Fortinet FortiWeb OverviewUNIXBusinessApplication

Fortinet FortiWeb is the #2 ranked solution in top Web Application Firewalls. PeerSpot users give Fortinet FortiWeb an average rating of 8.2 out of 10. Fortinet FortiWeb is most commonly compared to F5 Advanced WAF: Fortinet FortiWeb vs F5 Advanced WAF. Fortinet FortiWeb is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.
Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: December 2022

What is Fortinet FortiWeb?

Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

Fortinet FortiWeb Features and Benefits

APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

  • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

  • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

  • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

  • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

  • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

  • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

Reviews from Real Users

Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Fortinet FortiWeb Pricing Advice

What users are saying about Fortinet FortiWeb pricing:
  • "It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there."
  • "It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced."
  • "We are on an annual license for this solution and the price is approximately €100."
  • Fortinet FortiWeb Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director at a tech services company with 51-200 employees
    Real User
    Top 20
    Good for compliance, load balancing, and high availability
    Pros and Cons
    • "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
    • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."

    What is our primary use case?

    We mainly use it for protection. OS scanning and load balancing are two of its main use cases.

    My team is most probably working with its latest version. In terms of the deployment, lately, it has been on the cloud because the end-user-facing web applications are usually live on the cloud.

    How has it helped my organization?

    Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.

    What is most valuable?

    The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.

    What needs improvement?

    From the feature perspective, it is pretty rich. The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect. 

    I would also like it to scale automatically based on the traffic.

    Buyer's Guide
    Fortinet FortiWeb
    December 2022
    Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,397 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using this solution for about six years.

    What do I think about the stability of the solution?

    I've never seen any issues, but when you turn on all the features or every single scanning, that's when it slows down a bit.

    What do I think about the scalability of the solution?

    It is scalable, but it is a roundabout way of automated scaling. It is not truly automated scaling. In general, when the size is okay, scaling is not a problem. I would like it to scale automatically based on the traffic, but that doesn't happen because automation is not there.

    I haven't seen any big issues with performance. We ran 20,000 connections through it, and it was okay. When you deploy it in the cloud, you can increase the size of the VM, and with extra licensing, it is fine performance-wise.

    It is suitable for medium and large customers. My team has deployed at least 500 of these in the last few years. In general, it's okay. We don't have any issue with it.

    How are customer service and support?

    They have been pretty good, honest, and upfront. It all comes down to expectations when you buy these things.

    I know the country manager very well. He is my friend for Fortinet. They are very good in terms of support. 

    When you buy these things from a marketplace like Amazon or AWS, the support is not as good as it can be because the first line of support is the cloud provider, and then there is the vendor. So, our preference usually is to go directly to the vendor because they know more about it.

    Which solution did I use previously and why did I switch?

    One of the best things about Azure Firewall is the automation. There is a huge difference. The second thing is pricing. 

    With FortiWeb, when you want to buy HA, you need to start designing high availability across different regions. With Azure, it comes by default.

    How was the initial setup?

    It depends on the customer and the use case. Usually, it's straightforward, but as you add more applications, it can become more and more complex.

    The deployment duration varies. Usually, designing, building, and putting in production take about four weeks, but it also depends on the application type.

    It requires maintenance all the time. Everything requires maintenance. Usually, we build it and operationalize it, and we then hand it over to the customer.

    What's my experience with pricing, setup cost, and licensing?

    It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there.

    What other advice do I have?

    I would advise getting the right engineer. You need someone who is a specialist, and that's very important.

    I would rate it an eight out of 10. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Eduard Otto - PeerSpot reviewer
    Senior Technical Consultant at PROMOS consult
    Consultant
    Top 20
    Good file security and redirect web traffic well but we had trouble with a few features
    Pros and Cons
    • "One main feature we are very happy about is file security and upload functionality."
    • "The GUI could be better. It's limited."

    What is our primary use case?

    Mostly we use FortiWeb for replacing reverse proxy from our systems and add some security features to it to protect the web portal we are providing to our customers.  We use it to rewrite URLs and redirect FQDNs, et cetera, et cetera. That's the normal part.

