No more typing reviews! Try our Samantha, our new voice AI agent.

Barracuda WAF-as-a-Service vs Fortinet FortiAppSec Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
Barracuda WAF-as-a-Service
Ranking in Web Application Firewall (WAF)
21st
Average Rating
7.8
Reviews Sentiment
5.7
Number of Reviews
14
Ranking in other categories
No ranking in other categories
Fortinet FortiAppSec Cloud
Ranking in Web Application Firewall (WAF)
26th
Average Rating
9.0
Reviews Sentiment
6.6
Number of Reviews
2
Ranking in other categories
CDN (11th), Distributed Denial-of-Service (DDoS) Protection (19th), API Security (16th), Dynamic Application Security Testing (DAST) (9th)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
Samir Paul - PeerSpot reviewer
Security Practitioner at a tech vendor with 10,001+ employees
Cloud WAF has protected critical web apps and APIs and delivers fast bot and DDoS defense
Regarding improvements for Barracuda WAF-as-a-Service, the UI and user experience can feel dated. While the interface is functional and centralized, some third-party reviews indicate that the UI can feel outdated, and enhancements are required to provide an executive look that can be aligned with modern and intuitive next-generation competitors. The licensing and cost structure perspective may need clear planning. Barracuda service is customizable but external references note that licensing and cost planning can become complex. Advanced analytics and executive reporting could be better. The platform provides visibility and compliance reporting but organizations looking for a very polished executive dashboard, deep attack visualization, or broader cloud-native security context may find it more focused on WAF operation. Barracuda WAF-as-a-Service is best suited for app and API protection and is not a full CNAPP platform. It is strong for application layer protection but is not positioned as a full CNAPP covering posture management. Modernizing the UI further, simplifying packaging and licensing clarity, enhancing the executive reporting and risk dashboard, and expanding broader cloud-native integration would be beneficial improvements.
reviewer2812593 - PeerSpot reviewer
CIO at a financial services firm with 51-200 employees
Advanced threat protection has reduced financial risk and improves application security visibility
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence. The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities. The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The security features are valuable. The particular feature we use is called OWASP."
"The product has a valuable security control functionality."
"The impact of Cloudflare Web Application Firewall's integration with existing web technologies on our site's performance and security measures is quite great, actually."
"The solution protects our application, which runs on the HTTP protocol, from DDoS attacks."
"The initial setup process is simple."
"Cloudflare has positively impacted my organization by making it easier for me to handle and set up DNS for multiple clients; I can easily go in and access their accounts, make changes they need, and it's a one-stop shop."
"It is a SaaS solution unlike much of the competition."
"It's pretty convenient and pretty easy to set up and run. And then kind of for static content, it also offers caching."
"The solution covers a lot of major protection or threat management functions in the feature itself."
"Barracuda WAF-as-a-Service has impacted my organization positively with fast deployment and simple onboarding."
"It provides an ease of policy management."
"The solution can be used for threat prevention or as a cloud-to-cloud backup system"
"The product's bot protection feature is valuable for our company."
"Barracuda WAF-as-a-Service has impacted my organization positively as it provides peace of mind through DLP features."
"Barracuda WAF-as-a-Service has a positive impact in my organization by strengthening security, improving resilience, and reducing operational overhead."
"Overall, Barracuda WAF-as-a-Service has been a solid experience, as the platform has done a good job of protecting our application while remaining easy to manage."
"We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud, with our return on investment around 60%."
"My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities."
 

Cons

"The product can improve by having more multitenancy capability, which is currently not available."
"WAF doesn't directly affect bandwidth costs. It saves costs on protection. However, with the correct setup, it's difficult to determine if it saves costs overall due to the fixed enterprise plan fee."
"The solution's learning curve can still be further reduced"
"The blocked logs are difficult to read at times."
"A key challenge arises when dealing with numerous integrations with HVAC systems. Depending on the specifics, there might be some configuration mismatches, which necessitate specific support."
"The dashboard could be more user-friendly."
"They have some limitations with third-party integrations."
"We don't even use Cloudflare Bot Management because it's too expensive; you need to pay per request, and it's much cheaper to get one or two additional machines."
"I think pricing could be improved regarding Barracuda WAF-as-a-Service."
"Some complex issues take longer to resolve, but overall, we have been satisfied with the support."
"The stability of the product is an area of concern where improvements are required."
"Barracuda WAF-as-a-Service can be improved by adding much more security features on a daily basis."
"I think Barracuda WAF-as-a-Service can still do better on the DLP side."
"The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers."
"It's a very specific solution that is only requested for a customer's web code or their global IT policy."
"One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy."
"The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive."
"Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic."
 

Pricing and Cost Advice

"The solution's pricing option needs to be more transparent for enterprise clients."
"Cloudflare Web Application Firewall is more affordable than other solutions."
"It starts at $20 and can easily go up to $200 monthly"
"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."
"We pay $210 per month for CloudFlare WAF."
"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."
"It is not too pricey."
"The solution is expensive."
"The product is expensive but it offers flexible pricing. It could be affordable."
"I rate the product's price a five on a scale of one to ten, where one is low, and ten is high. There are no additional costs to be paid apart from the standard licensing fees attached to the solution."
"It's very difficult for me to give an estimate of the cost. All I know is that we sell the box itself as a service."
Information not available
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Financial Services Firm
12%
Computer Software Company
11%
Outsourcing Company
9%
Security Firm
7%
Construction Company
26%
Healthcare Company
10%
Manufacturing Company
9%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise2
Large Enterprise6
No data available
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What needs improvement with Barracuda WAF-as-a-Service?
Regarding improvements for Barracuda WAF-as-a-Service, the UI and user experience can feel dated. While the interface...
What is your primary use case for Barracuda WAF-as-a-Service?
My main use case for Barracuda WAF-as-a-Service is protecting web applications running on HTTP and HTTPS sockets from...
What advice do you have for others considering Barracuda WAF-as-a-Service?
Barracuda WAF-as-a-Service is best suited for app and API protection and is not a full CNAPP platform. It is strong f...
What needs improvement with Fortinet FortiAppSec Cloud?
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate l...
What is your primary use case for Fortinet FortiAppSec Cloud?
Fortinet FortiAppSec Cloud is used as a WAF solution.
What advice do you have for others considering Fortinet FortiAppSec Cloud?
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer. Three users ...
 

Also Known As

Cloudflare WAF
Barracuda WAF as a Service
No data available
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Salvation Army
Information Not Available
Find out what your peers are saying about Barracuda WAF-as-a-Service vs. Fortinet FortiAppSec Cloud and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.