FortiWeb Web Application Firewall (WAF) vs Imperva Web Application Firewall comparison

Fortinet and Imperva are both solutions in the Web Application Firewall (WAF) category. Fortinet is ranked #15 with an average rating of 8.2, while Imperva is ranked #7 with an average rating of 8.8. Fortinet holds a 1.2% mindshare in WAF, compared to Imperva’s 5.6% mindshare. Additionally, 91% of Fortinet users are willing to recommend the solution, compared to 97% of Imperva users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 1, 2025

Imperva Web Application Firewall and FortiWeb compete in the web application security category. Imperva typically has the upper hand due to its advanced security features and flexibility in deployment, making it suitable for enterprise-level requirements.

Features: Imperva offers advanced security features such as API protection, bot security, and dynamic profiling, ensuring robust defense across cloud and on-premises environments. Its integration capabilities with other tools and ease of configuration enhance its versatility. FortiWeb provides machine learning features and efficient integration tools, making it appealing to cost-conscious customers. It includes a built-in antivirus and excels in ease of monitoring across multiple platforms.

Room for Improvement: Imperva users suggest enhancements in GUI and management simplicity for varied environments, seeking improved visibility, reporting, and support responsiveness. FortiWeb requires better advanced configurations and comprehensive documentation, as well as improvements in support response and zero-day attack handling. Support improvements could benefit both, offering different strengths.

Ease of Deployment and Customer Service: Imperva supports diverse infrastructure needs with flexible hybrid and cloud deployment models. Despite delays in support responses, its customer service is well-regarded. FortiWeb simplifies the deployment process, especially for on-premises solutions, with noted license simplicity, though users report challenges with technical support responsiveness. Imperva's wide deployment options and proactive support, despite criticisms, offer an advantage.

Pricing and ROI: Imperva's higher cost is offset by substantial ROI for enterprises, particularly in critical sectors like finance, making the investment worthwhile for larger organizations. FortiWeb appeals to small to medium enterprises seeking cost-effective solutions with essential features. Its pricing contrasts with Imperva's extensive capabilities, catering to budget-conscious clients.

To learn more, read our detailed FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall Report (Updated: July 2025).

Buyer's Guide

FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall

July 2025

Download the complete report

Helped 864,574 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cloudflare Web Application ...

Mindshare comparison

As of August 2025, in the Web Application Firewall (WAF) category, the mindshare of Cloudflare Web Application Firewall is 7.3%, up from 6.5% compared to the previous year. The mindshare of FortiWeb Web Application Firewall (WAF) is 1.2%, up from 0.4% compared to the previous year. The mindshare of Imperva Web Application Firewall is 5.6%, down from 6.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Web Application Firewall (WAF)

Featured Reviews

SachidDoshi

Senior Enterprise Security Architect at HGS - Hinduja Global Solutions

Offers a huge signature repository and is superiorly effective in mitigating DDoS attacks

The solution's learning curve can still be further reduced, which presently stands at two or three months. The product has a custom rule set that users can modify and manifest as needed. The vendor can probably shorten the learning curve using cutting-edge technologies like AI. The solution provider can also work around the web applications and identify the toolset that needs to be implemented to deploy the solution in less time. The vendor has launched a SASE product that can function with Cloudflare Web Application Firewall, but many improvements are needed in terms of features, such as the web filtering feature, and CASB has not yet been added.

Read full review

Martin Ellmann

Chief Executive Officer at EE Solutions GmbH

Provides users with ease of policy configuration and good integration capabilities

The solution helps protect our company's web applications against common threats up to 99 percent. We feel very safe with the tool. Speaking about how the tool has effectively mitigated web security threats for an application, I would say that it is an application behind the web portal, so there are about a hundred or thousand people who can access a website. If it is a sensitive application, and we have to watch every access to it to make it really safe, that is the reason why we need WAF on the application. My company doesn't use AI with the tool. I recommend the product to others. I would say that others need to have it if they have a shopping website or something similar. I know it is hard to sell because we find it quite hard whenever my company tries to do so. The solution offers 100 percent integration with other Fortinet security products. The ease of policy configuration in the tool is okay. I rate the tool a nine to ten out of ten.

Read full review

Mitesh D Patel

Senior Technical Consultant- Cyber Security at Ivalue Infosolution

Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others

It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I'm highly satisfied. It's remarkably user-friendly, enabling me to quickly identify issues, and deploy solutions, and it offers the necessary features."

"The product has improved our security posture by blocking bad actors."

"The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration."

"The setup process is very simple for me."

"Someone with a basic understanding of networking and security will be able to implement the firewall's basic features within 15 minutes."

"The security features are valuable. The particular feature we use is called OWASP."

"The product has a valuable security control functionality."

"Technical support has a very fast response time and they are helpful."

