IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Amazon, Fortinet, Imperva, and other competitors of Azure Web Application Firewall. Updated: June 2022.
610,229 professionals have used our research since 2012.

Read reviews of Azure Web Application Firewall alternatives and competitors

Director at a tech services company with 51-200 employees
Real User
Top 20
Good for compliance, load balancing, and high availability
Pros and Cons
  • "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
  • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."

What is our primary use case?

We mainly use it for protection. OS scanning and load balancing are two of its main use cases.

My team is most probably working with its latest version. In terms of the deployment, lately, it has been on the cloud because the end-user-facing web applications are usually live on the cloud.

How has it helped my organization?

Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.

What is most valuable?

The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.

What needs improvement?

From the feature perspective, it is pretty rich. The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect. 

I would also like it to scale automatically based on the traffic.

For how long have I used the solution?

I have been using this solution for about six years.

What do I think about the stability of the solution?

I've never seen any issues, but when you turn on all the features or every single scanning, that's when it slows down a bit.

What do I think about the scalability of the solution?

It is scalable, but it is a roundabout way of automated scaling. It is not truly automated scaling. In general, when the size is okay, scaling is not a problem. I would like it to scale automatically based on the traffic, but that doesn't happen because automation is not there.

I haven't seen any big issues with performance. We ran 20,000 connections through it, and it was okay. When you deploy it in the cloud, you can increase the size of the VM, and with extra licensing, it is fine performance-wise.

It is suitable for medium and large customers. My team has deployed at least 500 of these in the last few years. In general, it's okay. We don't have any issue with it.

How are customer service and support?

They have been pretty good, honest, and upfront. It all comes down to expectations when you buy these things.

I know the country manager very well. He is my friend for Fortinet. They are very good in terms of support. 

When you buy these things from a marketplace like Amazon or AWS, the support is not as good as it can be because the first line of support is the cloud provider, and then there is the vendor. So, our preference usually is to go directly to the vendor because they know more about it.

Which solution did I use previously and why did I switch?

One of the best things about Azure Firewall is the automation. There is a huge difference. The second thing is pricing. 

With FortiWeb, when you want to buy HA, you need to start designing high availability across different regions. With Azure, it comes by default.

How was the initial setup?

It depends on the customer and the use case. Usually, it's straightforward, but as you add more applications, it can become more and more complex.

The deployment duration varies. Usually, designing, building, and putting in production take about four weeks, but it also depends on the application type.

It requires maintenance all the time. Everything requires maintenance. Usually, we build it and operationalize it, and we then hand it over to the customer.

What's my experience with pricing, setup cost, and licensing?

It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there.

What other advice do I have?

I would advise getting the right engineer. You need someone who is a specialist, and that's very important.

I would rate it an eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Amarildo De Mattos - PeerSpot reviewer
Global Network and Cyber Security Project Manager at a manufacturing company with 10,001+ employees
Real User
Easy to operate
Pros and Cons
  • "The configurability of the tools and the ease of operation to be the most valuable feature of Imperva."
  • "Imperva Web Application Firewall is very expensive."

What is our primary use case?

We use the latest version with all the functionality, not only WAF. Additionally, we use all the security capability that is possible to enable on Imperva including device security tools like API security.

We use this solution to protect the website for the company.

What is most valuable?

I find the configurability of the tools and the ease of operation to be the most valuable feature of Imperva.

For how long have I used the solution?

I have three years of experience with Imperva Web Application Firewall.

What do I think about the stability of the solution?

This solution is very stable.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and support?

Imperva's technical support is very good.

Which solution did I use previously and why did I switch?

I used to work with Fortinet Web Application Firewall but it was not good.

How was the initial setup?

The initial setup of Imperva is easy to do and only takes a few minutes to deploy.

What's my experience with pricing, setup cost, and licensing?

Imperva Web Application Firewall is very expensive.

Which other solutions did I evaluate?

I have worked with Azure and find both solutions good. However, Imperva does have more advanced features than Azure.

What other advice do I have?

I am very happy with this solution. I would rate the technical aspect a 10 out of 10, however because of the financial cost, I rate it an 8 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Amazon, Fortinet, Imperva, and other competitors of Azure Web Application Firewall. Updated: June 2022.
610,229 professionals have used our research since 2012.