    What is most valuable?

    The main feature I like is the ability to redirect web traffic from a readable URL to a real URL. All the security features are good.

    One main feature we are very happy about is file security and upload functionality. It will restrict the number of file types that can be uploaded to our portal and prevents any malware. It helps with security.

    What needs improvement?

    We had some trouble using some features. Maybe we understood it the wrong way when reading the manual. We had to implement some workarounds to help this problem.

    The GUI could be better. It's limited. 

    For how long have I used the solution?

    I've been using the solution for one year. 

    What do I think about the stability of the solution?

    There are no complaints on our side. The performance and stability are fine. We used to have a cluster of two appliances. Everything seems to be fine when we update the firmware. We haven't had any issues.

    What do I think about the scalability of the solution?

    The scalability may be slightly limited. We use hardware appliances. We need to buy appliances which have enough performance. You need to think about the sizing before you buy it. Scalability is not really possible with hardware. 

    We use it more and more. We are going to migrate all the connections which are directed to a proxy to the classification firewall.

    How are customer service and support?

    Normally, technical support is very good. All the tickets I opened have been solved in an average time.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    It was the very first time that we used a web application firewall. We never used anything before.

    How was the initial setup?

    We had some difficulties at the beginning in terms of setting it up. It was a very new product for us. We never had web protection firewalls before. We had some support from our supplier, so we referred to the initial implementation to get it done with external support.

    I'd rate the ease of implementation at a three out of five. 

    From a technical perspective, the deployment does not take a long time. Our problem internally was the organization and the planning as well as the communication with the other teams. That's what took so long. We started maybe one and a half years ago with the implementation and productive status was reached at the end of 2021. That's a long time. That said, one would say the management is at fault, not the actual technical staff.

    At a cluster, so single point of failure, all this stuff, it kind of took around 24 hours to get it up. The offline time was very difficult, however.

    We have two good people on staff that can handle deployment and maintenance. We are looking for another employee in the market, however, it's been very difficult to find someone.

    What about the implementation team?

    The implementation was done in-house with some help from our supplier.

    What was our ROI?

    We have not noted an ROI yet.

    What's my experience with pricing, setup cost, and licensing?

    We actually expanded our subscription for the next three years. I don't remember the exact price. It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced. I'd rate the general cost at a three out of five. 

    Which other solutions did I evaluate?

    We thought about other options, however, since we had a very good experience with the FortiGate Firewall, I decided to buy FortiWeb. They operate well together. 

    What other advice do I have?

    We are just customers and end-users.

    Potential new users should compare different products from different vendors to make a decision on a web application firewall. It doesn't matter if it is FortiWeb, or F5, or something else, just take some time to compare. 

    I'd rate the solution six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Fortinet FortiWeb
    December 2022
    Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,397 professionals have used our research since 2012.
    Engineer : Cyber Security & Telecommunication at a tech services company with 11-50 employees
    Real User
    Top 20
    Reasonably priced and offers a good graphical user interface but need better integration capabilities
    Pros and Cons
    • "The initial setup is pretty straightforward."
    • "The support side of things can be improved."

    What is our primary use case?

    We primarily used the solution as a POC to see how effective it is and so far we're happy with it. 

    We used it for protecting our web servers and the use of some web applications within a financial institution.

    What is most valuable?

    They have a very good graphical user interface. 

    The initial setup is pretty straightforward.

    The solution is stable.

    The scalability is pretty good.

    We have found the pricing to be pretty reasonable. 

    What needs improvement?

    During the POC we did encounter problems. For example, the integration with the HSM for storing keys was not ideal.

    The downside is on the security side and is the firewall. When you look at the firewall, it doesn't do decryption and you have to depend on other third-party tools to do that. Or you would have to use another FortiGate product which makes things a little complicated. Today, people look for simplicity in terms of design. That's one downside to Fortinet's Firewall. The downside to FortiWeb is it had issues integrating with HSM. They fixed the issue, however, it took a long time to fix and it wasn't pleasant. I had to work with deadlines and I could not make the deadlines due to the slow timeline on their side.