More Cloudflare Web Application Firewall pros

"The initial setup was easy since it was possible to get remote support for the product."

"The fact that I can log into the platform and see everybody, see logs, authentication failure, and see everything on one platform, is the most valuable feature."

"The tool secures our critical applications, especially the mobile money application, which is often targeted by attacks. The solution provides rapid protection and has proven reliable against various threats."

"The platform's stability is good."

"FortiWeb Web Application Firewall blocks attacks from application layers and provides protection."

"The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection."

"The product's initial setup phase was easy."

"The good thing about Fortinet is that their enablement is very good in terms of training me and enabling resources on their technology."

More FortiWeb Web Application Firewall (WAF) pros

"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."

"The solution integrates seamlessly with other tools and has a good alert mechanism."

"Protection is the best solution since it has profile functionality."

"The solution has been quite stable. I have not seen any bugs at all."

"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."

"The solution is very scalable. It is one of the most important features. You can also expand resources and features as well."

"The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications."

"If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."

More Imperva Web Application Firewall pros

Cons

"There could be an option to duplicate the cluster to maintain the consistency of rules."

"The product can improve by having more multitenancy capability, which is currently not available."

"Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place."

"The product can improve by having more multitenancy capability, which is currently not available."

"The ModSecurity core rules need to be updated."

"A key challenge arises when dealing with numerous integrations with HVAC systems. Depending on the specifics, there might be some configuration mismatches, which necessitate specific support."

"The reporting could be more granular."

"They have some limitations with third-party integrations."

More Cloudflare Web Application Firewall cons

"The product is complicated to set up."

"FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database."

"If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall."

"The price is a little higher than the competitors."

"There could be ADC offering as well."

"The tool's price and performance are areas of concern where improvements are required."

"FortiWeb could have an inbound load balancing pack."

"FortiWeb Web Application Firewall needs to improve its performance."

More FortiWeb Web Application Firewall (WAF) cons

"There's always room for improvement. Occasionally, there might be false-positive alerts."

"The initial setup could be simplified. Every time you have to install the solution you have to get in touch with support or somebody that can to do that for you."

"It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself."

"They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."

"In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."

"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."

"It is complicated to integrate the solution's on-cloud version with other platforms."

"The solution works for particular zones but isn't always the best solution for all zones."

More Imperva Web Application Firewall cons

Pricing and Cost Advice

"Cloudflare Web Application Firewall is more affordable than other solutions."

"The solution is expensive."

"The solution's pricing option needs to be more transparent for enterprise clients."

"The annual licensing fee is $10,000 USD."

"It starts at $20 and can easily go up to $200 monthly"

"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."

"We pay $210 per month for CloudFlare WAF."

"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."

More Cloudflare Web Application Firewall pricing and cost advice

"I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price."

"The licensing cost of the product is pretty high compared to other OEMs in the market."

"FortiWeb Web Application Firewall's pricing is suited for small or medium organizations."

"It is a cheap solution."

"I rate the tool's pricing an eight out of ten."

"I would rate the pricing a four out of ten."

"The product provides very good prices to customers. The price is set well and offers great value for money."

"The tool is really expensive."

More FortiWeb Web Application Firewall (WAF) pricing and cost advice

"The solution's pricing is an issue."

"It's an excellent product, but it can be very costly."

"Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price."

"The price of Imperva Web Application Firewalls is expensive compared to others."

"The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."

"There are a couple of different licensing models."

"Imperva Web Application Firewall is expensive."

"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."

More Imperva Web Application Firewall pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.

See recommendations

864,574 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

Comms Service Provider

Manufacturing Company

Computer Software Company

12%

Government

11%

Financial Services Firm

Manufacturing Company

Financial Services Firm

16%

Computer Software Company

11%

Insurance Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Cloudflare Web Application Firewall?

The product has a valuable security control functionality.

See all answers

What is your experience regarding pricing and costs for Cloudflare Web Application Firewall?

The price of Cloudflare Web Application Firewall is reasonable.

See all answers

What needs improvement with Cloudflare Web Application Firewall?

I cannot say much about areas of improvement for Cloudflare Web Application Firewall because I haven't gone through d...

See all answers

What do you like most about FortiWeb Web Application Firewall (WAF)?

The most valuable features of the solution are SD-WAN, filtration, web filter, application filter, and IPS.

See all answers

What is your experience regarding pricing and costs for FortiWeb Web Application Firewall (WAF)?

The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we ...

See all answers

What needs improvement with FortiWeb Web Application Firewall (WAF)?

Their AI technology is good. Overall, Fortinet is only good. The improvement needed is in their response time. In the...

See all answers

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?

My recommendation is Imperva.

See all answers

Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?

For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you hav...

See all answers

DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?

You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot ...

