


Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
The company provides technical support, and they are mostly available 24/7.
The proximity of Fortinet with customers ensures quick issue resolution.
Sometimes it could be faster, but generally, their support is reliable.
They were quick and efficient when we had issues.
I would rate the customer support a 9 on a scale of 1 to 10.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
It auto checks everything, and you need to install the certificate.
In my experience, Fortinet FortiWeb Cloud WAF-as-a-Service's scalability is quite good, and I would rate it at eight point five out of ten.
We are purchasing Fortinet FortiWeb Cloud WAF-as-a-Service from the distributor side, who have provided support and a price discount.
The scalability of NGINX App Protect is good and open source at its best.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
The stability of the solution is excellent.
It is a quality solution, and I would rate its stability as eight out of ten.
The product can improve by having more multitenancy capability, which is currently not available.
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network.
Fortinet FortiWeb Cloud WAF-as-a-Service could be improved with better logging capabilities, as many come with less spacing, necessitating a FortiSIM for enhanced functionality.
The utilization of AI in Fortinet FortiWeb Cloud WAF-as-a-Service still needs to be upgraded and improved.
I want them to provide SAML authentication.
There was more information from F5 regarding hardware requirements and specifications to deploy the service.
For now, I think NGINX App Protect is good, but maybe I would like to see the logging feature added.
The GUI and web GUI configuration could be improved to be easier to manage and use.
It is twice cheaper.
I just recommend Fortinet FortiWeb Cloud WAF-as-a-Service because it is very expensive.
The price is not the cheapest, but it offers great value for money.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
Cloudflare Web Application Firewall's advanced reporting and analytics tools add a layer that we're able to visualize and see before it actually hits the local firewall.
It is possible to easily find vulnerabilities with the WAF.
It effectively mitigates web attacks, provides virtual protections, and handles large traffic with minimal processing effort.
Its usability is a key aspect as it is very easy to use and deploy in front of new APIs.
The most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves.
Some threats like injection and running scripts, SQL injections, these all get stopped and rejected by the server.
Detecting bots and blocking IPs have proven effective for securing applications.
| Product | Mindshare (%) |
|---|---|
| Cloudflare Web Application Firewall | 4.0% |
| NGINX App Protect | 2.0% |
| Fortinet FortiWeb Cloud WAF-as-a-Service | 0.8% |
| Other | 93.2% |


| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 6 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 2 |
| Large Enterprise | 5 |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 7 |
| Large Enterprise | 13 |
Cloudflare Web Application Firewall integrates DDoS protection, load balancing, and firewall capabilities. Its ease of use, configurability, and robust security measures make it a versatile choice for protecting web applications.
Cloudflare Web Application Firewall provides a comprehensive defense against threats with advanced reporting and robust security measures. It includes DNS integration, rate limiting, and extensive rule sets, all within a SaaS model that allows API configurability. Users value its caching, scalability, and pricing, although enhancements are needed in rate-limiting and third-party integration. Improvements in customer support, especially in India, real-time controls, and user documentation are also desired. Users seek a more intuitive dashboard, better log management, and improved alert systems, along with multitenancy capabilities and enhanced reporting.
What are the key features of Cloudflare Web Application Firewall?Cloudflare Web Application Firewall finds application in industries like banking and retail by acting as a comprehensive security gateway, managing authentication and authorization while protecting web applications from malicious Layer 7 traffic. It also implements load balancing, CDN, and zero-trust policies, supported by advanced reporting, analytics tools, and threat scoring to meet specific industry needs.
Fortinet FortiWeb Cloud WAF-as-a-Service provides cloud-based web application protection, ensuring businesses secure their web apps against threats without hardware management, offering dynamic scalability and threat intelligence.
Fortinet FortiWeb Cloud WAF-as-a-Service offers an advanced security platform that effectively protects web applications from cyber threats by leveraging comprehensive threat intelligence and efficient traffic management. Its cloud-native architecture facilitates seamless integration, allowing for scalable security solutions that adapt to varying demand levels. Known for reducing complexity, it empowers organizations to focus on strategic initiatives without the need for dedicated on-premise resources. The service also provides robust analytics, enabling informed decision-making based on real-time threat landscapes.
What are the key features?In industries such as finance and e-commerce where sensitive data protection is paramount, Fortinet FortiWeb Cloud WAF-as-a-Service is extensively implemented to secure web applications against potential vulnerabilities. It ensures compliance with stringent regulatory standards and protects consumer information, thus maintaining trust and brand reputation. Healthcare providers leverage it to protect patient records, a sector that demands the utmost security and confidentiality.
NGINX App Protect offers comprehensive security features like auto-learning and bot protection. Its real-time threat detection and ease of integration make it suitable for web and mobile application security across on-premises, cloud, and container environments.
NGINX App Protect stands out with its adaptive machine learning, scalable deployment options, and robust API connectivity, offering Layer 7 DDoS protection and an OWASP-certified WAF. While it supports comprehensive traffic and security management, enhancements in platform integration, automation, and technical support could improve usability. The pricing model and policy management options could also see refinement. Commonly employed in securing web and mobile applications, it addresses threats including OWASP Top 10 vulnerabilities and DDoS attacks, while providing seamless integration with Kubernetes and CI/CD pipelines.
What are the key features of NGINX App Protect?NGINX App Protect finds broader use in sectors like banking and telecommunications, where it secures high-performance digital infrastructures. Its application spans perimeter security, load balancing, and acts as a reverse proxy in environments necessitating stringent security, high throughput, and robust management. The tool's adaptability facilitates its deployment alongside containers, ensuring compatibility with contemporary development practices.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.