In most cases, the customer uses WAF to protect web applications.
Cybersecurity Team Leader at Summit Technology Solution
A low-maintenance software with machine learning features aiding small-enterprise users
Pros and Cons
- "The machine learning on FortiWeb WAF is valuable."
- "WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks."
What is our primary use case?
What is most valuable?
The machine learning on FortiWeb WAF is valuable. It is useful for new customers because it provides new signatures, and machine learning, which can help provide new information to customers about their websites.
What needs improvement?
WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks. I hope the next release includes integration with the vulnerability scanner, a great feature of FortiWeb. If customers have vulnerability scanners, they can export the scan's result and post it to FortiWeb to patch completely.
For how long have I used the solution?
I have been working with FortiWeb WAF for four years. We are working with the latest version.
Buyer's Guide
FortiWeb Web Application Firewall (WAF)
December 2024
Learn what your peers think about FortiWeb Web Application Firewall (WAF). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is not scalable. If you are running medium-sized hardware, you must upgrade and purchase new hardware. Fortinet has an issue with scalability at this point.
How are customer service and support?
I have received fantastic support.
How was the initial setup?
The initial setup and config are a piece of cake. The steps followed during deployment depend on the customer since not all customers have the same deployment phases. We guide deployment depending on the customer's needs. Most of the time I have deployed FortiWeb, it took one month. We needed to boot up vulnerability and configure security controls on each website. After that, the administrator on the customer's side will continue working with FortiWeb.
Maintenance is easy because WAF has a powerful view of logs.
What's my experience with pricing, setup cost, and licensing?
Fortinet has a single license, and it's easy to deploy the license and doesn't take time to retrieve it. WAF is just plug-and-play, unlike other vendors. WAF wins this point. FortiWeb WAF is priced well for customers compared to other vendors' solutions.
Which other solutions did I evaluate?
I also work with F5 Networks. The comparison is a little bit complicated. Depending on the customer's needs, we do not recommend deploying F5 in a small environment. F5 needs a lot of administrators and an IT department. On the other hand, Fortinet will be better in this situation. We need a few people to support WAF. Otherwise, both vendors are perfect.
What other advice do I have?
If you plan to deploy FortiWeb, you must have the right device to achieve high availability. I rate FortiWeb WAF a ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Director of Professional Services at Besecure
Enhanced application protection with an extensive attack signature library
Pros and Cons
- "FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications."
- "For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting."
What is our primary use case?
FortiWeb is used for web application protection. It protects a web application against attacks targeting their web applications, such as cross-site scripting, SQL injection, and other common application-specific attacks.
How has it helped my organization?
FortiWeb allows the organization to operate efficiently without any downtime or serious security breach.
What is most valuable?
FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications. It also has a very low rate of false positives and incorporates other FortiGuard capabilities, such as detection of botnet traffic.
What needs improvement?
For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.
For how long have I used the solution?
I have been working with FortiWeb for approximately four years, maybe more.
What do I think about the stability of the solution?
FortiWeb has proven to be very stable and does not introduce latency in the network.
What do I think about the scalability of the solution?
The product can scale according to the organization's traffic and architecture. It is available as a virtual appliance and a hardware appliance.
How are customer service and support?
Fortinet provides very good support, which I would rate as eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
At the moment, we are only working with Fortinet and not with other web application firewalls.
How was the initial setup?
Someone without prior experience with the product might find it challenging to deploy. However, Fortinet provides good online training to assist administrators.
What was our ROI?
The total cost of ownership should be calculated based on the actual protection it offers to the application. Deploying FortiWeb can save 20% to 30% of resources within the organization.
What's my experience with pricing, setup cost, and licensing?
FortiWeb uses a subscription-based license, but there is also an option for a perpetual license. It's not the cheapest solution. That said, it is worth the investment.
Which other solutions did I evaluate?
I have experience with other web application products.
What other advice do I have?
I'd rate the solution nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Last updated: Nov 11, 2024
Flag as inappropriateBuyer's Guide
FortiWeb Web Application Firewall (WAF)
December 2024
Learn what your peers think about FortiWeb Web Application Firewall (WAF). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Director at Optimity company limited
A tool to protect websites from malware and adware attacks that needs to improve its scalability
Pros and Cons
- "The product is easy to configure."
- "FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database."
What is our primary use case?
I use the solution for some of my company's clients who want to protect their websites from malware and adware attacks.
How has it helped my organization?
From a benefit perspective, FortiWeb Web Application Firewall (WAF) protects the customers’ websites, which are used to communicate with the audience or clients.
What is most valuable?
I am not sure about what I like in the solution because I think most of the customers ask for the product whenever they want a WAF tool for any of their projects. After our company had a discussion with one of our local teams, we sold it by providing the features of the FortiWeb Web Application Firewall (WAF) that our customers like, as we mostly follow the customer requirements. Our company sells FortiWeb Web Application Firewall (WAF) if it meets our customers' requirements.
