Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Senior Developer, Project Manager at FPT Software
MSP
It makes our web site system work nice and smooth. The UI is a little complicated for new users.

What is most valuable?

How has it helped my organization?

It makes our web site system work nice and smooth.

What needs improvement?

The UI is a little complicated for new users.

For how long have I used the solution?

I have been using it for over a year.

Buyer's Guide
Fortinet FortiWeb
November 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

I have not yet encountered any stability issues.

What do I think about the scalability of the solution?

I have not yet encountered any scalability issues.

How are customer service and support?

I have even contacted technical support once.

Which solution did I use previously and why did I switch?

My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we discovered that we needed another solution. We chose FortiWeb after a little research into the market.

How was the initial setup?

Initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little high.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Director with 51-200 employees
Vendor
Other firewalls are just as good, but this product is at a much better price point.

What is most valuable?

We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.

How has it helped my organization?

I would not say it has improved how we function because I think that other leading vendors firewalls are as good. However, I do think that FortiGate can do it at a much better price point than, for example, Cisco ASA or Palo Alto.

What needs improvement?

The CLI could be improved by removing all default syntax from the config. The debugging of crypto VPN is not as informative as other vendors’ firewalls. The GUI is also not as good as some vendors, but overall as a package and considering price, it still provides value for money.

For how long have I used the solution?

I first used the Fortinet solutions in 2005 when it was version 2 & 3; since then, it has matured a lot and is much better. I would definitely recommend it, primarily on value for money. For the newer versions, I have been using 1000C and 300D, with FortiGate VM01 firewalls running a mix of software versions 5.4 and 5.2 for almost two years.

What do I think about the stability of the solution?

I did not encounter any stability issues.

What do I think about the scalability of the solution?

FortiManager is required for scalable managing of multiple devices, but we do not have enough to need that. I think that the logging could be better but for that, FortiAnalyzer is recommended, which we do not have.

How are customer service and technical support?

We have not needed to use Fortinet TAC.

Which solution did I use previously and why did I switch?

This solution replaced some old Juniper ISG firewalls that were EoL; nobody in the company had Juniper SRX experience and the choice was made for Fortinet before I started at the company.

How was the initial setup?

Initial setup for what we need to use it is very straightforward. There are certain features (such as TACACS) where you need to use CLI, but most things can be done with the GUI.

What's my experience with pricing, setup cost, and licensing?

Very competitive; Fortinet would always be an option for a perimeter firewall for me if I were needing new kit. I would always include it in any quotes and options, although depending on the requirements, I might decide to choose something else.

Which other solutions did I evaluate?

I have used firewalls that I find easier to manage, configure and troubleshoot. However, the Fortinet firewalls are pretty good, and in terms of value for money, they are outstanding.

Pros: Cost for performance, very feature rich, GUI is pretty good.

Cons: Debugging is not as good as I find Cisco ASA. CLI is overly complicated by all syntax showing in the configuration. The GUI is not as nice as CheckPoint or Palo Alto.

What other advice do I have?

Evaluate the product first and compare it to what you are used to and what you want. It provides very good value for money, but if the budget were there, I would probably choose another vendor in certain circumstances.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiWeb
November 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
PeerSpot user
Full support analyst at Gruppen
Real User
A great SD-WAN product with good security features with a host of models for varied environments
Pros and Cons
  • "Fortinet is a great SD-WAN player when it comes to security capabilities."
  • "The memory use in each of the appliances is problematic."

What is our primary use case?

I use Fortinet products for security projects. When it comes to middle-sized enterprises, SD-WAN firewalls are the appropriate solution, FortiGate products being more geared towards larger, enterprise organizations. This is not for a data center, for which Check Point and Palo Alto are better suited. Fortinet FortiWeb is best suited for medium and enterprise data center environments. 

What is most valuable?

My experience with the solution has been very positive. Fortinet is a great SD-WAN player when it comes to security capabilities. Also, it offers many models for a host of environments. I like the solution's SD-WAN features.

What needs improvement?

The memory use in each of the appliances is problematic. 

For how long have I used the solution?

I believe that I have been working with FortiGate products for five years. 

What other advice do I have?

