Fortinet FortiWeb Reviews

Generally, we are using it to protect our internet-facing web applications. So if there are any security vulnerabilities in our applications, the solution can provide protection.

It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs.

They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary. 

The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.

I have been using FortiWeb for three years.

I think it's quite reliable so long as it's configured. 

As long as we accurately scale our requirements from the start, I think the solution is quite scalable and quite easy to scale up later on.

They are quite helpful. But I think because our department is quite stable and configured correctly, we are rarely using the support. Everything works perfectly.

I think it's quite complex because we need to know how the application works.  

We are using local support to configure the solutions for us. We also purchase local maintenance and support on top of the routine product support and updates. Because it is a
very specialized product, we need a very skillful person with expertise in the product to configure the solution for us.

In a high availability cluster configuration, where the primary FortiGate is working and the secondary is a backup, Fortinet requires us to buy two licenses instead of one whether we are actually using it or not. With other products, you only purchase one license because we only use one license per instance.

You need to accurately calculate the requirements of your infrastructure before implementing FortiWeb or any other web application firewall. Accuracy is very critical when scaling the product or the model that will be deployed on your infrastructure. 

I would rate FortiWeb an eight out of ten.

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.

We have been using all the features and everything is nice. 

I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks. 

We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced. 

We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.

We have been using it for five years (since 2015). 

We haven't had any issues with it so far. 

The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.

We plan to use the product for the next two years. There are no major upgrades planned anytime soon.

There are four users for the product (with two being from the security team).

We have needed minimal support for the solution. The support has been okay.

We did not have a solution that we previously used.

It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.

The deployment took almost six hours to get up and running.

We used a reseller. They helped us implement the device. 

The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.

All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.

Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.

What we have now is working fine.

I would rate FortiWeb as an eight (out of 10).

Fortinet FortiWeb was used to support mobile applications.

The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration.

Fortinet FortiWeb could improve in reference architecture for different deployment scenarios.

I have been using Fortinet FortiWeb for approximately three years.

Fortinet FortiWeb is stable.

The technical support from Fortinet FortiWeb is excellent.

I have used many other solutions and I formally recommend NGINX. The challenge I have with NGINX is handing over the project to the end customer. The skillsets for managing NGINX as a WAF are a lot. This is what was drawing me towards F5. I wanted something that is seamless from end-to-end, for the customer.

The advantages of NGINX are that it's community-based, and you can get it anytime. Fortinet FortiWeb you have to go through a channel, there's an initial acquisition, and then the annual support which are things that we don't have to consider when we're dealing with NGINX.

The initial setup of Fortinet FortiWeb was easy. The full implementation took approximately one week.

The price of Fortinet FortiWeb depends from customer to customer because some customers are considering using other solutions, such as Imperva. The price of Fortinet FortiWeb sits well for the middle-sized customers that we deal with.

The price is based on our partner model, we are able to negotiate a good discount on GPR because we're also selling the firewall appliance.

I rate Fortinet FortiWeb a seven out of ten.

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

The solution's most valuable feature is its security profile. 

The solution could improve its ease of use and add more advanced WAF features in future releases.

I have been working with the product for more than five years. 

I've worked with both F5 and Fortinet and find F5 to be much better. F5 is easier to implement, more compatible with applications, and more robust and stable. Regarding securing applications behind the WAF, F5 generally provides better security.

The solution's implementation is not complex and depends on the number and complexity of customers' applications. 

Fortinet FortiWeb's pricing is reasonable. Its licensing costs are yearly. 

The product has been in the WAF business for a long time. Its maturity cannot be compared to other alternatives. Based on my experience with Fortinet FortiWeb, I'd recommend it in specific cases, especially if you have a limited budget. It can meet basic requirements. However, other vendors have better features and support. I rate the overall product a six out of ten. 

We use FortiWeb for protecting web applications.

The product has a very user-friendly dashboard.

The software's support services could be better compared to Sophos.

The product's scalability could be better compared to Sophos.

It is challenging to communicate with the FortiWeb's support team.

We use Sophos as well.

FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.

The product is expensive. I rate the pricing a ten out of ten.

I rate FortiWeb a five out of ten.

I am using FortiWeb as a web application firewall and as a load balancer for HTTP applications. 

The most valuable feature is ease of use.

It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.

I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device. For example, if I have one device that costs $2,600 USD then it can have two licenses, where it can operate as a load balancer as well as a WAF.

We have been using FortiWeb for three years.

This is a good solution, stability-wise.

FortiWeb is a scalable product and we have about 3,000 users.

That said, we need to purchase a model with more capacity because this is a small one, and our business has expanded in the past three years.

We have been in contact with technical support and we are satisfied with them.

We did not use another similar solution before choosing FortiWeb.

The initial setup is straightforward.

Any FortiWeb deployment needs about two weeks because when it is first implemented, in phase one, machine learning takes place. It is needed because every application needs some customization. FortiWeb needs approximately two weeks to build this profile. After that, an expert will do some fine-tuning on the profile and the appliance will start to work.

During the deployment, we used a system integrator, but after that, we can manage it by ourselves. Our network team has seven people including one technician, one manager, and five administrators.

There are no licensing costs.

In summary, this is a good product and I can recommend it for others.

I would rate this solution an eight out of ten.

We are partners with Fortinet. We specialize in power customers. We use many products like FortiGate, FortiWeb, FortiAnalyzer, FortiSIEM, and FortiSandbox.

All the FortiGate products are new, even the Fortinet switches we are selling to our customers. We also install and configure the network for our customers.

With this product, you can secure all the Fortinet products together. I'm an entrepreneur. Most people fail in the publication of a firewall.

FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now. 

Fortinet FortiWeb now has artificial intelligence and machine learning.

What I would like to see improved in Fortinet FortiWeb will probably be included in the next release. The legal feature needs better step-by-step use of the form. 

We use the FortiGate guidebook for step-by-step instructions. But the FortiWeb guidebook is only is a demonstration kit which is not enough for a new installation.

FortiWeb is a stable solution.

Fortinet FortiWeb is not scalable. There is a model and a license if you want to use it. You'll need more budget to change the hardware. FortiWeb is not scalable on the same plan.

The initial setup is not simple for all the products. Some Fortinet products vary, but overall it is straightforward.

In the version of Fortinet FortiWeb that we have, it does not include the scanner. We cannot access every feature. If you have all the popular products, you can use the system perfectly to connect everything. 

Fortinet can improve the security firebase in support for HTTPS and the CPU with additional configurations. On a scale from 1 to 10, I would rate Fortinet FortiWeb a two.