buy new American products and cannot get support. Companies usually buy devices that are second hand, or from a third-party, neither of which have support.

That said, my impression is that the support is good for companies who are eligible to use it.

The initial setup was not complex. Like all Fortinet devices, it is user-friendly.

Due to the situation in Iran with the sanctions, the price of this solution is very expensive.

The only other two web application firewall products that are available in my country are F5 and Imperva.

This is a good product and I strongly recommend it, especially for companies in the banking industry.

I would rate this solution an eight out of ten.

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

I have been using this solution for three months. 

Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

I would rate Fortinet FortiWeb a nine out of ten.

We are studying ClearPass as a solution. I was requesting a comparison between Aruba ClearPass and FortiWeb Forti.

FortiWeb has been a helpful investment in our network.

The reporting and token system is good. The AI machine learning was qualified to block and report any suspicious activity.

I see no room for improvement at the moment.

I have been familiar with FortiWeb for about three years now.

The technical support is very helpful. I rate their technical support a nine out of ten.

Positive

I only worked with similar solutions as a POC.

The initial setup was easy.

FortiWeb has been a good investment, helping our network and providing a return on investment.

The pricing of Fortinet FortiWeb is affordable and competitive.

I recommend FortiWeb to others. I wish there were more integration with Azure systems.

I'd rate the solution ten out of ten.

The support services, performance, and pricing are all valuable features. The performance is excellent.

The initial setup process could be improved.

I've been working with this solution for two years.

It is deployed both on-premises and on the cloud.

In general, we have small projects, so the scalability has been fine for our clients.

As for users, we have, in general, 50 to 100 clients.

My colleagues at the network operations center have contacted technical support. I would rate technical support at eight on a scale from one to ten.

Positive

We sell and work with several options, but we feel comfortable with Fortinet FortiWeb because the performance and feedback are great.

In general, the initial setup is easy, and I would rate it at four out of five.

I deployed it myself.

There's only one payment for the duration of the license. On a scale from one to five, I would rate pricing at four.

I have not encountered any additional costs on my projects involving Fortinet FortiWeb.

I sell or presell, and in general, the feedback is great. In fact, I think that Fortinet FortiWeb is number one in terms of performance.

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.

We have been using all the features and everything is nice. 

I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks. 

We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced. 

We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.

We have been using it for five years (since 2015). 

We haven't had any issues with it so far. 

The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.

We plan to use the product for the next two years. There are no major upgrades planned anytime soon.

There are four users for the product (with two being from the security team).

We have needed minimal support for the solution. The support has been okay.

We did not have a solution that we previously used.

It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.

The deployment took almost six hours to get up and running.

We used a reseller. They helped us implement the device. 

The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.

All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.

Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.

What we have now is working fine.

I would rate FortiWeb as an eight (out of 10).