Fortinet FortiWeb Reviews

I use FortiWeb to protect all the domains in my organization. It safeguards my entire web segment. All the connections to my environment that do not come over VPN are protected by it, which is crucial as I work in the financial sector with a strong focus on security. FortiWeb stands in front of my environment, where either a firewall or WAF is used to inspect all inbound traffic.

It helps protect my organization by providing robust security measures for our web segment. By onboarding all my APIs and web applications onto FortiWeb, it ensures that traffic not coming through the firewall adheres to stringent security protocols. The SaaS model of FortiWeb also helps in managing latency effectively despite our users being in Nigeria while the infrastructure is based in Europe.

The features that I value most in FortiWeb include its inspection of traffic for Intrusion Prevention, Anti-Malware, and whitelisting capabilities. It allows specific IP whitelisting or even regional whitelisting, ensuring only whitelisted traffic from certain geographical regions can access the environment. These security features provide a comprehensive defense against malicious activities.

One area that needs improvement is the handling of SaaS downtime. When there is downtime at their data center, it becomes a transit point issue for us, causing downtime in our environment as well. Although measures like built-in redundancy and manual switching between data centers exist, there is room for improvement in making these transitions automatic without impacting the customer. Automating the migration without manual intervention would significantly enhance user experience during downtime. Additionally, being able to read non-flagged traffic for operational purposes could also be an area to improve.

I have been using FortiWeb for about three years now.

The performance of FortiWeb is impressive because I use it as a SaaS-based solution, meaning it is not hosted inside my environment. Despite initial concerns about latency due to traffic redirection, it has performed well even with our users situated in Nigeria accessing infrastructure deployed in Europe.

Their support is generally good, around a seven out of ten. They have a structured support system where you need to log into a platform to raise a case. For urgent issues, you need to raise a case and follow up with a phone call to escalate it to a higher priority. However, one downside is that getting immediate attention during emergencies can take up to thirty minutes or more.

Positive

Setting up the account is quick and can be done in thirty minutes to an hour if you know what you're doing. Onboarding applications are straightforward and can be completed in about ten minutes or less. Overall, the deployment can be completed in a matter of hours.

FortiWeb is cheaper by over ten percent compared to other solutions like Barracuda and F5.

I evaluated F5, Barracuda, and Cloudflare. FortiWeb stood out in terms of ease of use, management, and cost.

I would recommend using Fortinet above any other tool. It is secure, cost-effective, and easy to use. The deployment and operational aspects are user-friendly.

My company is a Fortinet partner and specializes in FortiWeb. We often compete against cloud-native solutions like Azure Application Gateway WAF. We typically conduct proof-of-concept tests for potential clients. They are usually looking for API protection and bot mitigation, which FortiWeb excels at. We take responsibility for implementing and supporting the solution for our customers.

We also conduct simulation tests and review feedback from colleagues and customers. Customers often seek solutions for bottlenecks, especially regarding machine learning. We can do a detailed review of the WAF services and provide a report for the customer.

If a customer has a website, a firewall alone is not enough. While a firewall can act as an application firewall, it may not be sufficient. If we have a firewall at layer four and layer seven, and the customer needs protection against OWASP Top 10 vulnerabilities or requires IT audits, a web application firewall becomes crucial. 

Additionally, if DDoS protection is a concern, it often comes integrated with WAF. For networking, some WAFs can even provide load-balancing functionality.

In my experience, we put my customer's website in monitor mode, not protect mode. So, we initially set up FortiWeb in monitor mode to avoid disruptions to the customer's website.

While in monitor mode, machine learning observed the web application. Once machine learning had enough data to analyze, we discussed unusual traffic patterns with the customer. 

FortiWeb identified potential DDoS attacks and suspicious domain activity, showcasing the value of its machine-learning capabilities.

The price could be close to Imperva; Imperva is the number one firewall.

FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that.

I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.

I used it for two years. I started working with it when a client company moved their web application to the cloud (Azure or AWS) and needed protection. We implemented a FortiWeb solution as their WAF.

I have used Check Point for email security. 

For security products, from my experience, customers will compare costs if they have been attacked. They may consider insurance. If you provide more protection, the return on investment is the compromise to use the application.

This product offers two pricing options: a standard package and an advanced package. The advanced package includes credential stuffing protection, while the standard package includes automatic application learning, bot mitigation, and web application protection. 

If you simply need to protect your website, the standard package is sufficient. However, if you need credential stuffing protection, the advanced package is necessary. This is the key difference between the two packages.

