FortiWeb Web Application Firewall (WAF) Reviews

The product has some unique features. The machine learning feature reduces the false positives. The tool detects zero-day attacks. It has an in-built antivirus, which most WAF tools do not have.

Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.

I have been using the solution for almost six years.

The technical support is fine. The support team gives delayed responses if there is a complex issue.

Neutral

I have worked with F5 Advanced WAF. It is a robust product and is suitable for complex environments. It is flexible. However, it depends on other solutions for inbuilt security and packet inspection.

The initial setup is easy. It requires less intervention.

I recommend the product to others. Overall, I rate the solution an eight out of ten.

FortiWeb is used for web application protection. It protects a web application against attacks targeting their web applications, such as cross-site scripting, SQL injection, and other common application-specific attacks.

FortiWeb allows the organization to operate efficiently without any downtime or serious security breach.

FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications. It also has a very low rate of false positives and incorporates other FortiGuard capabilities, such as detection of botnet traffic.

For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.

I have been working with FortiWeb for approximately four years, maybe more.

FortiWeb has proven to be very stable and does not introduce latency in the network.

The product can scale according to the organization's traffic and architecture. It is available as a virtual appliance and a hardware appliance.

Fortinet provides very good support, which I would rate as eight out of ten.

Positive

At the moment, we are only working with Fortinet and not with other web application firewalls.

Someone without prior experience with the product might find it challenging to deploy. However, Fortinet provides good online training to assist administrators.

The total cost of ownership should be calculated based on the actual protection it offers to the application. Deploying FortiWeb can save 20% to 30% of resources within the organization.

FortiWeb uses a subscription-based license, but there is also an option for a perpetual license. It's not the cheapest solution. That said, it is worth the investment.

I have experience with other web application products.

I'd rate the solution nine out of ten.

My main use case is for security and routing.

It is good for web tracking applications.  

There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.

I've been using it for a long time. It has been more than three years now. 

Stability is guaranteed stability. I'm okay with stability. I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten. 

I am okay with the support. The support's subscription is high. 

Positive

pfSense is open-source and free, while FortiWeb is subscription-based. Both are manageable, but FortiWeb's features scale up connections per second, depending on the payment plan. 

I would rate my experience with the initial setup a nine out of ten, where one is difficult, and ten is easy.

It took us two days to set up.

I deployed it myself.  I just got a reference from the old system, and I configured it.

I would rate the pricing a seven out of ten, where one is cheap and ten is expensive. 

Overall, I would rate it a solid eight out of ten.  

Our company provides data center and cloud services as infrastructure providers. When customers need infrastructure like VMs or server allocation, we provide them with the vendor and offer services to operate, manage, implement, and integrate these security components.

The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection.

Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.

I have been using the product for four to five years. 

I rate the tool's stability a nine out of ten. 

It's not good with normal perpetual licensing, but we can solve the problem using flex licensing. That's why I'd rate it nine out of ten. We're satisfied with it. Many of our customers, including small, medium, and enterprise businesses, use FortiWeb WAF.

I rate the tool's deployment ease as seven out of ten. We have spent about 600 working hours to implement it. 

The product provides very good prices to customers. The price is set well and offers great value for money.

I rate the overall solution an eight out of ten. I advise others looking to use FortiWeb WAF to create deeper policy rules.

We use the solution for branch optimization. Initially, it was all in MPLS, but they converted to the broadband network. Implementing it reduced the cost, and its redundancy was also better.

It improves latency by optimizing traffic routing. When a better link is available, it reroutes traffic through it. Additionally, MPLS helps reduce costs. Critical data can be prioritized on MPLS, while other data uses broadband connectivity, leading to better resource utilization. This setup supports load sharing, allowing multiple links to work simultaneously for improved performance.

From the web application perspective, it offers comprehensive features, including URL filtering and DNS protection. Additionally, FortiWeb provides SD-WAN capabilities, such as load sharing based on latency or packet drops. Its extensive feature set allows customers to choose and customize according to their needs and preferences.