What needs improvement?
To deal with zero-day attacks, FortiWeb Web Application Firewall (WAF) needs to expand and update its database since it is one of the areas where the tool currently lacks. In short, FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database.
In FortiWeb Web Application Firewall (WAF), there is a substantial amount of improvement required in the scalability area.
For how long have I used the solution?
I have been using FortiWeb Web Application Firewall (WAF) for less than a year.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a seven out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a five out of ten.
My company only has two customers who use FortiWeb Web Application Firewall (WAF). My company wants to sell the tool to medium and large-sized businesses with 500 or more users.
How was the initial setup?
The solution is deployed on an on-premises model.
Sometimes, the product's deployment takes over one or two days because customers need to check their requirements and then may want some features. In general, it takes a minimum of two or three days to deploy the product.
What's my experience with pricing, setup cost, and licensing?
Compared to the other products in the market, FortiWeb Web Application Firewall (WAF) is a reasonably priced product, but sometimes people may consider it a bit expensive. I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price.
What other advice do I have?
The product is easy to configure.
I have a separate team of three engineers in the company to manage FortiWeb Web Application Firewall (WAF).
Based on my experience and the comments from our company's customers who use the solution, I can say that FortiWeb Web Application Firewall (WAF) is a good product. Our company's customers who use the solution like it since they have been using it for about a year without any bad opinions or comments about it.
Feature-wise, FortiWeb Web Application Firewall (WAF) needs to add more functionalities. Some of the customers who use it want it to have more features, but we cannot find any in the tool presently. I can say what kind of features are required right now in the product. One customer who may want 20 features in the tool may get only 15 features that comply with the customer's requirements.
I rate the overall tool a six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Director at Innate technology
Helps block certain applications and websites to enhance user productivity and maintain application security
Pros and Cons
- "FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security."
- "We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times."
What is our primary use case?
The solution helps us to block certain applications and websites.
How has it helped my organization?
The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security.
What is most valuable?
FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security.
What needs improvement?
We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.
For how long have I used the solution?
I have been using FortiWeb Web Application Firewall of the past two years.
What do I think about the stability of the solution?
We have encountered some issues with the stability and would rate it an eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten.
How are customer service and support?
The customer services is good but sometimes they are unresponsive.
Which solution did I use previously and why did I switch?
Before FortiWeb and Fortinet, we used to work with Sophos. We switched to Fortinet mainly due to better support and the availability of distributors in our country. In South Africa, Sophos lacked sufficient support and the resolution times for queries were often prolonged. With more vendors and better support, Fortinet has proven to be a more reliable choice.
How was the initial setup?
The deployment process of FortiWeb Web Application Firewall was easy. It took half an hour to be deployed.
What was our ROI?
FortiWeb Web Application Firewall has definitely helped with notifications of potential threats and vulnerabilities. It has impacted our operational costs by reducing them by 20%. This is mainly due to savings on bandwidth and infrastructure costs, as well as improved efficiency in handling potential threats.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing a four out of ten.
What other advice do I have?
FortiWeb should include log retention for 90 or 180 days built into the product, without requiring an additional license. Having to buy extra licenses for longer log retention is problematic and adds to the cost.
I would recommend FortiWeb to other users.
Overall, I would rate FortiWeb an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Jun 13, 2024
Flag as inappropriatePresales Consultant at Invitech Kft.
Has good integration with load-balancing applications
Pros and Cons
- "The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection."
- "Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees."
What is our primary use case?
Our company provides data center and cloud services as infrastructure providers. When customers need infrastructure like VMs or server allocation, we provide them with the vendor and offer services to operate, manage, implement, and integrate these security components.
What is most valuable?
The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection.
What needs improvement?
Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.
For how long have I used the solution?
I have been using the product for four to five years.
What do I think about the stability of the solution?
I rate the tool's stability a nine out of ten.
What do I think about the scalability of the solution?
It's not good with normal perpetual licensing, but we can solve the problem using flex licensing. That's why I'd rate it nine out of ten. We're satisfied with it. Many of our customers, including small, medium, and enterprise businesses, use FortiWeb WAF.
How was the initial setup?
I rate the tool's deployment ease as seven out of ten. We have spent about 600 working hours to implement it.
What's my experience with pricing, setup cost, and licensing?
The product provides very good prices to customers. The price is set well and offers great value for money.
What other advice do I have?
I rate the overall solution an eight out of ten. I advise others looking to use FortiWeb WAF to create deeper policy rules.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: msp
Last updated: Sep 8, 2024
Flag as inappropriateSr. Corporate Marketing Executive at a tech services company with 1-10 employees
Helps users to secure their web-based applications
Pros and Cons
- "The solution's technical support is good."
- "I don't see any issues with the tool apart from the pricing aspect of the product. The price of the product is an area where improvements are required."
What is most valuable?