As I am a Fortinet partner, I make use of many of its products. 

I like the FortiWeb products. 

I rate Fortinet FortiWeb as a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1217868 - PeerSpot reviewer
Information security officer at a financial services firm with 1-10 employees
Real User
Top 20
Provides us with security to access critical applications and it's easy to understand how to manage
Pros and Cons
  • "The GUI is user-friendly and it's easy to understand how to manage it."
  • "Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it."

What is our primary use case?

Our primary use case is to protect an integral application against vulnerabilities. It's a WAF. It protects against vulnerabilities. We have run tests against it. We also use it for two-factor authentication before authorizing anybody to access the critical application.

How has it helped my organization?

We required security to access critical applications. We otherwise would not have been able to use the end notifications. We wanted to use the application and it's critical to us, Fortiweb enabled us to have that ability. 

What is most valuable?

We are able to have an application layer different from the application itself that is protected by the FortiWeb Portal authentication feature. 

What needs improvement?

Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it. 

What do I think about the stability of the solution?

It's very stable. I've never had any issues. 

What do I think about the scalability of the solution?

The scalability is quite good. It's a virtual machine so we know the exact resource so if we would have to increase it would be easily scalable. 

We have around 15 users in our company. The users are end-users and technicians. 

How are customer service and technical support?

Fortinet support is very good. 

How was the initial setup?

The initial setup was quite straightforward. The GUI is user-friendly and it's easy to understand how to manage it. We used an expert to finalize the last 10% of the configuration because we wanted specific settings regarding the security. We knew what we wanted to block and we needed an expert for the specific rules. Otherwise, 90% of the setup was done in-house. 

The deployment only took two to three days. We only needed one employee to install it. 

What's my experience with pricing, setup cost, and licensing?

The costs are standard. We pay around $1,600 yearly. 

Which other solutions did I evaluate?

We also looked at Software CTM. It was impossible to use compared to FortiWeb. 

What other advice do I have?

Be sure that the security is correctly configured and all the attack patterns are covered. Make sure to do an independent assessment of the security. 

I would rate it a nine out of ten. We are very satisfied with it. 

We have an issue when the underlying web protected generates a logout and we want the authentication portal to recognize that the application has been logged out. When the underlying application generates a logout, the portal does not recognize the logout. I would like a way for the FortiWeb portal to easily recognize the portal. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Senior Analyst at a financial services firm with 1,001-5,000 employees
Real User
20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements. Product support is a major concern.

What is most valuable?

In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

  • 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
  • Easy integration with various Fortinet products such as FortiSandbox for APT detection.
  • ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

How has it helped my organization?

  • Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
  • Rule creation and fine tuning are easy, as compared to its competitors.
  • Product has provided adequate assurance to organization’s PCI DSS program.

What needs improvement?

Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

For how long have I used the solution?

It’s been almost one year since we started using this solution.

What do I think about the scalability of the solution?

The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

How are customer service and technical support?

As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

Which solution did I use previously and why did I switch?

We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

How was the initial setup?

Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

FortiWeb provides a wide variety of deployment options such as

  • Reverse proxy
  • Inline transparent
  • True transparent proxy
  • Offline sniffing
  • WCCP (Web Cache Communication Protocol)

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

Which other solutions did I evaluate?

We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

What other advice do I have?

Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1472592 - PeerSpot reviewer
Director at a tech services company with 51-200 employees
Real User
Good for compliance, load balancing, and high availability
Pros and Cons
  • "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
  • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."

What is our primary use case?

We mainly use it for protection. OS scanning and load balancing are two of its main use cases.

My team is most probably working with its latest version. In terms of the deployment, lately, it has been on the cloud because the end-user-facing web applications are usually live on the cloud.

How has it helped my organization?

Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.

What is most valuable?

The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.

What needs improvement?

From the feature perspective, it is pretty rich. The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect. 

I would also like it to scale automatically based on the traffic.

For how long have I used the solution?

I have been using this solution for about six years.

What do I think about the stability of the solution?

I've never seen any issues, but when you turn on all the features or every single scanning, that's when it slows down a bit.

What do I think about the scalability of the solution?

