We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet
Pros and Cons
- "It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
- "The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures."
What is our primary use case?
What is most valuable?
It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.
What needs improvement?
The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do.
It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.
For how long have I used the solution?
I've been using the solution for 2.5 years.
Buyer's Guide
Fortinet FortiWeb
December 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.
What do I think about the scalability of the solution?
We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.
How are customer service and support?
The technical support is very good.
How was the initial setup?
The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.
Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.
What's my experience with pricing, setup cost, and licensing?
You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.
What other advice do I have?
Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.
In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.
I would rate this solution eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Co-founder at Korunet
Excellent Fortinet family product integration, stable , and good support
Pros and Cons
- "One of the big advantages of using Fortinet FortiWeb is all the Fortinet family solutions use the same user interface and logic. This makes it easy to use, configure, manage, and understand if you have used one of their solutions before or are wanting to implement other Fortinet solutions in the future. Additionally, all Fortinet solutions can be managed with one application called FortiManager."
- "The solution could improve by providing more integration with solutions other than the Fortinet family."
What is our primary use case?
Fortinet FortiWeb can be used to protects business-critical web applications from attacks or vulnerabilities.
What is most valuable?
One of the big advantages of using Fortinet FortiWeb is all the Fortinet family solutions use the same user interface and logic. This makes it easy to use, configure, manage, and understand if you have used one of their solutions before or are wanting to implement other Fortinet solutions in the future. Additionally, all Fortinet solutions can be managed with one application called FortiManager.
What needs improvement?
The solution could improve by providing more integration with solutions other than the Fortinet family.
For how long have I used the solution?
I have been using Fortinet FortiWeb for approximately five years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
Fortinet FortiWeb is scalable.
We have had approximately five customers using this solution.
How are customer service and support?
The technical support has been good in my experience.
How was the initial setup?
The installation of Fortinet FortiWeb is straightforward. The time it takes to do the installation depends on the environment of the customer and if there are any additional configurations needed. However, a typical basic installation takes approximately one hour.
What about the implementation team?
We use one engineer that does the maintenance of the solution.
What other advice do I have?
The solution can be deployed on-premise and on the cloud. We have been working with governments in Turkey and they tend not to trust their data on the cloud and choose on-premise deployments. However, many companies here are moving to the cloud.
I would recommend this solution to others.
I rate Fortinet FortiWeb a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Fortinet FortiWeb
December 2024
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Simple to use with a good user experience, and it provides complete security in a single product
Pros and Cons
- "The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements."
- "The initial setup in our data center was somewhat complex."
What is our primary use case?
We are using this product to protect something similar to an online banking network.
How has it helped my organization?
We have had a lot of web application attacks and this product has protected us. Once it was implemented, most of our problems were solved. For example, we had a DDoS attack against the seventh layer and it protected us.
What is most valuable?
The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements. It is not just a single feature.
Anti-defacement has an amazing feature whereby if something bypasses the WAF then they can rollback the website.
The user experience is very good and it is simple to use.
They have AI and machine learning capabilities, so if you are using the WAF then you don't need extra features.
What needs improvement?
The initial setup in our data center was somewhat complex.
For how long have I used the solution?
We have been using Fortinet FortiWeb since 2008.
What do I think about the stability of the solution?
FortiWeb is a stable product.
What do I think about the scalability of the solution?
We have been working with this solution for more than 12 years and it has scaled with our requirements. We upgraded a lot of hardware and applications, and things change from time to time. There is not just a single point where we changed something that tested the scalability.
How are customer service and technical support?
Technical support is amazing. We have 24x7 support and every time we have contacted them, it takes less than two hours before everything is solved. We are confident that if we have any issue then we can communicate with the vendor and they will help us to solve the problem.
How was the initial setup?
In our data center and with the complexity of it, it takes one or two days to implement and fine-tune.
What about the implementation team?
We deployed this product in-house. We started with the training and then we implemented the solution. In case we have any problem then we can communicate with the vendor.
We have three security specialists who work as a team for maintenance.
What's my experience with pricing, setup cost, and licensing?
We renew our contract and license every three years. There are no costs in addition to the standard licensing fees. There is just one cost.
Which other solutions did I evaluate?
Prior to implementing FortiWeb, we tested Barracuda, F5, Citrix, and Sophos.
What other advice do I have?
