Try our new research platform with insights from 80,000+ expert users

Fortinet FortiWeb vs Imperva Web Application Firewall comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiWeb
Ranking in Web Application Firewall (WAF)
4th
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
95
Ranking in other categories
No ranking in other categories
Imperva Web Application Fir...
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of June 2025, in the Web Application Firewall (WAF) category, the mindshare of Fortinet FortiWeb is 8.4%, up from 7.3% compared to the previous year. The mindshare of Imperva Web Application Firewall is 5.8%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
 

Featured Reviews

Kacem CHAMMALI - PeerSpot reviewer
Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb
The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead. Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb. Machine learning capabilities in FortiWeb: I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.
Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The support services, performance, and pricing are all valuable features. The performance is excellent."
"Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself."
"The WAF profiles has been effective at mitigating web-based threats."
"L-7 protection makes possible to protect legacy/not up-to-date servers/applications without changing the application code."
"The solution has a very simple deployment."
"The solution's most valuable feature is its security profile."
"We find that it is quite stable and reliable."
"It's stable and works efficiently against OWASP Top 10 attacks."
"There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off."
"It works right out of the box once you integrate the application."
"The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications."
"If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
"The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network."
"The solution can be configured in just a couple of minutes."
"Very intuitive and granular configuration - It does not require much time, or advanced knowledge, for configuration and maintenance."
"We can prevent attacks or issues even before they happen."
 

Cons

"Fortinet FortiWeb is not scalable. You'll need more budget to change the hardware."
"The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."
"I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.​"
"The initial setup depends on familiarity with the product. It's manageable with the right expertise."
"​Their support needs improvement."
"If the price was lower, it would be a bit more attractive, as an option, to the customers."
"It can be better with web application firewalls."
"The integration with other products should be improved."
"The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you."
"If they can bring in generative AI features, that would be useful."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."
"I think that better bot protection is needed in this solution."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."
"The tool needs to improve CPU and storage memory."
"The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier."
 

Pricing and Cost Advice

"The pricing is pretty good. We do pass a lot of traffic through our API servers. Something like 100 gigs of web traffic is a fair amount for reduced JSON API calls, but the cost is $50. For that peace of mind, we have thousands and thousands of customers that are protected by that $50, so it's a no-brainer."
"When I use any other firewall, I have to take a license. It could be a perpetual license or subscription-based. In both cases, we have to pay some amount in advance, whereas in the case of FortiWeb, when using it as a service, I am paying half a dollar only for the domain name, and then I am paying based on the traffic or the number of requests."
"If one is very cheap and ten is very expensive, I rate the product price as three or four."
"The license to use Fortinet FortiWeb is approximately $14,000."
"The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features."
"Previously, for each project, the cost was $800 to $1,000 per application. Now, it's $100 to $120. For some of the applications, there is a 90% reduction, and for some of the applications, there is a 50% reduction. We're paying only $500 to $600."
"It is not a cheap product. It is not like a Linux or a Genex that you can deploy. It is a hardware appliance, and it is built for a specific reason and reliability. It is an enterprise-class solution. You wouldn't find an SMB investing in something like this."
"FortiWeb can be purchased in VM mode for a lower price and the same features."
"The price of this solution is a little bit high compared to competitors."
"The tool is expensive."
"It is very costly, but the return on investment is very high. Its cost was around $70,000, and we got it back in just six months."
"Make sure you understand the way that Imperva charges. It's very affordable. However, I would like to see a package with the Virtual Patching included. You get to do patching separately."
"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
"There are a couple of different licensing models."
"The cost of this solution depends on the platform."
"The price of Imperva Web Application Firewalls is expensive compared to others."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
858,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
27%
Computer Software Company
10%
Financial Services Firm
9%
Government
6%
Financial Services Firm
16%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiWeb?
The WAF profiles has been effective at mitigating web-based threats.
What is your experience regarding pricing and costs for Fortinet FortiWeb?
Fortinet FortiWeb is cost-effective compared to solutions like F5. It offers strong performance for the price, providing substantial value for our customers.
What needs improvement with Fortinet FortiWeb?
The cloud-based security service of Fortinet FortiWeb could be enhanced to match the level of providers like Cloudflare ( /products/cloudflare-reviews ). Right now, it is more focused on on-prem so...
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...
 

Overview

 

Sample Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about Fortinet FortiWeb vs. Imperva Web Application Firewall and other solutions. Updated: June 2025.
858,649 professionals have used our research since 2012.