We use FortiWeb for protecting web applications.
Cyber Security Engineer at Mudra Electronics limited
Has a user-friendly dashboard, but its technical support services need improvement
Pros and Cons
- "The product has a very user-friendly dashboard."
- "The product's scalability could be better."
What is our primary use case?
What is most valuable?
The product has a very user-friendly dashboard.
What needs improvement?
The software's support services could be better compared to Sophos.
What do I think about the scalability of the solution?
The product's scalability could be better compared to Sophos.
Buyer's Guide
Fortinet FortiWeb
March 2025

Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
How are customer service and support?
It is challenging to communicate with the FortiWeb's support team.
Which solution did I use previously and why did I switch?
We use Sophos as well.
How was the initial setup?
FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. I rate the pricing a ten out of ten.
What other advice do I have?
I rate FortiWeb a five out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Tech Manager at Global tec
Problematic licensing requires upgrades at scale with additional expense for advanced features
Pros and Cons
- "FortiWeb offers machine learning in the latest product. This fixed many problems. There are no false negatives."
- "Fortinet FortiWeb is not scalable. You'll need more budget to change the hardware."
What is our primary use case?
We are partners with Fortinet. We specialize in power customers. We use many products like FortiGate, FortiWeb, FortiAnalyzer, FortiSIEM, and FortiSandbox.
All the FortiGate products are new, even the Fortinet switches we are selling to our customers. We also install and configure the network for our customers.
How has it helped my organization?
With this product, you can secure all the Fortinet products together. I'm an entrepreneur. Most people fail in the publication of a firewall.
What is most valuable?
FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now.
Fortinet FortiWeb now has artificial intelligence and machine learning.
What needs improvement?
What I would like to see improved in Fortinet FortiWeb will probably be included in the next release. The legal feature needs better step-by-step use of the form.
We use the FortiGate guidebook for step-by-step instructions. But the FortiWeb guidebook is only is a demonstration kit which is not enough for a new installation.
What do I think about the stability of the solution?
FortiWeb is a stable solution.
What do I think about the scalability of the solution?
Fortinet FortiWeb is not scalable. There is a model and a license if you want to use it. You'll need more budget to change the hardware. FortiWeb is not scalable on the same plan.
How was the initial setup?
The initial setup is not simple for all the products. Some Fortinet products vary, but overall it is straightforward.
What other advice do I have?
In the version of Fortinet FortiWeb that we have, it does not include the scanner. We cannot access every feature. If you have all the popular products, you can use the system perfectly to connect everything.
Fortinet can improve the security firebase in support for HTTPS and the CPU with additional configurations. On a scale from 1 to 10, I would rate Fortinet FortiWeb a two.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiWeb
March 2025

Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,040 professionals have used our research since 2012.
Viznet BiliÅim Hizmetleri
Auto Learn makes policy additions or deletions for my customers very simple
Pros and Cons
- "Auto Learn feature: Makes policy additions or deletions for my customers very simple"
- "HA Architecture needs improvement. I would improve it by working on AP HA."
How has it helped my organization?
Security.
What is most valuable?
- Web application security features, because they are more effective
- Stability
- Auto Learn feature: Makes policy additions or deletions for my customers very simple
What needs improvement?
HA Architecture. I would improve it by working on AP HA.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
No issues with stability, with the true network topology.
How are customer service and technical support?
I am Fortinet expert, but L4 support is working very well.
Which solution did I use previously and why did I switch?
Previously used F5, NetScaler, Imperva. Other products feature LB WAFs, so a limited WAF feature. This product's primary feature is WAF. I chose this product because it prioritizes security.
How was the initial setup?
Very complex. More security features.
What's my experience with pricing, setup cost, and licensing?
Cheaper than others.
Which other solutions did I evaluate?
F5, NetScaler, Imperva and Squid.
What other advice do I have?
Here's how I would break down my rating of this product:
- Session Management: 10 out of 10
- Security: 10 out of 10
- Stability: 10 out of 10
- Health check feature: eight out of 10.