FortiWeb is a security product that I can recommend. My advice for anybody who is implementing this type of solution is not to simply believe the words of the vendors. Test the product in your environment and then you can select the best one for your needs. A lot of vendors nowadays will tell you that they are the best, but the best thing to do is test each of the products inside your network.
The roadmap that the vendor has for this product is good. They have a lot of extra features that they are developing for future releases. They have an amazing R&D team, they know the competition, and they know the market. In my department, we find that it is amazing and are not searching for additional functionality.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineer at a financial services firm with 1,001-5,000 employees
At first, it helped us publish e-banking services, but we soon discovered it was an easy way to deploy other internal websites in an intranet style.
What is most valuable?
- FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
- Rewrite
- Redirect
- Proxy reverse mode
How has it helped my organization?
It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.
What needs improvement?
I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:
- Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
- If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
- If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
- Upgrading from 5.3.x to 5.5.x:
- Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
- Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
For how long have I used the solution?
I have used it for three years.
What do I think about the stability of the solution?
It really is a powerful WAF; more than one year running with no stability issues.
What do I think about the scalability of the solution?
We did not have to scale our web servers; we just added new servers without any issue.
How are customer service and technical support?
The support is good, but they need more experts, because sometimes they take too much time to provide solutions.
Which solution did I use previously and why did I switch?
Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.
How was the initial setup?
The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.
What's my experience with pricing, setup cost, and licensing?
I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.
Which other solutions did I evaluate?
For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.
What other advice do I have?
I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
The firewall/waf features, GUI for administration, and licensing support all need improvements
Pros and Cons
- "What we like about Fortinet FortiWeb is it has all the features. We use all of them, so we have to turn on all the options."
- "Fortinet FortiWeb needs to improve the way it's configured. Common services like publishing exchange should be done in one click only."
What is our primary use case?
Publishing Web application, Exchange, Lotus Domino. Some microservices.
How has it helped my organization?
Fortiweb improved way people work and access internal resources based on http/https communication.
What is most valuable?
It depends on the project and what the customer is looking for.
What needs improvement?
First of all, upgrade path should be introduced for scaling up or down VM deployment. Second, they need to include better wizards for publishing common applications like MS Exchange.
.
For how long have I used the solution?
I have been using Fortinet products for 15 years or more.
What do I think about the stability of the solution?
Fortinet FortiWeb has been extensively used by us previously, but we are going to decrease the usage now because of cost.
What do I think about the scalability of the solution?
Fortinet FortiWeb is scalable but you have to do forklift upgrades.
How are customer service and technical support?
Fortinet has had some rough times. When they started expanding a bit, they completely screwed up their support system. The support had no clue what they were doing except just asking dumb questions. Now is bit different since Fortinet consolidated their support but still you need to pass L1 support quickly.
How was the initial setup?
Even from the early days, Fortigate/Fortiweb was easy to set up. It had an ugly interface but it has been improved every year.
What about the implementation team?
I deliver different security solution to customers.
What's my experience with pricing, setup cost, and licensing?
The license cost depends on the size of the box or the size of the solution. It can go from few K Euros to a few hundred thousand Euros a year depending on your size.
What other advice do I have?
If you are looking to be partner with Fortinet, you have to buy licenses. Not even VMs are free to partners.
Fortiweb in essence, needs to become part of Fortigate. Fortinet is not suitable for SMB customers since you have to deploy several boxes in order to get thing right. Also, speed of deployment is important and that isn't fast with many boxes.
On a scale from one to ten, I would rate this product a solid seven. It's a good product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Security systems department at Zerde Business Solutions
Good performance, easy setup and good UTM features like self-encryption
Pros and Cons
- "All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet, FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features."
- "New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems."
What is our primary use case?
All of our customers use it because they need a proxy solution. Fortinet provides us the best solution to do this. I don't believe that Check Point or Palo Alto can do what Fortinet does.
How has it helped my organization?
There's a high school with many branches in our country. I configured it for them and they are very happy with Fortinet. Fortinet's performance is very good.
What is most valuable?
All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet: FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features.
What needs improvement?
New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems. I don't have anything to say about what to do to improve this product. It's a great solution for us.
What do I think about the scalability of the solution?
Scalability is very good. Our customers that use Fortinet have two thousand local users.
How are customer service and technical support?
Any problems that our customers have, they first call me and I support them. If I can't solve a problem I create a ticket. This happens very rarely. Their technical support is very good because they always help me.
How was the initial setup?