See all answers

Comparisons

Fortinet FortiWeb vs Cloudflare Web Application Firewall

Compared 15% of the time

Microsoft Azure Application Gateway vs Cloudflare Web Application Firewall

Compared 13% of the time

F5 Advanced WAF vs Cloudflare Web Application Firewall

Compared 6% of the time

AWS WAF vs Cloudflare Web Application Firewall

Compared 6% of the time

Radware Cloud WAF Service vs Cloudflare Web Application Firewall

Compared 5% of the time

More Cloudflare Web Application Firewall Competitors

F5 Advanced WAF vs FortiWeb Web Application Firewall (WAF)

Compared 28% of the time

AWS WAF vs FortiWeb Web Application Firewall (WAF)

Compared 14% of the time

NGINX App Protect vs FortiWeb Web Application Firewall (WAF)

Compared 12% of the time

Azure Front Door vs FortiWeb Web Application Firewall (WAF)

Compared 9% of the time

Akamai App and API Protector vs FortiWeb Web Application Firewall (WAF)

Compared 8% of the time

More FortiWeb Web Application Firewall (WAF) Competitors

Microsoft Azure Application Gateway vs Imperva Web Application Firewall

Compared 14% of the time

F5 Advanced WAF vs Imperva Web Application Firewall

Compared 11% of the time

Azure Front Door vs Imperva Web Application Firewall

Compared 9% of the time

AWS WAF vs Imperva Web Application Firewall

Compared 7% of the time

Azure Web Application Firewall vs Imperva Web Application Firewall

Compared 3% of the time

More Imperva Web Application Firewall Competitors

Product Reports

Buyer's Guide

Cloudflare Web Application Firewall

August 2025

Cloudflare Web Application Firewall report

Download Cloudflare Web Application Firewall product report

Buyer's Guide

FortiWeb Web Application Firewall (WAF)

August 2025

FortiWeb Web Application Firewall (WAF) report

Download FortiWeb Web Application Firewall (WAF) product report

Buyer's Guide

Imperva Web Application Firewall

July 2025

Download Imperva Web Application Firewall product report

Also Known As

Cloudflare WAF

No data available

Overview

Cloudflare Web Application Firewall's intuitive dashboard enables users to build powerful rules through easy clicks and also provides Terraform integration. Every request to the WAF is inspected against the rule engine and the threat intelligence curated from protecting over 27 Million websites. Suspicious requests can be blocked, challenged or logged as per the needs of the user while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud. Analytics and Cloudflare Logs enable visibility into actionable metrics for the user.

Cloudflare

FortiWeb Web Application Firewall uses machine learning to reduce false positives, detects zero-day threats, and blocks DDoS attacks. It integrates with existing security infrastructure and provides SD-WAN capabilities, offering protection for websites and mobile applications.

FortiWeb WAF secures web applications with features like machine learning-based threat detection, DDoS attack mitigation, and robust integration capabilities. Additionally, it manages HTTP traffic and offers SD-WAN functionalities. Built for GDPR compliance, it supports API protection and bot mitigation while enabling secure mobile and cloud application access. Users implement it across multi-cloud environments and in data centers offering advanced security and compliance, including PCI DSS. Despite feature-rich abilities, users seek enhanced database updates, better enterprise integration, and more accessible analytics. Improvements in support response, documentation, and scalability are desired to strengthen its robust security offering.

What are the key features of FortiWeb WAF?

Machine Learning: Reduces false positives and detects zero-day attacks.
DDoS Protection: Blocks distributed denial of service attacks.
Integration: Seamlessly fits with existing infrastructure.
GDPR Compliance: Ensures data privacy and protection standards.
SD-WAN Capabilities: Manages network distribution effectively.
Mobile and API Security: Protects applications and APIs efficiently.

What benefits and ROI can users expect?

Cost-Effectiveness: Offers a balance between features and pricing.
User-Friendly: Easy to navigate and manage deployments.
Global Deployment: Supports multi-cloud and cross-data center usage.
Security Compliance: Meets standards like PCI DSS for secure operations.
Enhanced Application Security: Provides comprehensive protection for apps.

FortiWeb WAF is widely implemented in data centers and financial industries, ensuring robust protection for web applications and sites. It supports multi-cloud environments on platforms like AWS and Azure, providing secure access while meeting compliance standards. Users benefit from enhanced application security and load balancing capabilities, making it a preferred choice in financial sectors that require VPN and SD-WAN consistency.

Fortinet

Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud.

The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

Imperva

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk

Information Not Available

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Buyer's Guide

FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall

July 2025

Free Report: FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall

Find out what your peers are saying about FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall and other solutions. Updated: July 2025.

DOWNLOAD NOW

864,574 professionals have used our research since 2012.

See our FortiWeb Web Application Firewall (WAF) vs. Imperva Web Application Firewall report.

See our list of best Web Application Firewall (WAF) vendors.

We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.