Fortinet FortiWeb Reviews

• It supports OWASP top 10.
  As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:

1. Create first the objects needed.
2. Assemble the policy.

• The GUI interface is intuitive. I have never needed to use the CLI
• It has good reports.It is easy to manage.

The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

This is a false positive. If the signature was more complex, that would not occur.

I have been using it for four years.

I have not encountered any stability issues, but it always consumes a lot of memory.

Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

Price and licensing is fine; it is one of the cheapest solutions and does its job.

We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

It has a good quality/price relationship. The web vulnerability scan module is useless.

• Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
• Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
• Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
• Zero-day protection
• Advance correlation
• URL rewriting and content rewriting

Before FortiWeb deployment, we were using a combination of commercial and open-source products. It was a hassle for the administrators, due to which some areas were unintentionally overlooked and caused many problems. With FortiWeb, we got a one-box solution for internet and internet security, which reduced the time required of the administrators and improved visibility at the larger scale.

Usually patches and version upgrades are really buggy, so we usually wait about one month for a stable release to upgrade. They need to improve the new version/patch delivery mechanism. For example, if a patch fixes one functionality for web services but also causes some other functionality failure.

I have been using it since 2014.

In the first few months, we had some issues but with a custom patch, we are good.

No scalability problems so far.

I rate technical support 8.5/10.

We were using combination of solutions, due to our organisation's policies. Due to lack of visibility, administrative issues and response times, we shifted.

We had a complex environment, with multiple offices across the globe with all the data in and out from our HQ.

At the time of deployment, and still now, the price was considerable less than other solutions and varies according to license type.

We also evaluated Cisco and McAfee.

It is a great product, but be careful with version upgrades.

We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.

I would not say it has improved how we function because I think that other leading vendors firewalls are as good. However, I do think that FortiGate can do it at a much better price point than, for example, Cisco ASA or Palo Alto.

The CLI could be improved by removing all default syntax from the config. The debugging of crypto VPN is not as informative as other vendors’ firewalls. The GUI is also not as good as some vendors, but overall as a package and considering price, it still provides value for money.

I first used the Fortinet solutions in 2005 when it was version 2 & 3; since then, it has matured a lot and is much better. I would definitely recommend it, primarily on value for money. For the newer versions, I have been using 1000C and 300D, with FortiGate VM01 firewalls running a mix of software versions 5.4 and 5.2 for almost two years.

I did not encounter any stability issues.

FortiManager is required for scalable managing of multiple devices, but we do not have enough to need that. I think that the logging could be better but for that, FortiAnalyzer is recommended, which we do not have.

We have not needed to use Fortinet TAC.

This solution replaced some old Juniper ISG firewalls that were EoL; nobody in the company had Juniper SRX experience and the choice was made for Fortinet before I started at the company.

Initial setup for what we need to use it is very straightforward. There are certain features (such as TACACS) where you need to use CLI, but most things can be done with the GUI.

Very competitive; Fortinet would always be an option for a perimeter firewall for me if I were needing new kit. I would always include it in any quotes and options, although depending on the requirements, I might decide to choose something else.

I have used firewalls that I find easier to manage, configure and troubleshoot. However, the Fortinet firewalls are pretty good, and in terms of value for money, they are outstanding.

Pros: Cost for performance, very feature rich, GUI is pretty good.

Cons: Debugging is not as good as I find Cisco ASA. CLI is overly complicated by all syntax showing in the configuration. The GUI is not as nice as CheckPoint or Palo Alto.

Evaluate the product first and compare it to what you are used to and what you want. It provides very good value for money, but if the budget were there, I would probably choose another vendor in certain circumstances.

In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

• 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
• Easy integration with various Fortinet products such as FortiSandbox for APT detection.
• ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

• Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
• Rule creation and fine tuning are easy, as compared to its competitors.
• Product has provided adequate assurance to organization’s PCI DSS program.

Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

It’s been almost one year since we started using this solution.

The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

FortiWeb provides a wide variety of deployment options such as

• Reverse proxy
• Inline transparent
• True transparent proxy
• Offline sniffing
• WCCP (Web Cache Communication Protocol)

Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.

We are a solution provider and I work in the sales team. We resell the Fortinet brand, including the firewall and other solutions.

I have experience with both using and configuration of Fortinet products.

We have had problems with deployments where we've had to contact technical support to resolve them.

I have been working with Fortinet FortiWeb for five or six years.

FortiGate is a stable product.

I have a good relationship with the support teams in Peru, and we are well-supported.

We have not needed support to assist with deployment, but we have worked with them for troubleshooting problems.

I am familiar with solutions from other vendors, but the majority of my knowledge is of Fortinet products.

We have not had any problems with deployment.

We have a network team that deploys this solution for different clients. We have three engineers in charge of deployment and maintenance.

I would rate this solution a ten out of ten.

We use Fortinet FortiWeb for our VPN. The solution is always updated to the latest version.

The solution is deployed on-premises.

It's easy to use and allows us to integrate solutions together.

The solution could have more customization.

I have used this solution for one year.

It's very stable.

I would rate the stability as six out of ten.

It's scalable. 

I would rate the scalability as seven out of ten.

Technical support is helpful and they respond quickly. I would rate them as eight out of ten.

I would rate the setup as five out of ten.

Our IT department implemented the solution.

The cost isn't expensive.

I would rate this solution as seven out of ten.

We are studying ClearPass as a solution. I was requesting a comparison between Aruba ClearPass and FortiWeb Forti.

FortiWeb has been a helpful investment in our network.

The reporting and token system is good. The AI machine learning was qualified to block and report any suspicious activity.

I see no room for improvement at the moment.

I have been familiar with FortiWeb for about three years now.

The technical support is very helpful. I rate their technical support a nine out of ten.

Positive

I only worked with similar solutions as a POC.

The initial setup was easy.

FortiWeb has been a good investment, helping our network and providing a return on investment.

The pricing of Fortinet FortiWeb is affordable and competitive.

I recommend FortiWeb to others. I wish there were more integration with Azure systems.

I'd rate the solution ten out of ten.