"Very easy to implement and works well."
"The web application firewall itself is most valuable. It provides positive security and negative security. In negative security, it blocks a task such as cross-site scripting, code injection, etc. In positive security, it lets you specify and enforce things, such as the parameters allowed in username and password fields and the number of characters allowed in a field."
"One of the most valuable features is the Local Traffic Manager."
"Good dashboard and reporting."
"I like all of the features, but the main one is the attack signatures."
"The most valuable features of F5 Advanced WAF are SSL uploading, signature, and anomaly detection. It is overall a high-quality solution."
"The most valuable feature is that it is secure."
"It's scalable and very easy to manage."
"Fortinet is a great SD-WAN player when it comes to security capabilities."
"FortiGate is a stable product."
"The solution is stable."
"FortiWeb offers a good price for the marketplace. In the Sri Lankan market, it's hard to find high-end products that can match FortiWeb's pricing. For high-end solutions, the price is always extremely high."
"The GUI is user-friendly and it's easy to understand how to manage it."
"If I need something from tech support, I can get it answered within the hour."
"It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
"The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb."
"The solution could improve by having an independent capture module. It has a built feature that you can deploy the capture on your published website. However, it's not very user-friendly. When you compare this feature to Google Capture or other enterprise captures, they are very simple. It needs a good connection to the F5 Advanced WAF sandbox. When you implement this feature in the data center, you may suffer some complications with connecting to the F5 Advanced WAF sandbox. This should be improved in the future."
"There is a learning curve that extends the time of implementation."
"I would like to see a better interface and better documentation compatibility with other products. It's more complicated with OWASP."
"It should be a little bit easy to deploy in terms of the overall deployment session. One of our customers is a bit unhappy about the reporting options. Currently, it automatically deletes event logs after some limit if a customer doesn't have any external Syslog server. It is a problem for those customers who want to review event logs after a week or so because they won't get proper reports or event logs. They should increase the duration to at least a month or two for storing the data on the device. F5 is not a leader in Gartner Quadrant, which affects us when we go and pitch this solution. Customers normally go and take a look at such annual reports, and because F5 is currently not there as a leader, the customers ask about it even though we are saying it is good in all things. F5 is not known for something totally different or unique. They were a major player in ADP, and they are just rebranding themselves into security. They should improve or increase their marketing as a security company now. They have already started to do that, but they should do it more so that when it comes to security, customers can easily remember F5. At the moment, if we say F5, load balancing comes to mind. With rebranding and marketing, all customers should get the idea that F5 is now mainly focusing on the security part of it, and it is a security company instead of load balancing. This is the first solution that should come to a customer's mind for a web application firewall."
"Scalability could be improved."
"I would like to see the API Protection improved."
"The contextual-based component needs a lot of help to catch up with the next-gen products."
"We usually use a third-party tool for logging and reporting. It would be nice if we could do that right on this solution. They have one, but it's not very stable. Logging and reporting effectively would be a big enhancement."
"It may be better if it were easier to create roles."
"The Layer 7 DDoS attacks need improvement, it could be better."
"The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."
"The integration with other products should be improved."
"When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."
"It is not entirely user-friendly."
"The solution could improve by being able to handle different use cases."
"I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device."
F5's Advanced WAF is built on proven F5 technology and goes beyond reactive security such as static signatures and reputation to proactively detect and mitigate bots, secure credentials and sensitive data, and defend against application denial-of-service (DoS). Advanced WAF redefines application security to address the most prevalent threats organizations face today.
Advanced WAF is offered as an appliance, virtual edition, and as a managed service—providing automated WAF services that meet complex deployment and management requirements while protecting your apps with great precision. It is the most effective solution for guarding modern applications and data from existing and emerging threats while maintaining compliance with key regulatory mandates.
Advanced WAF redefines application security to address the most prevalent threats organizations face today:
•Web attacks that steal credentials and gain unauthorized access across user accounts.
•Application layer attacks that evade static security based on reputation and manual signatures.
•New attack surfaces and threats due to the rapid adoption of APIs.
•OWASP Top 10 vulnerabilities
FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using multi-layered and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats.
F5 Advanced WAF is ranked 4th in Web Application Firewall (WAF) with 15 reviews while Fortinet FortiWeb is ranked 1st in Web Application Firewall (WAF) with 27 reviews. F5 Advanced WAF is rated 8.2, while Fortinet FortiWeb is rated 8.2. The top reviewer of F5 Advanced WAF writes "It is very stable as as a load balancer or a web application firewall". On the other hand, the top reviewer of Fortinet FortiWeb writes "Reasonably priced and offers a good graphical user interface but need better integration capabilities". F5 Advanced WAF is most compared with Microsoft Azure Application Gateway, Imperva Web Application Firewall, NGINX App Protect, Azure Front Door and F5 BIG-IP Local Traffic Manager (LTM), whereas Fortinet FortiWeb is most compared with Fortinet FortiOS, Fortinet FortiADC, F5 BIG-IP Local Traffic Manager (LTM), Microsoft Azure Application Gateway and AWS WAF. See our F5 Advanced WAF vs. Fortinet FortiWeb report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.