No more typing reviews! Try our Samantha, our new voice AI agent.

Fortinet FortiWeb Cloud WAF-as-a-Service vs NGINX App Protect comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.6
Cloudflare WAF offers quick ROI, crucial protection for e-commerce, saves bandwidth, and balances cost with valuable free features.
Sentiment score
4.2
Fortinet FortiWeb Cloud WAF-as-a-Service reduces security incidents and costs, offering effective protection and noticeable returns on investment.
Sentiment score
5.8
NGINX App Protect offers notable ROI, enhancing security, integrating with CICD pipelines, and providing compliance and time-saving benefits.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
Owner at Hga consulting
 

Customer Service

Sentiment score
6.3
Cloudflare WAF support is mixed; responsive for some, but Indian customers face call availability and administrative issues.
Sentiment score
7.5
Fortinet FortiWeb Cloud support is praised for fast, knowledgeable service, with minor delays manageable and high overall satisfaction.
Sentiment score
5.8
NGINX App Protect's support is reliable and helpful, though costs and occasional delays affect accessibility for some users.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
Owner at Hga consulting
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
IT Manager at Amla Commerce
The company provides technical support, and they are mostly available 24/7.
Pre sale engineer at Harnssen Group Limited
The proximity of Fortinet with customers ensures quick issue resolution.
Security Specialist at a tech services company with 1,001-5,000 employees
Sometimes it could be faster, but generally, their support is reliable.
Principal Network Architect at a financial services firm with 201-500 employees
They were quick and efficient when we had issues.
Project Manager at a comms service provider with 10,001+ employees
I would rate the customer support a 9 on a scale of 1 to 10.
Tech Lead at a tech vendor with 51-200 employees
 

Scalability Issues

Sentiment score
7.7
Cloudflare Web Application Firewall offers impressive scalability and automated management, but additional features may incur costs for smaller organizations.
Sentiment score
6.2
Fortinet FortiWeb Cloud WAF-as-a-Service is scalable, efficient in handling traffic, easy to deploy, and highly rated.
Sentiment score
6.1
NGINX App Protect offers strong scalability praised by users, despite challenges with policy limits and deployment delays.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
IT Manager at Amla Commerce
It auto checks everything, and you need to install the certificate.
Pre Sales Architect at network techlab
In my experience, Fortinet FortiWeb Cloud WAF-as-a-Service's scalability is quite good, and I would rate it at eight point five out of ten.
Network and Security Engineer (Contractor) at Clymora Technology Limited
We are purchasing Fortinet FortiWeb Cloud WAF-as-a-Service from the distributor side, who have provided support and a price discount.
Owner at IT CARE
The scalability of NGINX App Protect is good and open source at its best.
Tech Lead at a tech vendor with 51-200 employees
 

Stability Issues

Sentiment score
8.2
Cloudflare Web Application Firewall is praised for stability, high performance, effective protection, daily use, and minimal downtime.
Sentiment score
8.3
Users highly praise Fortinet FortiWeb Cloud WAF-as-a-Service for its stable and reliable performance, rating it highly.
Sentiment score
8.4
Users praise NGINX App Protect's stability and reliability, outperforming competitors, handling high traffic efficiently, and receiving high ratings.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
IT Manager at Amla Commerce
The stability of the solution is excellent.
Principal Network Architect at a financial services firm with 201-500 employees
It is a quality solution, and I would rate its stability as eight out of ten.
IT Architect at a financial services firm with 10,001+ employees
 

