No more typing reviews! Try our Samantha, our new voice AI agent.

F5 Rules for AWS WAF vs Fortinet FortiAppSec Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
F5 Rules for AWS WAF
Ranking in Web Application Firewall (WAF)
15th
Average Rating
8.4
Reviews Sentiment
7.8
Number of Reviews
10
Ranking in other categories
Business Rules Management (3rd)
Fortinet FortiAppSec Cloud
Ranking in Web Application Firewall (WAF)
26th
Average Rating
9.0
Reviews Sentiment
6.6
Number of Reviews
2
Ranking in other categories
CDN (11th), Distributed Denial-of-Service (DDoS) Protection (19th), API Security (16th), Dynamic Application Security Testing (DAST) (9th)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
Vibin Thomas - PeerSpot reviewer
Technical Team Lead - Content Security at Valuepoint Systems
Advanced protection has reduced web attacks and improves application performance and operations
One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process. While F5 Rules for AWS WAF is powerful, fine-tuning it to match specific application behavior can sometimes be complex and time-consuming, especially for teams without deep WAF expertise. Another improvement could be enhanced visibility and reporting. Although AWS WAF provides logs, having more intuitive and built-in dashboards or clearer categorization of rule triggers would make it easier to quickly identify and analyze attack patterns. Additionally, expanding the capabilities around bot management and behavior analysis would be beneficial compared to some dedicated bot management solutions. More advanced detection techniques could further strengthen the protection against sophisticated automated traffic. Finally, providing more predefined templates or best practice recommendations for different application types would help speed up the deployment and reduce the initial configuration effort.
reviewer2812593 - PeerSpot reviewer
CIO at a financial services firm with 51-200 employees
Advanced threat protection has reduced financial risk and improves application security visibility
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence. The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities. The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It protects web applications efficiently."
"Cloudflare WAF provides protection through rules and functionalities like Cloudflare's SDRAP."
"I'm highly satisfied. It's remarkably user-friendly, enabling me to quickly identify issues, and deploy solutions, and it offers the necessary features."
"The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product."
"The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration."
"I have not had any issues with this solution, and I would recommend it to others who are interested in using it."
"It is a SaaS solution unlike much of the competition."
"Cloudflare has positively impacted my organization by making it easier for me to handle and set up DNS for multiple clients; I can easily go in and access their accounts, make changes they need, and it's a one-stop shop."
"F5 Rules for AWS WAF is a strong, enterprise-focused solution for organizations that need robust web application security, centralized policy management, and better visibility into application layer threats within AWS environments."
"After implementing F5 Rules for AWS WAF, we observed a reduction of approximately 60 to 70% in web application security incidents reaching our application team, particularly blocking common threats like bot traffic and SQL injections without impacting our downstream systems."
"Overall, the combination of reduced manual effort, improved security posture, and better application performance has delivered a strong return on investment."
"F5 Rules for AWS WAF's OWASP protection and bot protection have reduced attacks on my applications by 72 to 90%."
"F5 Rules for AWS WAF is definitely recommended. It is a good tool for anyone to try and see if it matches their use case, and it is something that an organization can really benefit from."
"F5 Rules for AWS WAF has positively impacted our organization for security through the implementation of traffic rules in our application."
"F5 Rules for AWS WAF has positively impacted us by improving our web application security without adding too much operational overhead."
"I advise anyone looking for a great tool to secure their public-facing applications to start using F5 Rules for AWS WAF."
"We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud, with our return on investment around 60%."
"My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities."
 

Cons

"The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts."
"They have some limitations with third-party integrations."
"The product can improve by having more multitenancy capability, which is currently not available."
"WAF doesn't directly affect bandwidth costs. It saves costs on protection. However, with the correct setup, it's difficult to determine if it saves costs overall due to the fixed enterprise plan fee."
"The notification part could be improved. It's very much connected to Web Application Firewall, rate-limiting, and DDoS protection."
"We don't even use Cloudflare Bot Management because it's too expensive; you need to pay per request, and it's much cheaper to get one or two additional machines."
"The user interface is very simple and straightforward, but users need knowledge about DNS to accomplish tasks."
"Cloudflare Web Application Firewall should include port forwarding features."
"F5 Rules for AWS WAF could be improved with deeper integration with Infrastructure as Code tools like Terraform for simplification, as well as more AI-driven recommendations for rules tuning to reduce false positives and better dashboards for visibility at the CXO level."
"An area for improvement I see is that while everything is in good shape, I demand continuous improvisation of these rule sets."
"F5 Rules for AWS WAF can be improved by simplifying the tuning process to reduce false positives and providing more built-in dashboards for better visibility and further customization."
"I think F5 Rules for AWS WAF could be improved mainly around visibility, specifically having more actionable recommendations for false positives."
"The additional costs for F5 Rules for AWS WAF are quite high, as F5 managed rules require a separate subscription on top of the standard AWS WAF charges; it would be great if it would be pre-integrated."
"There are potential false positives in F5 Rules for AWS WAF that sometimes require tuning."
"One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process."
"It's too early to talk about a return on investment with F5 Rules for AWS WAF."
"The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive."
"Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic."
 

Pricing and Cost Advice

"Cloudflare Web Application Firewall is more affordable than other solutions."
"We pay $210 per month for CloudFlare WAF."
"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."
"It starts at $20 and can easily go up to $200 monthly"
"The solution is expensive."
"What's my experience with pricing, setup cost, and licensing? I believe the pricing is not the best, but it's reasonable and acceptable. We also use the McAfee system in parallel. In terms of pricing, its okay - not great, but not bad either. It falls in the middle, which is acceptable. In terms of support licensing, last time, we were searching for a solution, and we considered products from resellers rather than directly from the cloud provider. However, the pricing we encountered was exceptionally high. As a result, we are inclined to select support from the reseller."
"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."
"It is not too pricey."
Information not available
Information not available
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Construction Company
33%
Comms Service Provider
16%
Computer Software Company
6%
Energy/Utilities Company
5%
Construction Company
26%
Healthcare Company
10%
Manufacturing Company
9%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise6
No data available
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What is your experience regarding pricing and costs for F5 Rules for AWS WAF?
My experience with the pricing, setup cost, and licensing for F5 Rules for AWS WAF was good with purchasing and the s...
What needs improvement with F5 Rules for AWS WAF?
From an improvement standpoint, one area where F5 Rules for AWS WAF could improve is in simplifying policy management...
What is your primary use case for F5 Rules for AWS WAF?
My main use case for F5 Rules for AWS WAF is strengthening web application security for internet-facing applications ...
What needs improvement with Fortinet FortiAppSec Cloud?
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate l...
What is your primary use case for Fortinet FortiAppSec Cloud?
Fortinet FortiAppSec Cloud is used as a WAF solution.
What advice do you have for others considering Fortinet FortiAppSec Cloud?
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer. Three users ...
 

Also Known As

Cloudflare WAF
No data available
No data available
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Information Not Available
Information Not Available
Find out what your peers are saying about F5 Rules for AWS WAF vs. Fortinet FortiAppSec Cloud and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.