FortiWeb could have an inbound load balancing pack. Currently, they don't have it, but they have the print product for that. It'll be better if they have it on the same product.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is primarily for the enterprise environment segment. Even if one of the three links goes down, another link will appear to resolve the issue. FortiWeb primarily relies on its high availability features.

We had a quick response from support since we have partnered with them. 

Positive

The initial setup was easy because we had training. Also, the FortiGate team provides good support. It took around around five to six days to complete. It is only a plug-and-play environment.

The price is cheap compared to other products in the market. It costs 15-20% less than CheckPoint.

It is more than a basic firewall. It includes various features for enhanced security, such as protection against threats and vulnerabilities specific to web applications. Depending on their roles and responsibilities, some people who work on EDS may also interact with FortiWeb WAF.

FortiWeb offers a comprehensive product suite for SOC integration, including automation and SIEM capabilities. It also offers a complete integration package, including physical components that ensure a consistent experience for internal and external teams.

It includes an analyzer that provides comprehensive visibility. It is designed to optimize costs while sending detailed analytics and other relevant data.

I recommend the solution for security.

I rate the solution a nine out of ten.

The most valuable feature of FortiWeb Web Application Firewall (WAF) that has proven to be the most effective in protecting web applications stems from the fact that the product recently launched a SaaS model, making it a cost-effective solution, which is a major reason why we selected it in our company.

I don't see any issues with the tool apart from the pricing aspect of the product. The price of the product is an area where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for a year. My company is a reseller of the solution.

It is a stable solution.

It is a scalable solution since it offers a SaaS model, which is why we can increase the bandwidth and number of applications in our company.

There are around 1,000 people in a company where our organization has provided FortiWeb Web Application Firewall (WAF).

Considering the IT side of the company, there are no plans to increase the usage of the product in the future.

The solution's technical support is good. Compared to the previous year, Fortinet has taken a lot of steps to improve its support services. The response time of the support services offered by Fortinet is good, especially since the solution launched elite support for users. I rate the technical support an eight out of ten.

Positive

I have not used the products offered by Fortinet's competitors, but I know that most of the time, such tools can be available at a cheap price.

My company has a team that is ready to help our customers implement the product.

There is a person in my company who knows about the technical team that takes care of the implementation part. I am a part of the marketing team, so the tool's implementation phase is something I don't know about.

In terms of ROI, the product helps secure applications and due to the security, there is less downtime when it comes to applications. From a security point, the tool uses cross-site scripting.

The licensing cost of the product is pretty high compared to other OEMs in the market.

As a marketing executive, I don't get to see any machine learning capabilities in the product.

My company only deals with solutions from Fortinet.

I recommend the product for pharma companies.

For administration and management of the product, there are two or three people in my company working in the core IT team.

From a marketing perspective, the product has been promoted enough in my region. My company has been promoting the product for the past 12 years.

The product offers information on the internet, and it can provide sufficient knowledge to employees who support the tool.

In terms of interface, the product is easy to use and is mostly connected to its own protocols,like FortiLink.

I rate the solution an eight out of ten.

We use the solution for securing the Internet-facing servers where you can do the  load balancing with the web appliance.

FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.

I have been using FortiWeb as a partner for two years. We are using V7.2 of the solution.

Fortinet has many issues, like the zero-day attacks. Certain critical work vulnerabilities need to be immediately upgraded as an enterprise. You cannot initiate the upgrade anytime because it affects production. Usually, we schedule the upgrade. We do the configuration and scheduling of the updates. Fortinet is a 24/7 company that can release updates any time, regardless of the day of the week. FortiWeb WAF is a security solution that can be updated at any time, irrespective of the day of the week.

The solution is scalable.