    For the firewall, when you deploy IPS, the IPS doesn't have visibility into encrypted traffic and 70% of traffic these days is encrypted, and that's the conservative figure of the actual percentage. If your IPS doesn't have that visibility, then it is not really doing the job that it has to do. In comparison, Palo Alto is the best firewall in terms of performance and has the technical specifications that we need. 

    The support side of things can be improved. They need to quickly tend to issues and resolve them as soon as possible. Those are the expectations.

    For how long have I used the solution?

    We've only used FortiWeb for a POC. 

    What do I think about the stability of the solution?

    The stability of the product has been good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. When you look at the specs and if you do what they say in the specs, in terms of ensuring that you're not overlooking anything, it's a good product. 

    What do I think about the scalability of the solution?

    The solution can scale. That's not a problem at all.

    How are customer service and support?

    Technical support could be more responsive. They need to address issues faster. I'm not completely happy with the level of support we receive.

    How was the initial setup?

    Generally, the solution is easy to set up. It's not overly complex. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty good if you look at other top options in this space. They are reasonable. 

    Which other solutions did I evaluate?

    I've also looked at Palo Alto, and it has the specifications that we need, however, the pricing is quite high.

    What other advice do I have?

    Our company is a Fortinet partner.

    I'd rate the solution at a seven out of ten.

    In terms of functionality, it does a perfect job, however, when you have to integrate with third-party tools, that's where you might have issues. Going forward, maybe what Fortinet needs to do is to ensure that they don't have integration issues with the other big vendors that are common in terms of what's deployed out there. Someone might want FortiWeb, however, for example in my case where a bank needed to integrate that with Jamalt or HSM for description, they have to do their homework. 

    When you're dealing with financial clients, they need to have seamless integration and not to have these challenges where it would take time to fix as an issue. That should be figured out pre-deployment. Companies in banking can't wait for clients to point out that this is an issue. They have to attend to it beforehand and resolve issues to meet expectations. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    Carlos Pindado - PeerSpot reviewer
    Director of business and digital transformation at SERNIVEL3
    Real User
    Top 10
    Useful single location dashboard controls, stable, and helpful support
    Pros and Cons
    • "You have the ability to control everything from one single dashboard."
    • "The solution could improve by being able to handle different use cases."

    What is our primary use case?

    We use Fortinet FortiWeb for industrial companies. We are making doing network segmentation inside the industrial park, which is quite difficult and we have to design, develop and maintain all of the different kinds of solutions. We brought Fortinet FortiWeb to protect against forbidden access and for special access for providers in the industry.

    How has it helped my organization?

    We do not use this solution for our organization but for clients' organizations. For example, one customer uses the solution for the protection of all their different applications. Additionally, the solution has protected the servers that are in the DMC, such as services for people in other countries that have to have access.

    What is most valuable?

    You have the ability to control everything from one single dashboard.

    What needs improvement?

    The solution could improve by being able to handle different use cases.

    For how long have I used the solution?

    I have used Fortinet FortiWeb within the past 12 months.

    What do I think about the stability of the solution?

    The stability is good.

    What do I think about the scalability of the solution?

    The scalability is quite good. The scalability has been good for each industry. You can integrate Fortinet FortiWeb with all kinds of products of the same vendor. This allows the ability for a lot of different functions that you don't have to have really competent staff because you do not have different vendors. You don't have to call another vendor for solving one ticket or problem. This made everything simple, it was very good.

    We have approximately 2,000 people using this solution.

    When our customers have acquired more industrial plants we will propose this solution for all those industrial plant customers.

    How are customer service and support?

    The technical support is good.

    I would rate the technical support of Fortinet FortiWeb an eight out of ten.

    Which solution did I use previously and why did I switch?

    We previously used F5.

    How was the initial setup?

    The installation was straightforward and it took us approximately one month. There are a lot of services, approximately 15, and other parts to configure.

    What about the implementation team?

    We used consultants, technicians and, an integrator for the implementation.

    We do not need more than three people to do the maintenance and support of Fortinet FortiWeb.

    What was our ROI?