The most valuable feature of FortiWeb Web Application Firewall (WAF) that has proven to be the most effective in protecting web applications stems from the fact that the product recently launched a SaaS model, making it a cost-effective solution, which is a major reason why we selected it in our company.
What needs improvement?
I don't see any issues with the tool apart from the pricing aspect of the product. The price of the product is an area where improvements are required.
For how long have I used the solution?
I have been using FortiWeb Web Application Firewall (WAF) for a year. My company is a reseller of the solution.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
It is a scalable solution since it offers a SaaS model, which is why we can increase the bandwidth and number of applications in our company.
There are around 1,000 people in a company where our organization has provided FortiWeb Web Application Firewall (WAF).
Considering the IT side of the company, there are no plans to increase the usage of the product in the future.
How are customer service and support?
The solution's technical support is good. Compared to the previous year, Fortinet has taken a lot of steps to improve its support services. The response time of the support services offered by Fortinet is good, especially since the solution launched elite support for users. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not used the products offered by Fortinet's competitors, but I know that most of the time, such tools can be available at a cheap price.
How was the initial setup?
My company has a team that is ready to help our customers implement the product.
There is a person in my company who knows about the technical team that takes care of the implementation part. I am a part of the marketing team, so the tool's implementation phase is something I don't know about.
What was our ROI?
In terms of ROI, the product helps secure applications and due to the security, there is less downtime when it comes to applications. From a security point, the tool uses cross-site scripting.
What's my experience with pricing, setup cost, and licensing?
The licensing cost of the product is pretty high compared to other OEMs in the market.
What other advice do I have?
As a marketing executive, I don't get to see any machine learning capabilities in the product.
My company only deals with solutions from Fortinet.
I recommend the product for pharma companies.
For administration and management of the product, there are two or three people in my company working in the core IT team.
From a marketing perspective, the product has been promoted enough in my region. My company has been promoting the product for the past 12 years.
The product offers information on the internet, and it can provide sufficient knowledge to employees who support the tool.
In terms of interface, the product is easy to use and is mostly connected to its own protocols,like FortiLink.
I rate the solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: May 29, 2024
Flag as inappropriateOperation Director at Digital Pulse Sdn Bhd
A cost-effective firewall that remains stable while providing security to its users
Pros and Cons
- "The initial setup was easy since it was possible to get remote support for the product."
- "The product lacks features offered by enterprise-level firewall tools."
What is our primary use case?
In my company, we use FortiWeb Web Application Firewall (WAF) for security.
What is most valuable?
FortiWeb is a small tool that can be used by those of our customers who use Fortinet FortiGate as their firewall. I will use Barracuda Email Protection for any customer who uses a firewall from a solution provider other than Fortinet FortiGate.
What needs improvement?
The product lacks features offered by enterprise-level firewall tools. The solution needs to offer more enterprise features like other brands.
It would be great if FortiWeb Web Application Firewall (WAF) had something like a wizard to allow for more integrations with other popular firewall products like Fortinet, Palo Alto, and so on.
For how long have I used the solution?
I have been using FortiWeb Web Application Firewall (WAF) for three years. I use the solution's latest version.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution an eight out of ten.
There are 2,000 users of the solution in my company.
How are customer service and support?
The solution's technical support was helpful and responsive. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have previously used SonicWall.
How was the initial setup?
The initial setup was easy since it was possible to get remote support for the product.
The solution is deployed on-premises.
What's my experience with pricing, setup cost, and licensing?
It is a cost-effective product. If you need an extra module in the product, there will be an extra cost in addition to the licensing fee.
What other advice do I have?
There are five engineers needed for the maintenance of the solution.
If there is a requirement and one is already using a firewall from Fortinet, then it is easier to deploy FortiWeb Web Application Firewall (WAF). Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Manager at a manufacturing company with 201-500 employees
Transparent, easy to use, and integrates well with the existing security infrastructure
Pros and Cons
- "The solution is transparent and smooth."
- "The price is a little higher than the competitors."
What is our primary use case?
We use the solution in our headquarters. We have some agents outside our company.
What is most valuable?
The solution is transparent and smooth. So far, the tool has integrated well with our existing security infrastructure.
What needs improvement?
The price is a little higher than the competitors.
For how long have I used the solution?
I have been using the solution for more than five years.
How are customer service and support?
The technical support team is okay.
What about the implementation team?
We have a consultant who gives us advice about the implementation.
What other advice do I have?
Overall, I rate the product a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jun 5, 2024
Flag as inappropriateBuyer's Guide
Download our free FortiWeb Web Application Firewall (WAF) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Azure Front Door
F5 Advanced WAF
Imperva Web Application Firewall
Akamai App and API Protector
NGINX App Protect
Buyer's Guide
Download our free FortiWeb Web Application Firewall (WAF) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?
- When evaluating Web Application Security, what aspect do you think is the most important to look for?