It is scalable, but it is a roundabout way of automated scaling. It is not truly automated scaling. In general, when the size is okay, scaling is not a problem. I would like it to scale automatically based on the traffic, but that doesn't happen because automation is not there.

I haven't seen any big issues with performance. We ran 20,000 connections through it, and it was okay. When you deploy it in the cloud, you can increase the size of the VM, and with extra licensing, it is fine performance-wise.

It is suitable for medium and large customers. My team has deployed at least 500 of these in the last few years. In general, it's okay. We don't have any issue with it.

How are customer service and support?

They have been pretty good, honest, and upfront. It all comes down to expectations when you buy these things.

I know the country manager very well. He is my friend for Fortinet. They are very good in terms of support. 

When you buy these things from a marketplace like Amazon or AWS, the support is not as good as it can be because the first line of support is the cloud provider, and then there is the vendor. So, our preference usually is to go directly to the vendor because they know more about it.

Which solution did I use previously and why did I switch?

One of the best things about Azure Firewall is the automation. There is a huge difference. The second thing is pricing. 

With FortiWeb, when you want to buy HA, you need to start designing high availability across different regions. With Azure, it comes by default.

How was the initial setup?

It depends on the customer and the use case. Usually, it's straightforward, but as you add more applications, it can become more and more complex.

The deployment duration varies. Usually, designing, building, and putting in production take about four weeks, but it also depends on the application type.

It requires maintenance all the time. Everything requires maintenance. Usually, we build it and operationalize it, and we then hand it over to the customer.

What's my experience with pricing, setup cost, and licensing?

It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there.

What other advice do I have?

I would advise getting the right engineer. You need someone who is a specialist, and that's very important.

I would rate it an eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Presales Solutions Architect at Hilal Computers
Real User
It is stable but needs good service and training
Pros and Cons
  • "It is a stable product."
  • "Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them. They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported."

What is most valuable?

It is a stable product. 

What needs improvement?

Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them.

They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported.

For how long have I used the solution?

We have been using Fortinet FortiWeb for four years. 

What do I think about the stability of the solution?

Its stability is fine wherever we have implemented it.

How are customer service and technical support?

Its support is a bit difficult to get. They need to improve the service. 

How was the initial setup?

It is straightforward, but we still need good training.

What's my experience with pricing, setup cost, and licensing?

It is fine now. We had to earlier negotiate the price.

What other advice do I have?

We are a solution provider and system integrator company. We work for DCC countries. We deal with Fortinet, Meraki, Sophos, Check Point, Barracuda, and Juniper SRX solutions.

Fortinet FortiWeb is comparable to Barracuda. We don't have many customers for Fortinet WAF, and we couldn't get that much good feedback. We mostly use Barracuda WAF. We use it even in the cloud environment. 

Fortinet is fine on the firewall side. We haven't sold many Barracuda firewalls, but for WAF, we mostly use Barracuda. We prefer Barracuda because they provide good training, and they always follow up. Customers also prefer Barracuda or any other WAF service. Customers receive good support from Barracuda. Fortinet WAF is rare. 

I would recommend this product only based on customer requirements. At the end of the day, how you install, configure, and meet customer requirements are more valuable. I never place a product ahead of a customer. Fortinet WAF might not be suitable for certain customers. Similarly, Barracuda WAF might not be suitable for certain customers. I always get customer requirements and then supply the product according to their requirements.

I would rate Fortinet Fortiweb a five out of ten. It is neither good nor bad.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
reviewer890208 - PeerSpot reviewer
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Efficient, stable, and has good IP reputation features, but there are many false positive with the layer 7 attacks
Pros and Cons
  • "It's stable and works efficiently against OWASP Top 10 attacks."
  • "The Layer 7 DDoS attacks need improvement, it could be better."

What is our primary use case?

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

What is most valuable?

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

What needs improvement?

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

For how long have I used the solution?

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

What do I think about the stability of the solution?

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

What do I think about the scalability of the solution?

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

How are customer service and technical support?

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Which solution did I use previously and why did I switch?

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

How was the initial setup?

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

What about the implementation team?

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution, although there are no additional costs.

What other advice do I have?

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.