    We have seen a return on investment. It has been decent but not the best. We choose to work with one large customer and it has been similar to an investment.

    What's my experience with pricing, setup cost, and licensing?

    We are on an annual license for this solution and the price is approximately €100.

    Which other solutions did I evaluate?

    We have evaluated a number of solutions, such as Citrix NetScaler.

    What other advice do I have?

    I would recommend those wanting to implement this solution to use good integrators, there are not too many people who know about this solution. I lived in Spain and there are not too many installations made, it's quite difficult to find people that know a lot about it. It's not a difficult installation and the vendor helped us a lot and is very helpful. You have professional services you can use from the vendor if you choose, but they are quite expensive for customers.

    One of the biggest lessons I have learned from using Fortinet FortiWeb is Fortinet helps you a lot. They can develop something specifically for a customers' use case without any costs for them.

    I rate Fortinet FortiWeb a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Giorgi Sakhokia - PeerSpot reviewer
    Information Security Officer at State Audit Office
    Real User
    Top 5
    Flexible, easy to learn and configure, and has almost everything that a web application firewall needs
    Pros and Cons
    • "It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
    • "When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."

    What is our primary use case?

    We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

    What is most valuable?

    It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

    It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

    What needs improvement?

    When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

    For how long have I used the solution?

    I have been using this solution for three months. 

    What do I think about the stability of the solution?

    Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

    What do I think about the scalability of the solution?

    It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

    How are customer service and technical support?

    We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

    What about the implementation team?

    We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

    Which other solutions did I evaluate?

    We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

    What other advice do I have?

    We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

    I would rate Fortinet FortiWeb a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    AANKITGUPTAA - PeerSpot reviewer
    Consultant at Pi DATACENTERS
    Real User
    Top 5Leaderboard
    Reliable with a good sandbox feature and good protection against security threats
    Pros and Cons
    • "The solution has a good sandbox feature."
    • "It can be better with web application firewalls."

    What is our primary use case?

    FortiWeb is an application firewall. We deployed it as a web application firewall for our 16-plus web applications. We integrate this with Fortigate and the FortiSandbox, and all the applications we are hosting in the data center.

    How has it helped my organization?

    With the feat of cyber attack, the most important thing we can do is protect the web application. We can protect it from attacks like DDoS. It's helping to maintain our cyber security posture.

    What is most valuable?

    The most valuable product feature is the web application firewall. It still includes the inline. Its mode of operation is great. It comes with four modes of operation, reverse proxy, two transplant nodes, and WCCP. One node is there for transplant, just to have one more. Any customer, based on their network of topology and deployment type, can choose it and have an easy deployment. 

    The solution has a good sandbox feature.

    It is stable.

    What needs improvement?

    It can be better with web application firewalls. 

    It is already close to the best in class. This product is up to the mark right now. 

    For how long have I used the solution?

    I've used the solution for around three years. 

    What do I think about the stability of the solution?

    This is a stable, reliable solution. There are no bugs or glitches. It doesn't crash or freeze. 

    What do I think about the scalability of the solution?

    Capacity-wise, since there is hardware involved, it cannot scale too much. There are some technical limitations.

    We have around 2,000 users right now. 

    We do not have plans to increase usage in the future.

    Which solution did I use previously and why did I switch?

    We did not previously use a different solution. 

    How was the initial setup?

    How easy or difficult the implementation is depends on the deployment type. It is very easy if you employ reverse proxy. However, it can be a little complex depending on what you need to do. 

    There was a team that helped deploy the solution, however, for maintenance, you only need one network security engineer.

    What about the implementation team?

    We used a third party to assist us with the setup.

    What was our ROI?

    We have witnessed an ROI. I'd rate the level of ROI we've seen a four out of five as it helps mitigate cyber attacks.

    What's my experience with pricing, setup cost, and licensing?

    I'd rate the pricing at a four out of five in terms of affordability.

    Which other solutions did I evaluate?

    I'm exploring two or three products right now. We did not evaluate anything before choosing this product.

    What other advice do I have?

