FortiWeb Web Application Firewall (WAF) Reviews

I mentioned that the firewalls, such as the one from Fortinet, help protect my infrastructure from outside attacks. They perform a lot of network scanning and do not allow any unauthorized person to access my details and data. That's their application. A similar action is performed by the web application firewall, where web applications are restricted to certain users. This means that not anyone with malicious intent can access my web application content.

The good thing about Fortinet is that their enablement is very good in terms of training me and enabling resources on their technology. 

Secondly, if I look at their pricing, Fortinet's pricing is way more competitive than Cisco or Palo Alto. They have almost 45% share in the firewall market, as per IDC. Fortinet is a large-sized company where their channel program is very robust and very flexible. They also understand the different personas of the channel stakeholders. In that way, they are rapidly growing in the channel ecosystem space and have started getting a lot of business. They are replacing many big traditional players in that space.

The tool is a valuable web application that protects our internal mobile money application. It enforces policies, ensuring secure access for users connecting to the application. It complies with PCI DSS, safeguarding financial transactions and contributing to our revenue. The solution effectively addresses malware threats.

The tool secures our critical applications, especially the mobile money application, which is often targeted by attacks. The solution provides rapid protection and has proven reliable against various threats. It blocks malicious traffic, including dormant and DDoS attacks, and offers integrated Web Application Firewall features to safeguard against compromises.

You can set it up for customer-facing web applications because customers don't necessarily know all the IP addresses. It uses a source-based approach where any source accessing the application is defined by its IP. When accessing the application, it checks if they are using HTTP or HTTPS and blocks them if necessary.

The tool's performance and security reporting capabilities contribute positively to IT security management. Consolidating management within the solution makes it easier for IT to handle the solutions. All functionalities managed on a single box reduce the number of boxes needed for management.

My company is a Fortinet partner and specializes in FortiWeb. We often compete against cloud-native solutions like Azure Application Gateway WAF. We typically conduct proof-of-concept tests for potential clients. They are usually looking for API protection and bot mitigation, which FortiWeb excels at. We take responsibility for implementing and supporting the solution for our customers.

We also conduct simulation tests and review feedback from colleagues and customers. Customers often seek solutions for bottlenecks, especially regarding machine learning. We can do a detailed review of the WAF services and provide a report for the customer.

If a customer has a website, a firewall alone is not enough. While a firewall can act as an application firewall, it may not be sufficient. If we have a firewall at layer four and layer seven, and the customer needs protection against OWASP Top 10 vulnerabilities or requires IT audits, a web application firewall becomes crucial. 

Additionally, if DDoS protection is a concern, it often comes integrated with WAF. For networking, some WAFs can even provide load-balancing functionality.

I use the solution in my company to make web applications more secure because we have a special portal or web interface that we have to make secure for cybersecurity and different accesses. We found that FortiWeb Web Application Firewall (WAF) works fine for such use cases.

The tool's most valuable feature is the web access it offers. We control every access, like who goes in and what they do.

The solution's integration with other products is easy. Its most valuable feature is the antivirus engine.  The tool helps us comply with GDPR and KVKK standards. 

FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well. 

In most cases, the customer uses WAF to protect web applications.

The machine learning on FortiWeb WAF is valuable. It is useful for new customers because it provides new signatures, and machine learning, which can help provide new information to customers about their websites.

The solution helps us to block certain applications and websites.

The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security. 

The product has some unique features. The machine learning feature reduces the false positives. The tool detects zero-day attacks. It has an in-built antivirus, which most WAF tools do not have.

Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.