Room For Improvement

Cloudflare WAF needs feature enhancements, better usability, improved support, advanced DDoS protection, and solutions for latency and alerts.
Fortinet FortiWeb Cloud WAF-as-a-Service needs improved features, security measures, AI, pricing, integration, and reporting enhancements.
NGINX App Protect needs enhancements in automation, UI, security, performance, and support, with complex setup and integration issues.
The product can improve by having more multitenancy capability, which is currently not available.
Network Architect at a computer software company with 11-50 employees
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
Owner at Hga consulting
And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network.
CTO at PlayNirvana
Fortinet FortiWeb Cloud WAF-as-a-Service could be improved with better logging capabilities, as many come with less spacing, necessitating a FortiSIM for enhanced functionality.
Network and Security Engineer (Contractor) at Clymora Technology Limited
The utilization of AI in Fortinet FortiWeb Cloud WAF-as-a-Service still needs to be upgraded and improved.
Assistant Technical Director at a comms service provider with 11-50 employees
I want them to provide SAML authentication.
Pre Sales Architect at network techlab
There was more information from F5 regarding hardware requirements and specifications to deploy the service.
IT Architect at a financial services firm with 10,001+ employees
For now, I think NGINX App Protect is good, but maybe I would like to see the logging feature added.
Dev Ops Engineer at BARQ Systems
The GUI and web GUI configuration could be improved to be easier to manage and use.
Dev Ops Engineer at adesso AG
 

Setup Cost

Cloudflare Web Application Firewall offers affordable, flexible pricing with no upfront costs, noted for competitiveness and included support services.
Fortinet FortiWeb Cloud offers cost-effective WAF services with flexible payments, appealing to large enterprises despite not being the cheapest.
NGINX App Protect offers reasonable annual pricing, ranging from $25,000 to $400,000, aligning with industry-leading solutions.
It is twice cheaper.
Pre sale engineer at Harnssen Group Limited
I just recommend Fortinet FortiWeb Cloud WAF-as-a-Service because it is very expensive.
Pre Sales Architect at network techlab
The price is not the cheapest, but it offers great value for money.
Principal Network Architect at a financial services firm with 201-500 employees
 

Valuable Features

Cloudflare Web Application Firewall provides comprehensive security features, easy setup, scalability, and competitive pricing with praised performance and stability.
Fortinet FortiWeb Cloud WAF-as-a-Service offers AI-driven security, easy integration, and adaptability with robust threat protection and reporting.
NGINX App Protect provides comprehensive security features including automation, real-time threat detection, DDoS protection, and flexible deployment options.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
Network Architect at a computer software company with 11-50 employees
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
IT Manager at Amla Commerce
Cloudflare Web Application Firewall's advanced reporting and analytics tools add a layer that we're able to visualize and see before it actually hits the local firewall.
Owner at Hga consulting
It is possible to easily find vulnerabilities with the WAF.
IT Specialist at a manufacturing company with 10,001+ employees
It effectively mitigates web attacks, provides virtual protections, and handles large traffic with minimal processing effort.
Security Specialist at a tech services company with 1,001-5,000 employees
Its usability is a key aspect as it is very easy to use and deploy in front of new APIs.
Principal Network Architect at a financial services firm with 201-500 employees
The most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves.
IT Architect at a financial services firm with 10,001+ employees
Some threats like injection and running scripts, SQL injections, these all get stopped and rejected by the server.
Dev Ops Engineer at BARQ Systems
Detecting bots and blocking IPs have proven effective for securing applications.
Project Manager at a comms service provider with 10,001+ employees
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
Fortinet FortiWeb Cloud WAF...
Ranking in Web Application Firewall (WAF)
23rd
Average Rating
8.8
Reviews Sentiment
6.4
Number of Reviews
10
Ranking in other categories
No ranking in other categories
NGINX App Protect
Ranking in Web Application Firewall (WAF)
19th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
27
Ranking in other categories
Container Security (28th), API Security (8th)
 

