We performed a comparison between AWS WAF and Fortinet FortiWeb based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiWeb is the winner in this comparison. According to reviews, it is a more comprehensive solution than AWS WAF. Reviewers are happier with the pricing of AWS WAF, however.
"The ease of deployment of the product is valuable to me."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"The most valuable feature is the addition of managed tools that help us create customizable rules. In case we want to block a particular request, we can make use of those rules."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice."
"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"It's easy to use and allows us to integrate solutions together."
"The GUI is user-friendly and it's easy to understand how to manage it."
"The ease of configuration is valuable. We have Azure WAF, we have OCI WAF, and we also have Cloud Armor for GCP, but their configuration isn't very easy. It's pretty simple in FortiWeb, and we can enable or configure whatever we want."
"SSL Offloading simplifies the public certificate handling and brings additional protection features."
"The support is quite good."
"Technical support is very good."
"It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
"If I need something from tech support, I can get it answered within the hour."
"We don't have much control over blocking, because the WAF is managed by AWS."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"They should make the implementation process faster."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"The cost must be reduced."
"It's a bit difficult to apply the right rules for the right security."
"The serverless product from AWS WAF could be improved. For example, they have only one serverless series, Lambda, but they should extend and improve it. Additionally, the firewall rules are not very easy to configure."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great."
"The integration with other products should be improved."
"Sometimes, even if you follow the documentation, it doesn't work as expected."
"The product's scalability could be better."
"F5 and some other firewalls are easier to customize. FortiWeb could be more flexible and customizable. The documentation could also be improved because many of the advanced features aren't fully documented."
"The solution could improve by being able to handle different use cases."
"Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."
"For advanced users, it would be really useful to have access and the ability to manipulate packets. If we can access and manipulate the contents of packets, even encrypted packets... that would be powerful. Since we're looking at packets arriving at our network, we would have the private key to access those packets and their information."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. AWS WAF is rated 8.0, while Fortinet FortiWeb is rated 8.0. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Prisma Cloud by Palo Alto Networks, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, Azure Web Application Firewall, Imperva Web Application Firewall and Cloudflare Web Application Firewall. See our AWS WAF vs. Fortinet FortiWeb report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.