Overall, I would rate the solution an eight out of ten. 

I use the solution in my company, as we mostly load some web applications at our data center and use it to ensure that the web pages are properly secured.

Actually, most of the features of the tool are really good, but I would like to emphasize the importance of its machine learning features, as it can be implemented smoothly in Fortinet FortiWeb, and it is very helpful for our company.

Though the reporting is a nice aspect associated with the tool, I feel that it has certain shortcomings and can be made better. The reporting part can provide more information and be more specific.

Fortinet FortiWeb's admin guide could offer more, like, examples or features on how to implement the tool. It can provide information on how a user can make use of it in different usages, and that can help a lot. The admin guide is satisfactory, and it meets our company's needs.

Actually, my company would like it if the product could implement scanning attachments for exchange for assets or exchange needs. The aforementioned area consists of the feature that my company wants to apply, but it is not supported in Fortinet yet. My company needs the product to support us in the aforementioned area, and it can help us a lot by providing a layer of security that can check files and attachments in emails and other stuff, which would be great.

I have been using Fortinet FortiWeb for three years. I am an end user of the solution.

Stability-wise, I rate the solution an eight out of ten.

In terms of stability, it is a good solution that is easy to use and has many features and resources. The support offered by the product is good, especially since the support team responds on time, keeps you informed, and even follows up. Generally, it is a good solution to have and use.

My company has not experienced any downtime while using the product.

In our company, we have not implemented the product on a large scale.

Around 2,000 people per month use the product in our company.

Every single day, the tool is used to host web applications.

If our company needs to implement more hosted web servers, we will use Fortinet FortiWeb, but if not, then it will remain at the current number. Increasing the use of the tool is not my decision, and I just accommodate the needs of the organization.

The solution's technical support is good. When my company faced some problems with the product, I found the solution's support team to be very supportive and helpful. I rate the technical support a nine out of ten.

Positive

On a scale of one to ten, where one is difficult and ten is easy, I rate the product's initial setup phase as eight or nine.

The product's initial setup phase was straightforward, and since our company didn't have any problems with it, we didn't encounter many problems with the tool. Maybe our company encountered some problems with the product's setup because we used to use it to set up the servers or stuff, which took time, but now Fortinet FortiWeb handles everything smoothly and easily.

The solution is deployed on an on-premises version.

The solution can be deployed in a week.

If my company did not have Fortinet FortiWeb, then I believe that we would have had to host some of the services in an external data center with extra fees and there we would have had to pay for the web services, but we don't need that anymore because now, we have an on-prem web service that can promote us to be able to host as much as we need of web services.

On a scale of one to ten, where one is zero percent and ten is a hundred percent, I rate the ROI as an eight.

If one is very cheap and ten is very expensive, I rate the product price as three or four. The tool is cost-effective and offers value for money. I didn't mean it was very expensive. The price is fixed, but some features need an extra license.

My company was considering F5, but you actually went for Fortinet FortiWeb after considering the cost aspect.

My company doesn't specifically host e-commerce platforms since we offer mainly government services.

The security part has been satisfactory till now, and we haven't faced any problems yet.

FortiGate FortiWeb's features that have been most effective in mitigating web-based threats are possible because of the signatures. My company doesn't need to enforce a lot of policies or stuff. Fortinet FortiWeb has a lot of internal databases that can help you, and you can use whatever platform you are hosting your web applications through whichever software you use. it can build up a web protection profile that matches your needs, making it a very helpful tool.

Speaking about how machine learning features enhance our security posture, I would say that some aspects of the website are not normally clear for our company, and machine learning helps in such areas. It just traces the normal usage of the web applications along with the websites or links most users visit while also checking which URLs are mostly used, after which the tool differentiates between the normal usage and any abnormalities, based on which it builds the model that can be used to improve the security. Sometimes, a person cannot do things manually and is not sure about all the aspects of our web applications because many are not developers. Machine learning comes into the picture because one may not know all the stuff associated with the product.

A team of four or five people is enough to deploy the tool. Maintaining the tool is actually not a very big task and not many people are required for it.

The integration capabilities of the product with other security tools have benefited our company's security strategy as it sits smoothly in our network. The tool doesn't cause any problems with the integration part.

I would recommend that users use the tool's high availability. With the tool, one box is not enough, so there is a need to have a cluster of two boxes. Users need to measure their needs regarding the logging process and everything else, including processing. Even before starting to use it, we have to set up everything, or you would be confused about how to use the tool in the future, and it would be difficult to figure out how much retention log retention we would need in our company. It is important to set up everything related to the users' needs so that they don't need to change a lot of settings in the future.