    I highly recommend that any web application firewall be deployed in the IT infrastructure where companies host web applications. It should be there. Whatever you choose should integrate with a third-party load balancer.

    I'd rate the solution a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Consultant at AEC
    Consultant
    Easy implementation with good configurations and the ability to block domains
    Pros and Cons
    • "Technical support is very good."
    • "If the price was lower, it would be a bit more attractive, as an option, to the customers."

    What is most valuable?

    The solution offers good configurations and works well with other Fortinet products.

    The solution is scalable. 

    We found the implementation process to be simple. 

    If you want to block domains, you can do so. You do have the power to control access.

    What needs improvement?

    The product needs to be more stable. 

    We have issues between primary and secondary IP. Secondary IP addresses cannot be on the same subnet as any primary or secondary subnet. You need to follow up between the primary and secondary. If you don't, there will be a problem. When your public applications are not working properly, the single point of communication from the public domain is an issue. If I want to resolve the situation, a quick solution is I need to fail over the primary to the secondary, and it will just start working. However, that is not a permanent solution. I don't know what the problem is exactly, and how we can permanently address the issue. 

    If the price was lower, it would be a bit more attractive, as an option, to the customers. 

    You do need to ensure you do the configurations carefully. Otherwise, you may have issues. 

    For how long have I used the solution?

    I've been using the solution for two years. 

    What do I think about the scalability of the solution?

    We can scale the solution. We typically work with enterprises, so, larger-scale companies. In our customer's company, they have about 6,000 to 10,000 people on the solution. 

    How are customer service and support?

    Technical support is very good. they are quite helpful and responsive. 

    Which solution did I use previously and why did I switch?

    I also use F5. It's got better pricing and is quite stable as well. However, if you don't know how to configure it, it can be a disaster. 

    How was the initial setup?

    The initial setup is easy. It's not overly complex or difficult. 

    It can be deployed in about half an hour. It doesn't take long to have it up and running. 

    What about the implementation team?

    I handle a lot of implementations and can handle the process. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing could be better. They charge a bit more. That's why F5 is everywhere right now. The customer can see that F5 is stable and everything is working well, and then they see the price, and it's very attractive to them. 

    What other advice do I have?

    I'm just a customer and end-user. 

    I'm a consultant. Our customers are working with Fortiweb in their companies.

    I'd rate the solution eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Dino R - PeerSpot reviewer
    System Administrator at a insurance company with 1,001-5,000 employees
    Real User
    Top 10
    Provides good feedback for development and is easy to scale up
    Pros and Cons
    • "It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs."
    • "The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."

    What is our primary use case?

    Generally, we are using it to protect our internet-facing web applications. So if there are any security vulnerabilities in our applications, the solution can provide protection.

    How has it helped my organization?

    It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs.

    What is most valuable?

    They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary. 

    What needs improvement?

    The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.

    For how long have I used the solution?

    I have been using FortiWeb for three years.

    What do I think about the stability of the solution?

    I think it's quite reliable so long as it's configured. 

    What do I think about the scalability of the solution?

    As long as we accurately scale our requirements from the start, I think the solution is quite scalable and quite easy to scale up later on.

    How are customer service and technical support?

    They are quite helpful. But I think because our department is quite stable and configured correctly, we are rarely using the support. Everything works perfectly.

    How was the initial setup?

    I think it's quite complex because we need to know how the application works.  

    What about the implementation team?

    We are using local support to configure the solutions for us. We also purchase local maintenance and support on top of the routine product support and updates. Because it is a
    very specialized product, we need a very skillful person with expertise in the product to configure the solution for us.

    What's my experience with pricing, setup cost, and licensing?

    In a high availability cluster configuration, where the primary FortiGate is working and the secondary is a backup, Fortinet requires us to buy two licenses instead of one whether we are actually using it or not. With other products, you only purchase one license because we only use one license per instance.

    What other advice do I have?

    You need to accurately calculate the requirements of your infrastructure before implementing FortiWeb or any other web application firewall. Accuracy is very critical when scaling the product or the model that will be deployed on your infrastructure. 

    I would rate FortiWeb an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.