Fortinet FortiWeb Reviews

We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.

It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.

The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do. 

It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.

It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.

We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.

The technical support is very good.

The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.

Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.

You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.

Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.

In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.

I would rate this solution eight out of 10.

It helps us prevent attacks on servers, and we deploy it on-premises.

There are many valuable features. It has machine learning, artificial intelligence, behaviour detection, and many other features capable of detecting web attacks.

The initial setup could be simplified.

We have been using the solution for approximately ten years.

The solution is stable.

The solution is scalable.

We do not have experience with customer service and support.

The initial setup is complex and takes between three to six months.

We implemented the solution in-house.

Fortinet FortiWeb has some types of licenses, and the main licenses refer to updating a signature and a pattern.

We evaluated machine learning and the main signatures about known attack signatures.

I rate the solution a ten out of ten, and I recommend it for every organization with web services.

The reporting available is pretty great.

We find the configuration capabilities to be very good. 

Technical support is helpful.

It's stable. 

It can scale well. 

I like the user interface. 

It's not the most popular option. Many clients prefer instead Citrix or Proxy Blue Coat. It might be a bit difficult to configure. 

The upgrade process could be a bit smoother. 

Sometimes the integration doesn't work on the first or second try.

The solution is a bit expensive. 

We first installed the solution eight or nine years ago. We've used it for almost a decade. 

The solution is pretty stable. I'd rate it a three out of five in terms of stability. Sometimes the upgrades don't go as smoothly as we would like. 

The solution is scalable. I'd rate it four out of five in terms of how easy it is to expand the product. 

I can't complain about the technical support. They are pretty good. I found them to be helpful. However, it may depend on the engineer you get on the line. 

Positive

The initial setup has a moderate level of difficulty.

We only need one person to deploy and maintain the product.

It takes about a week to have the entire solution set up.

We install the solution for our clients. 

It's always difficult to measure ROI when it comes to security. It's always just a smart investment for a company.

The product can be costly.

The licenses are paid annually. You do have several licensing choices. They don't have too much choice. However, their options are good. 

We are not an end user. We are resellers.

I'd rate the solution seven out of ten.

We use the solution to protect the various services of our site, E-commerce, file service, and download service.

The most important feature of this solution is protection from an attack.

The maintenance fee for this product could be improved and it needs to be easier to scale up. 

I have been using the solution for four to five years. 

Stability is very important and yes, the product is stable.

The solution is not very scalable, to scale up would require another deployment with a new appliance and a change to the network.

I would say technical support is good for this solution.

Setup for this solution is easy, with one being easy and five being hard I would rate it a two out of five. Deployment took a few days. 

We have between 100 and 200 users of the solution in our company. 

I would rate the solution a six out of ten. 

The primary use case of this solution is for security, on the periphery for the VPN.

It is easy to install and to maintain.

We are considering an upgrade to our firewall because our current version is not compatible with our FortiAnalyzer. As there is an incompatibility, we have been advised by Fortinet that an upgrade is necessary to avoid issues.

We believe this product will become obsolete.

It needs to better integrate with other platforms.

In terms of performance, it needs to be more robust. During the lockdown, we are connecting to a VPN and the connection should be faster, there should be RAM or more hardware. Also, it should include security features.

I have been using Fortinet FortiWeb for two years.

This solution is stable and w have had no issues with its stability.

It's a scalable product and we have plans to use it in the future.

We have approximately 1000 users in our organization.

We are satisfied with technical support, we have not had any issues.

The initial setup was straightforward, it was easy.

There were no issues and it was deployed in six months.

We have a team of 20 providing the IT infrastructure, including switching, firewalls, and maintenance.

We have been using Fortinet for four years and internally we are using Cisco.

We would certainly recommend this product.

I would rate this solution a nine out of ten.

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS. 

When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up.

The most valuable features are the access policies and how Fortinet gets the compilation done is really good.

I would like to have an antivirus option. 

Stability is very good. 

We haven't had any issues with scalability. You can scale up easily. 

Their technical support is good. 

We previously used Cisco. We switched because all they are is a brand name. It was a failure. We gave it a year to improve the product and it didn't so we switched. 

The initial setup was straightforward. The deployment didn't take much time. The support guys were really good. The transition from Cisco to Fortinet was a bit challenging but they had tools to make it easier. 

We require three staff for the deployment and maintenance. 

We are the resellers. 

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue. 

• Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
• Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
• Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
• Zero-day protection
• Advance correlation
• URL rewriting and content rewriting

Before FortiWeb deployment, we were using a combination of commercial and open-source products. It was a hassle for the administrators, due to which some areas were unintentionally overlooked and caused many problems. With FortiWeb, we got a one-box solution for internet and internet security, which reduced the time required of the administrators and improved visibility at the larger scale.

Usually patches and version upgrades are really buggy, so we usually wait about one month for a stable release to upgrade. They need to improve the new version/patch delivery mechanism. For example, if a patch fixes one functionality for web services but also causes some other functionality failure.

I have been using it since 2014.

In the first few months, we had some issues but with a custom patch, we are good.

No scalability problems so far.

I rate technical support 8.5/10.

We were using combination of solutions, due to our organisation's policies. Due to lack of visibility, administrative issues and response times, we shifted.

We had a complex environment, with multiple offices across the globe with all the data in and out from our HQ.

At the time of deployment, and still now, the price was considerable less than other solutions and varies according to license type.

We also evaluated Cisco and McAfee.

It is a great product, but be careful with version upgrades.

In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

• 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
• Easy integration with various Fortinet products such as FortiSandbox for APT detection.
• ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

• Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
• Rule creation and fine tuning are easy, as compared to its competitors.
• Product has provided adequate assurance to organization’s PCI DSS program.

Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

It’s been almost one year since we started using this solution.

The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

FortiWeb provides a wide variety of deployment options such as

• Reverse proxy
• Inline transparent
• True transparent proxy
• Offline sniffing
• WCCP (Web Cache Communication Protocol)

Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.