I rate the tool an eight out of ten.

We use FortiWeb as our web application firewall. 

FortiWeb provides the level of security we need at an excellent price point. It's easy to deploy and operationally efficient. FortiWeb enables us to streamline tasks. It's a robust solution that's effortless to configure. The AI and machine learning features help us block unknown threats. 

We can bring our web applications online faster because FortiWeb shortens the time needed to bring any application into production. Compared to other application firewalls, FortiWeb has a smoother process for bringing applications online. 

FortiWeb has few false positives. It's more accurate than other solutions, so we also see fewer alerts. FortiWeb has helped free up IT staff for other projects. You don't need to spend much time getting applications ready for the web, so IT staff can use this time to manage other things. 

The AI engine and machine learning features distinguish FortiWeb from other solutions. It has a robust UI. FortiWeb is solidly accurate and provides excellent protection against zero-day attacks using machine learning. It appears to be effective because we've never experienced a breach from a zero-day attack. 

We use almost all of the features, including analytics, malware detection, bot mitigation, and API discovery.

I think customers have the impression that FortiWeb is primarily for SMEs, but FortiWeb should work to expand its market share and adjust its branding. F5 and some other firewalls are easier to customize. FortiWeb could be more flexible and customizable. The documentation could also be improved because many of the advanced features aren't fully documented. 

We have used FortiWeb for around a year.

FortiWeb is highly stable. We haven't seen any bugs. The solution is reliable once configured properly.

FortiWeb isn't difficult to scale.

I rate Fortinet support six out of 10. The documentation and support need improvement. 

Neutral

We have used Citrix WAF and the F5. FortiWeb offers most of the same features at a better price. 

I have done on-prem, hybrid, and cloud deployments of FortiWeb. The deployment was straightforward for most features, but a few features require some customization and configuration in the console. That's where we ran into problems because the documentation isn't thorough in some areas.

It takes around three or four days to deploy FortiWeb for a simple website. It takes longer for a complex website, but it depends on the level of complexity. We deployed FortiWeb in-house with two people and some help from Fortinet support. It's deployed across multiple data centers and locations.

The price-performance ratio is good. The time to value is quick because it's easy to deploy and the ML engine doesn't take long to adjust and apply the correct rules. 

FortiWeb offers these services at a price that SME customers can afford, but it's also suitable for large enterprises. Still, they need to put in more work to gain a greater share of enterprise business because they face stiff competition in this segment from F5, Cloudflare, and some others. 

I rate Fortinet FortiWeb eight out of 10. FortiWeb is a suitable product for SMEs. I recommend a proof of concept before going forward with any project.

We use FortiWeb to connect external APIs to our on-prem data center solutions.

We use FortiWeb for extended protection profiles to mitigate SQL injection and other web application threats. It is effective against web application threats and helps with our API protection and load balancing. 

Additionally, it is cost-effective compared to other solutions.

They could integrate some kind of machine learning and AI facilities to automate workflows. We need to update regular patches frequently, and it requires regular installation and testing of these patches.

We have been working with FortiWeb for almost five years.

It is stable for us, showing good performance in handling web security.

I would rate its scalability at six because we have to increase our CPU and memory capacities, as it is confined to CPU and memories.

I would rate the customer service and technical support between eight and nine out of ten.

Positive

The setup is easy to manage.

It helps us save costs, about 20% to 30%.

In comparison to other solutions, the price is reasonable.

FortiWeb is suitable for medium-scale companies. I recommend using this solution.

I'd rate the solution nine out of ten.

Fortinet FortiWeb's use case is associated with WAF or web application firewall. Before a platform faces the internet, Fortinet FortiWeb inspects the traffic.

Fortinet FortiWeb is much cheaper compared to other solutions like the ones from F5 Networks, which have more capabilities. I think Fortinet FortiWeb is not as capable as F5 Networks, but it is cheaper. The key point for Fortinet FortiWeb is that when I give it to the customers, I see it is cheaper than F5 Networks.

All the players in the market are already using AI. In the AI area, I don't find any specific feature for Fortinet FortiWeb that is special compared to the other products in the market.

Fortinet FortiWeb's ML features are good, but they do not make the tool any special because all the products in the market, like F5 Networks, already use AI features. The AI feature does not make Fortinet FortiWeb any special.