If your goal is security, FortiWeb is your best choice.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and Security Engineer at ONB
Effective vulnerability scanner, highly stable, and low maintenance
Pros and Cons
- "The valuable feature of Fortinet FortiWeb vulnerability scanner"
- "Most of the deployment is done by our development team because they have some parameters that match the configuration. However, when we initially did the deployment we used a consultant company."
What is our primary use case?
We are using Fortinet FortiWeb to deliver service to our customers.
What is most valuable?
The valuable feature of Fortinet FortiWeb vulnerability scanner.
For how long have I used the solution?
I have been using Fortinet FortiWeb for approximately 14 years.
What do I think about the stability of the solution?
The Fortinet FortiWeb is very stable.
What do I think about the scalability of the solution?
We did not have any problems with the scalability of Fortinet FortiWeb.
We have the development and network teams using the solution. It is approximately seven people in total.
How are customer service and support?
I did not use the support from Fortinet FortiWeb.
How was the initial setup?
The initial setup We Fortinet FortiWeb is straightforward. The full process of the deployment took approximately two weeks to 16 days.
What about the implementation team?
Most of the deployment is done by our development team because they have some parameters that match the configuration. However, when we initially did the deployment we used a consultant company.
What's my experience with pricing, setup cost, and licensing?
The license to use Fortinet FortiWeb is approximately $14,000.
I rate the price of Fortinet FortiWeb a four out of five.
What other advice do I have?
The solution does not require a lot of maintenance.
I would recommend this solution to others. If someone wants to use the internet with an application website or any other internet application, content filtering is very useful to filter all the requests that are coming to the server so that no one can hack or harm the system.
I rate Fortinet FortiWeb a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Infrastructure Manager with 201-500 employees
The learning mode of the appliance picks up on the pattern of SSL attacks
Pros and Cons
- "I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks."
- "We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced."
What is our primary use case?
We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.
How has it helped my organization?
We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.
What is most valuable?
We have been using all the features and everything is nice.
I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks.
What needs improvement?
We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced.
We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.
For how long have I used the solution?
We have been using it for five years (since 2015).
What do I think about the stability of the solution?
We haven't had any issues with it so far.
What do I think about the scalability of the solution?
The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.
We plan to use the product for the next two years. There are no major upgrades planned anytime soon.
There are four users for the product (with two being from the security team).
How are customer service and technical support?
We have needed minimal support for the solution. The support has been okay.
Which solution did I use previously and why did I switch?
We did not have a solution that we previously used.
How was the initial setup?
It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.
The deployment took almost six hours to get up and running.
What about the implementation team?
We used a reseller. They helped us implement the device.
The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.
What's my experience with pricing, setup cost, and licensing?
All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.
Which other solutions did I evaluate?
Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.
What other advice do I have?
The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.
What we have now is working fine.
I would rate FortiWeb as an eight (out of 10).
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Commercial Manager at Natco Information technology
Simple to set up with good technical support and the ability to scale
Pros and Cons
- "We find that it is quite stable and reliable."
- "The solution could offer more integration opportunities."
What is our primary use case?
We are primarily using the solution for our security applications as well as email and internet protection.
What is most valuable?
The product is very easy to use.
We find that it is quite stable and reliable.
The solution can scale quite well.
The installation process is very simple.
The technical support on offer is helpful.
What needs improvement?
The solution could offer more integration opportunities.
For how long have I used the solution?
We started using the solution about five or so years ago. It's been a while at this point.
What do I think about the stability of the solution?
The stability has been good over the years. It does not crash or freeze. There are no bugs or glitches. The performance is reliable.
What do I think about the scalability of the solution?
The product does scale well. If a company needs to expand it, it can do so.
Some of our clients have over a hundred users. Others only have 50. the size of the setups varies.
How are customer service and technical support?
We've had a good experience with technical support. They are helpful and responsive. We're quite satisfied with the level of service they provide.
Which solution did I use previously and why did I switch?
We also currently use Cisco for some security and protection.
How was the initial setup?