The initial setup is very simple to configure. Our customers are very happy with that.
The time it takes to deploy depends on how deep our project is. Sometimes it can take a week and sometimes a month. Minimum a week though.
What about the implementation team?
All Fortinet products that we sell, I deploy by myself.
What's my experience with pricing, setup cost, and licensing?
The licensing policy is very good. Our customers are very happy with that.
Which other solutions did I evaluate?
When our customers ask about Palo Alto we can sell them a Palo Alto but we try to explain that Fortinet is a great solution.
What other advice do I have?
I would rate it an eleven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Head of Security at a tech company with 1,001-5,000 employees
If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.
What is most valuable?
- SSL offloading
- Unlimited number of protected servers
- Load balancing
How has it helped my organization?
If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.
What needs improvement?
It would be great if FortiWeb could provide web forms like Microsoft TMG. (For example, OWA Exchange portal or SharePoint portal.) Many of our customers are looking forward to this functionality.
For how long have I used the solution?
I don’t use it, but as a partner of Fortinet, I implement it at customers’ sites. Our customers have been using it for about two years.
What do I think about the stability of the solution?
One of our customers recently experienced a stability problem. The customer has two FortiWeb appliances in an HA cluster (A-P). Something happened and both FortiWeb units became MASTER. Only a reboot of one of the units helped them. We opened a ticket.
What do I think about the scalability of the solution?
I have not encountered any scalability issues.
How are customer service and technical support?
Sometimes technical support is very slow, but sometimes they work very fast. So I will rate it 5/10.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
Initial setup is not very complex. But if we have problems with configuration, we ask support.
What's my experience with pricing, setup cost, and licensing?
We always recommend the full bundle, but sometimes we offer a budget-conscious solution for the customer.
Which other solutions did I evaluate?
Before choosing this product, I did not evaluate other options.
What other advice do I have?
Look at the PRICE and the PERFORMANCE.
Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Fortinet partner.
Security Engineer at a tech consulting company with 51-200 employees
Regular attack signature updates, responsive support, and blocks unknown attack
Pros and Cons
- "The most valuable feature is the attack signature and machine learning."
- "No solution is 100% secure and the security could always be worked on."
What is our primary use case?
I use Fortinet FortiWeb to protect my web application. It works to protect my applications from attack signatures. It allows me to create a URL profile and HTTP content routing when I have many web servers working on the same virtual server.
How has it helped my organization?
Fortinet FortiWeb has helped our organization by protecting the web application from any attack, known and unknown. The unknown protection is done by effective machine learning that is working on many unknown attacks. It operates on the probability of attacks.
What is most valuable?
The most valuable feature is the attack signature and machine learning.
What needs improvement?
The machine learning feature of the solution could be improved.
No solution is 100% secure and the security could always be worked on.
For how long have I used the solution?
I have been using Fortinet FortiWeb for a year and a half.
What do I think about the stability of the solution?
Fortinet FortiWeb is stable. It is able to detect the latest vulnerability from Log4j that happened on The Verge.
The solution's attack signature receives its update from Fortinet Developer Network, and many of the updates are immediate. The attack signatures are updated regularly due to the connection to Fortinet Developer Network.
What do I think about the scalability of the solution?
The solution is highly scalable.
How are customer service and support?
The technical support was good, they were very fast. They were able to resolve my issues.
I have used the support in many solutions, such as FortiClient, FortiWeb, for Sandbox integration with FortiMail, and other products in Fortinet.
How was the initial setup?
The installation is easy. It takes one day for the implementation, and after 14 days one day for tuning.
Some customer needs to go to production fast, it can take me one day for the installation, and after seven days I can do the tuning quickly.
What about the implementation team?
I do the implementation and support the solution.
What's my experience with pricing, setup cost, and licensing?
There is a subscription to use this solution. There are some additional features that can be added for an extra fee. The use of the features depends on the client's needs, such as full machine learning and signatures.
What other advice do I have?
I would recommend this solution to others. Additionally, I would recommend F5.
I rate Fortinet FortiWeb a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
AWS WAF
F5 Advanced WAF
NetScaler
Imperva Web Application Firewall
Cloudflare Web Application Firewall
Imperva DDoS
Akamai App and API Protector
Azure Web Application Firewall
Radware Alteon
NGINX App Protect
Barracuda Web Application Firewall
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?
- When evaluating Web Application Security, what aspect do you think is the most important to look for?