No more typing reviews! Try our Samantha, our new voice AI agent.

Fortinet FortiAppSec Cloud vs Fortinet FortiWeb comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
Fortinet FortiAppSec Cloud
Ranking in Web Application Firewall (WAF)
26th
Average Rating
9.0
Reviews Sentiment
6.6
Number of Reviews
2
Ranking in other categories
CDN (11th), Distributed Denial-of-Service (DDoS) Protection (19th), API Security (16th), Dynamic Application Security Testing (DAST) (9th)
Fortinet FortiWeb
Ranking in Web Application Firewall (WAF)
2nd
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
121
Ranking in other categories
No ranking in other categories
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
OE
CIO at a financial services firm with 51-200 employees
Advanced threat protection has reduced financial risk and improves application security visibility
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence. The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities. The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.
HameedAhmed - PeerSpot reviewer
Joint Director at PAA
Security threats have been reduced through seamless deployment and strong integration with other tools
I have used Fortinet FortiWeb's integration features. We have easily integrated all of the applications with the product. Most of the applications we are using are in-house built. My technical team is looking after the best features. I have not used it extensively for maybe two and a half years. I have been involved in the installation, but I am not actually using the product. I work with it from time to time but not extensively. I would assess Fortinet FortiWeb's adaptive machine learning and artificial intelligence as having new patches installed regarding artificial intelligence, but when we bought it, I think the learning feature was there. Now they have installed artificial intelligence features through patches. We have a complete portfolio of Fortinet in our organization, including FortiMail, Fortinet FortiWeb, and FortiGate, along with multi-factor authentication. All of the products are from Fortinet. Fortinet tools integrate with each other and work in conjunction. I think Fortinet FortiWeb has helped us meet regulatory compliance because we are not a regulatory organization, but our sister organization is regulatory. We have regulatory compliance with the International Civil Aviation Authority, whose audit teams have checked our data center and these security products, and they are satisfied with us. The question about leveraging Fortinet FortiWeb's automated policy management does not pertain to my domain because I am not so technical, but I am in a management role now. My engineer is more technical than me. I would rate this product an eight point five out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"For us, the key feature of Cloudflare is DDoS protection and IP hiding, especially since we are a crypto company."
"The product has improved our security posture by blocking bad actors."
"This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks."
"The solution protects our application, which runs on the HTTP protocol, from DDoS attacks."
"We extensively use the solution every day. The solution is very stable; we haven’t seen any glitches."
"I'm highly satisfied. It's remarkably user-friendly, enabling me to quickly identify issues, and deploy solutions, and it offers the necessary features."
"It protects web applications efficiently."
"The setup process is very simple for me."
"My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities."
"We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud, with our return on investment around 60%."
"The tool's HTTP traffic, website fixing, and blocking are fantastic. It is user-friendly with easy configuration."
"What we like about Fortinet FortiWeb is it has all the features. We use all of them, so we have to turn on all the options."
"The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb."
"FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security."
"It allows specific IP whitelisting or even regional whitelisting, ensuring only whitelisted traffic from certain geographical regions can access the environment."
"Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
"The valuable feature of Fortinet FortiWeb vulnerability scanner"
"The reporting and token system is good."
 

Cons

"They need to improve their support because getting a response for basic requests took around 48 hours, which is too long."
"It would be ideal if the solution offered better log integration and more integration with different platforms."
"Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place."
"The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts."
"Cloudflare Web Application Firewall should improve visibility for a customer."
"The rate limiting functionality could be enhanced, as we find it somewhat limited."
"Cloudflare Web Application Firewall should include port forwarding features."
"A key challenge arises when dealing with numerous integrations with HVAC systems. Depending on the specifics, there might be some configuration mismatches, which necessitate specific support."
"The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive."
"Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic."
"The solution is a bit expensive when compared to other products."
"We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced."
"Fortinet FortiWeb could improve data integration."
"The upgrade process could be a bit smoother."
"FortiWeb Web Application Firewall needs to improve its performance."
"In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations."
"They could integrate some kind of machine learning and AI facilities to automate workflows."
"Fortinet has had some rough times. When they started expanding a bit, they completely screwed up their support system."
 

Pricing and Cost Advice

"The annual licensing fee is $10,000 USD."
"The solution's pricing option needs to be more transparent for enterprise clients."
"The solution is expensive."
"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."
"It is not too pricey."
"We pay $210 per month for CloudFlare WAF."
"Cloudflare Web Application Firewall is more affordable than other solutions."
"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."
Information not available
"There's only one payment for the duration of the license. On a scale from one to five, I would rate pricing at four. I have not encountered any additional costs on my projects involving Fortinet FortiWeb."
"The solution is cheaper compared with other solutions. It has a yearly license."
"The product provides very good prices to customers. The price is set well and offers great value for money."
"Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor. Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough."
"The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features."
"​It really pays off to buy licences for multiple years​."
"It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced."
"Cheaper than others."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Construction Company
24%
Healthcare Company
11%
Financial Services Firm
10%
Manufacturing Company
8%
Financial Services Firm
9%
Manufacturing Company
9%
Comms Service Provider
8%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
No data available
By reviewers
Company SizeCount
Small Business60
Midsize Enterprise27
Large Enterprise37
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What needs improvement with Fortinet FortiAppSec Cloud?
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate l...
What is your primary use case for Fortinet FortiAppSec Cloud?
Fortinet FortiAppSec Cloud is used as a WAF solution.
What advice do you have for others considering Fortinet FortiAppSec Cloud?
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer. Three users ...
What is your experience regarding pricing and costs for Fortinet FortiWeb?
The pricing for Fortinet FortiWeb varies with different models having different prices. It depends on the requirement...
What needs improvement with Fortinet FortiWeb?
There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firm...
What is your primary use case for Fortinet FortiWeb?
Fortinet FortiWeb is very good as a web application solution. I have been working with Fortinet FortiWeb since 2020.
 

Also Known As

Cloudflare WAF
No data available
FortiWeb Web Application Firewall (WAF)
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Information Not Available
Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
Find out what your peers are saying about Fortinet FortiAppSec Cloud vs. Fortinet FortiWeb and other solutions. Updated: June 2026.
904,748 professionals have used our research since 2012.