On two recent occasions, I experienced delays in resolving technical issues with Fortiweb WAF, particularly when configuring explicit proxies on FortiGate firewalls. As a Fortinet partner, I was disappointed that our dedicated support channel was unavailable and that I could not obtain licenses or hardware assistance despite escalating to the country manager. Additionally, the technical support response times in the Middle East region have been inconsistent, with some areas providing excellent support while others have been unresponsive. This inconsistency has been particularly frustrating when dealing with urgent issues at remote sites. Overall, the support experience for Fortiweb WAF has been inconsistent and frustrating, particularly for Fortinet partners.

Neutral

I have used Kemp before, but I also dislike the FortiWeb. I'm trying to move to F5 because F5 is very good.

FortiWeb comes with an IP address. You need to log into the web console, and you can do it with the CLI using the console cable. You have to go in; it will initially give you a setup wizard and configure the hostname, interfaces, etc. The setup is relatively easy, but when it comes to advanced deployments. Kemp is a relatively affordable and capable solution. Fortiweb WAF offered all the features, making Kemp less appealing for enterprise-level applications. Kemp is suitable for smaller or regional websites, but it may not be as robust for global deployments.

Additionally, I could not locate the virtual domain feature in Fortiweb WAF. This feature would allow me to assign different domain names to a single website based on the user's location. Fortiweb WAF presented EDS as a workaround, but the process was overly complex and inconvenient.

Firstly, expect load balancing and a web application firewall for the same product Fortinet is offering. Start by booting up the device and use FortiWeb to connect the file by application firewall. There's a default IP address without any password. You log in, and then it shows your initial setup wizard. The wizard helps you set up the host names, Fortinet account, FortiCloud account, etc. After that, you start setting up your physical servers; then you give a virtual server, which will be a point. In a network with a firewall and port forwarding, the FortiWeb WAF device can act as a load balancer and a security gateway. It can receive traffic from the firewall, decrypt SSL/TLS traffic, inspect traffic for layer seven vulnerabilities, and then forward traffic to the appropriate internal server based on load-balancing algorithms and application-specific information provided by the servers. The FortiWeb WAF can monitor server health and performance and automatically switch traffic away from unhealthy servers.

Deployment depends on how much complexity you want to add to the product. If the customer requirement is easy, you may deploy it in one day. For example, I was working on a project with around 16 servers. Each server has a different data source; one server gives the back end, whereas the other provides the front end. That was a complex deployment. It will take around four to five days to deploy if you want to go deeper into it.

We have achieved 70% ROI.

FortiWeb is expensive. F5 is also very expensive, but it is value for money.

The solution’s maintenance and UI are easy, but some features are hidden. Their quality assurance needs to work. We used to have the upgrades and patches every month or 15 days, but now they are coming every week too. We have vulnerability.

The product needs to get more mature.

Overall, I rate the solution a six out of ten.

In my company, we use FortiWeb Web Application Firewall (WAF) for security.

FortiWeb is a small tool that can be used by those of our customers who use Fortinet FortiGate as their firewall. I will use Barracuda Email Protection for any customer who uses a firewall from a solution provider other than Fortinet FortiGate.

The product lacks features offered by enterprise-level firewall tools. The solution needs to offer more enterprise features like other brands.

It would be great if FortiWeb Web Application Firewall (WAF) had something like a wizard to allow for more integrations with other popular firewall products like Fortinet, Palo Alto, and so on.

I have been using FortiWeb Web Application Firewall (WAF) for three years. I use the solution's latest version.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution an eight out of ten.

There are 2,000 users of the solution in my company.

The solution's technical support was helpful and responsive. I rate the technical support an eight out of ten.

Positive

I have previously used SonicWall.

The initial setup was easy since it was possible to get remote support for the product.

The solution is deployed on-premises.

It is a cost-effective product. If you need an extra module in the product, there will be an extra cost in addition to the licensing fee.

There are five engineers needed for the maintenance of the solution.

If there is a requirement and one is already using a firewall from Fortinet, then it is easier to deploy FortiWeb Web Application Firewall (WAF). Overall, I rate the solution an eight out of ten.