Mindshare comparison

As of July 2026, in the Web Application Firewall (WAF) category, the mindshare of Cloudflare Web Application Firewall is 4.0%, down from 5.8% compared to the previous year. The mindshare of Fortinet FortiWeb Cloud WAF-as-a-Service is 0.8%, up from 0.5% compared to the previous year. The mindshare of NGINX App Protect is 2.0%, up from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF) Mindshare Distribution
ProductMindshare (%)
Cloudflare Web Application Firewall4.0%
NGINX App Protect2.0%
Fortinet FortiWeb Cloud WAF-as-a-Service0.8%
Other93.2%
Web Application Firewall (WAF)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
NiteshSharma - PeerSpot reviewer
Pre Sales Architect at network techlab
Comprehensive web protection has secured public apps and supports advanced audit requirements
Fortinet FortiWeb Cloud WAF-as-a-Service has multiple valuable aspects. The WAF solution secures whatever public domains have been published by the public platform or internal servers exposed to public users. Firewalls have limitations, which is why I suggest using a WAF solution. The firewall provides the same features but in a limited edition. When discussing the SaaS platform or Layer 7 layer of security, you will receive multiple benefits. Firewalls have limitations with signatures, bot protection, and DOS protection. Fortinet FortiWeb Cloud WAF-as-a-Service is a dedicated WAF product that handles all DOS protection, bot protection, API security, endpoint connectivity, signature-based support, and top 10 OWASP support. Multiple features are available. AI and ML-based technology is available in almost every tool today. When discussing troubleshooting, there are AI models that will solve your problem and provide information. AI is helpful because it will give you proper information regarding errors and troubleshooting.
Valerio Guaglianone - PeerSpot reviewer
Dev Ops Engineer at adesso AG
Long-term web protection has supported reliable traffic management but needs a simpler interface
NGINX App Protect is a good product. I have used both versions from F5 -also the free version- (I mean the NGINX/NGINX One/App Protect free trial period), and I think it is a good product. It's stable, affordable, and easy to manage. NGINX App Protect is a comprehensive security solution that combines advanced WAF, DoS protection, API security, and DevSecOps automation in a lightweight, scalable package ideal for modern cloud-native architectures. The adaptive machine learning capabilities are truly commendable, as the solution can establish traffic baselines and detect anomalies in real time. It automatically adjusts security policies, minimizing the need for manual intervention and reducing false positives. Additionally, it supports scalable deployment across diverse environments, including on-premises, cloud, Kubernetes, and containers, offering both flexibility and scalability I have experience with the web server, F5 load balancer, and similar products provided by Ergon, for eg. the web application firewall and the Microgateway for K8S. I'm also familiar with F5 BIG-IP products.
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Financial Services Firm
13%
Construction Company
10%
Comms Service Provider
10%
Manufacturing Company
8%
Financial Services Firm
13%
Comms Service Provider
13%
Computer Software Company
8%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise5
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise13
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What is your experience regarding pricing and costs for Fortinet FortiWeb Cloud WAF-as-a-Service?
It is expensive. Actually, it is expensive. When discussing small organizations, I would not recommend it to them. I ...
What needs improvement with Fortinet FortiWeb Cloud WAF-as-a-Service?
Currently, I want to add that Fortinet FortiWeb Cloud WAF-as-a-Service is offering only two-factor authentication. I ...
What is your primary use case for Fortinet FortiWeb Cloud WAF-as-a-Service?
When discussing Fortinet FortiWeb Cloud WAF-as-a-Service, I always recommend it. Either I can recommend F5. Most user...
What is your experience regarding pricing and costs for NGINX App Protect?
I will not be able to answer about my experience with pricing, setup cost, and licensing for NGINX App Protect, as so...
What needs improvement with NGINX App Protect?
I did not face any issues with NGINX App Protect. The only issue that we had is that someone was trying to install th...
What is your primary use case for NGINX App Protect?
I have been dealing with NGINX App Protect and the WAF policy. I usually recommend NGINX App Protect for banking and ...
 

Also Known As

Cloudflare WAF
No data available
NGINX WAF, NGINX Web Application Firewall
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Information Not Available
Information Not Available
Find out what your peers are saying about Fortinet FortiWeb Cloud WAF-as-a-Service vs. NGINX App Protect and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.