Fortinet FortiWeb Reviews

• Firewall policy

• Internet
• Servers

I have used it for a year and a half.

We had one stability issue when I ran it once with Wireshark; it froze.

I have not encountered any scalability issues.

I cannot rate technical support because I have not used it yet.

I switched from SonicWALL to Fortinet. I am happier now.

Initial setup was not that difficult. It was different to my previous solution; I could do it on my own.

Before choosing this product, I did not evaluate other options.

• Be aware of logs.
• Does not compare with Check Point about finding policies.

The most valuable features of the product are its IPS and VPN server.

The device is very handy and it helps us to protect our web and database servers from being penetrated from outside the office.

The antivirus and the IPS can be improved in the future.

I have used it for about two years.

Fortunately, we have not yet encountered any stability issues!

With the 600-C model, we had some scalability issues.

I did not previously use a different solution.

Initial setup was very straightforward and simple.

These devices, especially the 1500-D model, are really worth purchasing and using.

Before choosing this product, we evaluated many products such as Cisco, Juniper, Cyberoam, and Sophos.

In my opinion, the FortiGate appliances, and especially the D series, are really powerful ones and worth providing for your network.

• UTM
• Ease of use
• Built-in server load balancing
• VPN
• Next-gen firewall features

It provides good security visibility.

A BYOD feature is missing; this could be a good add-on.

I have used it for about 18 months.

I did not really encounter any stability issues; it performs well.

I have not encountered any scalability issues in 18 months.

Technical support is average; it could improve.

We previously used Cisco PIX and ASA. We switched because there is no next-gen firewall in the Cisco portfolio.

Initial setup was straightforward.

Pricing is competitive. Licensing could get expensive as we add feature sets.

Before choosing this product, we evaluated Palo Alto, SonicWALL and Juniper.

It is a good option, keeping in mind pricing and features.

• Routing
• Web filtering
• Wi-Fi control

It’s an all-in-one solution that lowers the cost of having multiple solutions. It gave us more Wi-Fi control capability.

- Logging

We have been using this model for one year. We previously implemented earlier models for six years.

We have encountered very few stability problems. In six years, we had one device that need to be shipped back to Fortinet. We had HA set up at that location, so there was no down time.

We did not have a problem upgrading their firmware updates.

Yes and no; you have to size it right before buying. The hardware on some models is not expandable, but you can easily turn software add-ons on and off.

I’ll give them an 8/10 for technical support.

We had a Cisco router and a Barracuda. We switched from that to a FortiGatefirewall and the Cisco Router. Finally, when the Cisco router was going bad, we replaced it with a FortiGate 100 for firewall and routing capability.

Initial setup complexity depends on the network. The admin console is easy to use.

They have options for their licensing. Look at what you are going to use it for and purchase that way.

Before choosing this product, we did not evaluate other options. We had one of the smaller firewalls, and we upgraded to one of their bigger ones.

Look at sizing. And if you are a 24/7/365 shop, get two for HA.

• Security profiles with application control & web filtering. You can filter which applications are allowed or blocked inside your network, according to the port they are using. Web filtering - which can be applied to Skype for example, prevent botnets, and P2P - also is very helpful when you want to control what is allowed inside the network.
• QoS. You can set QoS according to application priority.
• Antivirus from end to end
• Remote and site-to-site VPN

We have minimized our expenses for internet security/antivirus in host-side products such as FortiClient installation, which has antimalware/web security/antivirus and protects the host from vulnerabilities while connected to the server.

I would like to see support for throughput up to 10 gbps and WAN support. Depending on your device’s design, I’d like to see throughput support up to 2 mbps for SSL, 3 mbps for IPS, and 1.5 mbps for applications. This might already be offered with newer versions.

I haven't used the latest release of device. From my current device perspective, reporting is good, but I want to see, in the future releases if they haven't done yet, is the total traffic alert (highest peak) that could receive on mobile or email. This is very helpful if you could set in required interval to monitor the total traffic that could feel the traffic in your hands.

I have used it for five years.

No issues encountered.

No issues encountered.

I rate the level of technical support 9/10.

It was straightforward for minimal configuration and requirements, CLI for complex configuration.

Pricing and licensing is good and it depends on what the business solution requires.

FortiNet shows me the health of the entire network. Evaluate how you would use FortiNet UTM. Look for the solution which fits your business infrastructure requirements such as VPNs, firewalls, application and web filtering, throughput, and most of all, which device which gives you the best performance.

• Firewall
• Load balancing

It makes our web site system work nice and smooth.

The UI is a little complicated for new users.

I have been using it for over a year.

I have not yet encountered any stability issues.

I have not yet encountered any scalability issues.

I have even contacted technical support once.

My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we discovered that we needed another solution. We chose FortiWeb after a little research into the market.

Initial setup was straightforward.

The pricing is a little high.

• FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
• Rewrite
• Redirect
• Proxy reverse mode

It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.

I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:

• Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
  • If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
  • If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
• Upgrading from 5.3.x to 5.5.x:
  • Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
  • Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.

I have used it for three years.

It really is a powerful WAF; more than one year running with no stability issues.

We did not have to scale our web servers; we just added new servers without any issue.

The support is good, but they need more experts, because sometimes they take too much time to provide solutions.

Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.

The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.

I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.

For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.

I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.

• It supports OWASP top 10.
  As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:

1. Create first the objects needed.
2. Assemble the policy.

• The GUI interface is intuitive. I have never needed to use the CLI
• It has good reports.It is easy to manage.

The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

This is a false positive. If the signature was more complex, that would not occur.

I have been using it for four years.

I have not encountered any stability issues, but it always consumes a lot of memory.

Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

Price and licensing is fine; it is one of the cheapest solutions and does its job.

We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

It has a good quality/price relationship. The web vulnerability scan module is useless.