We found the initial setup to be easy. It's straightforward. It's not complex or difficult at all. A company shouldn't have any issues with the setup at all.
The installation and deployment process is fast. It doesn't take more than a day.
We have two engineers on staff that can handle deployment and maintenance.
What about the implementation team?
We have a team in-house that can manage it. We don't need the assistance of outside integrators or consultants.
What's my experience with pricing, setup cost, and licensing?
We have a yearly subscription that we renew annually.
What other advice do I have?
We're using the latest version of the solution. I cannot speak to the exact version number, as I don't have it on hand.
We're a company that helps implement this product for clients.
At this time, I'd rate the product at an eight out of ten. We've largely been very satisfied with its capabilities.
I'd recommend the product to other users and companies.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Simple to use with a good user experience, and it provides complete security in a single product
Pros and Cons
- "The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements."
- "The initial setup in our data center was somewhat complex."
What is our primary use case?
We are using this product to protect something similar to an online banking network.
How has it helped my organization?
We have had a lot of web application attacks and this product has protected us. Once it was implemented, most of our problems were solved. For example, we had a DDoS attack against the seventh layer and it protected us.
What is most valuable?
The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements. It is not just a single feature.
Anti-defacement has an amazing feature whereby if something bypasses the WAF then they can rollback the website.
The user experience is very good and it is simple to use.
They have AI and machine learning capabilities, so if you are using the WAF then you don't need extra features.
What needs improvement?
The initial setup in our data center was somewhat complex.
For how long have I used the solution?
We have been using Fortinet FortiWeb since 2008.
What do I think about the stability of the solution?
FortiWeb is a stable product.
What do I think about the scalability of the solution?
We have been working with this solution for more than 12 years and it has scaled with our requirements. We upgraded a lot of hardware and applications, and things change from time to time. There is not just a single point where we changed something that tested the scalability.
How are customer service and technical support?
Technical support is amazing. We have 24x7 support and every time we have contacted them, it takes less than two hours before everything is solved. We are confident that if we have any issue then we can communicate with the vendor and they will help us to solve the problem.
How was the initial setup?
In our data center and with the complexity of it, it takes one or two days to implement and fine-tune.
What about the implementation team?
We deployed this product in-house. We started with the training and then we implemented the solution. In case we have any problem then we can communicate with the vendor.
We have three security specialists who work as a team for maintenance.
What's my experience with pricing, setup cost, and licensing?
We renew our contract and license every three years. There are no costs in addition to the standard licensing fees. There is just one cost.
Which other solutions did I evaluate?
Prior to implementing FortiWeb, we tested Barracuda, F5, Citrix, and Sophos.
What other advice do I have?
FortiWeb is a security product that I can recommend. My advice for anybody who is implementing this type of solution is not to simply believe the words of the vendors. Test the product in your environment and then you can select the best one for your needs. A lot of vendors nowadays will tell you that they are the best, but the best thing to do is test each of the products inside your network.
The roadmap that the vendor has for this product is good. They have a lot of extra features that they are developing for future releases. They have an amazing R&D team, they know the competition, and they know the market. In my department, we find that it is amazing and are not searching for additional functionality.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet
Pros and Cons
- "It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
- "The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures."
What is our primary use case?
We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.
What is most valuable?
It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.
What needs improvement?
The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do.
It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.
For how long have I used the solution?
I've been using the solution for 2.5 years.
What do I think about the stability of the solution?
It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.
What do I think about the scalability of the solution?
We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.
How are customer service and technical support?
The technical support is very good.
How was the initial setup?
The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.
Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.
What's my experience with pricing, setup cost, and licensing?
You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.
What other advice do I have?
Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.
In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.
I would rate this solution eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
AWS WAF
F5 Advanced WAF
NetScaler
Cloudflare Web Application Firewall
Imperva Web Application Firewall
Imperva DDoS
Akamai App and API Protector
Azure Web Application Firewall
Radware Alteon
NGINX App Protect
Barracuda Web Application Firewall
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which lesser known firewall product has the best chance at unseating the market leaders?
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?