The tool's WAF or web application firewall area has certain aspects that can be improved. I cannot find what features superficially can be improved in the WAF area of the tool.

Fortinet FortiWeb can be applicable for small or big networks. In my opinion, Fortinet FortiWeb can manage or improve its log management capabilities. As far as I know, FortiGate has a limit, which means it can be used for logging for seven days, and maybe it is because Fortinet wants to speed up the selling of another product called FortiAnalyzer. FortiAnalyzer is a device dedicated to logging analytic solutions. Fortinet may limit the capability of logging in Fortinet devices so that customers buy FortiAnalyzer for log analytics.

I have been using Fortinet FortiWeb for three years. My company is a reseller of the solution.

I don't know about the tool's scalability.

I rate the technical support a nine out of ten.

Positive

I also use FortiAuthenticator.

The product's initial setup phase can be somewhat complex depending on what software needs to be protected by Fortinet FortiWeb. If the web application is simple, the configuration can be made simple. If there is any specific need to protect the area in the web application, it is more tricky to configure Fortinet FortiWeb. It depends on what kind of web application needs to be protected by Fortinet FortiWeb. Overall, the tool's configuration is neither easy nor difficult.

If one is cheap and ten is expensive, I rate the tool an eight.

The product's document says that Forinet FortiWeb can detect zero-day attacks, but it needs more devices like FortiSandbox for help. Fortinet FortiWeb needs to be integrated with FortiSandbox. I think it is Fortinet's strategy to upsell other tools because Fortinet doesn't want to put the solution in one box or one device. If you want another feature, Fortinet wants you to buy another box.

I rate the tool an eight out of ten.

FortiWeb is used for protecting against malicious activities, such as SQL injections, for outward-facing web forms.

The most valuable features of FortiWeb include its dashboard and out-of-the-box integrations with other Fortinet products, which enhance its effectiveness. FortiWeb's position as part of the Fortinet platform makes it particularly beneficial for Fortinet customers, offering seamless integration and operational cost savings.

There is room for improvement in the portability on multi-cloud environments. Enhanced DDoS integration to make FortiWeb more unified with other Fortinet products could be beneficial.

I have personally been working with FortiWeb for approximately two years.

I would rate the stability of FortiWeb as nine out of ten, indicating highly stable performance.

I would rate the scalability of the product a seven out of ten. While it is multicloud-enabled, there is more automation in other products that may better suit complex environments.

I would rate the customer service and support as nine out of ten.

Positive

Our team, consisting of three certified Fortinet engineers, handles the deployment, although globally, Exclusive Networks has a large team of certified engineers.

Operational costs decrease when using FortiWeb within the Fortinet stack due to integrated assessments and security event management.

I would rate the licensing cost as seven out of ten, considering it good value for money. The price is affordable and reasonable for the features offered.

We also work with other vendors such as F5, Proofpoint, and Palo Alto, however, Fortinet stands out for its holistic vision of cybersecurity.

Overall, I would rate FortiWeb an eight out of ten for existing Fortinet customers due to its seamless integration and good value for money.

I use the solution in my company to make web applications more secure because we have a special portal or web interface that we have to make secure for cybersecurity and different accesses. We found that FortiWeb Web Application Firewall (WAF) works fine for such use cases.

The tool's most valuable feature is the web access it offers. We control every access, like who goes in and what they do.

The tool's price and performance are areas of concern where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

My company has three customers using the tool. One of the customers has 1,00,000 users.

My company manages the technical support with around four people, so it is not a complex process for us to handle. In general, the tool's support team is friendly.

The product's initial setup phase was easy.

The solution's deployment needs a bit of time because we have to discuss it with the deployment team, which consists of software. The project keeps growing and changing daily, so if the people involved in the deployment make new software, we have to change something. It is an easy process and can be managed in around two weeks by one person.

The tool is really expensive. In our company, we could do a lot more, but the price is always a point covering areas like why we need one, whether it is important to discuss, why it is so expensive and so on.

Speaking about the licensing model, people need to opt for a subscription-based model. My company likes to have a subscription for at least three or five years because, otherwise, you have to renew the license. Managing the licensing part for one person can also be very complex.

The solution helps protect our company's web applications against common threats up to 99 percent. We feel very safe with the tool.

Speaking about how the tool has effectively mitigated web security threats for an application, I would say that it is an application behind the web portal, so there are about a hundred or thousand people who can access a website. If it is a sensitive application, and we have to watch every access to it to make it really safe, that is the reason why we need WAF on the application.

My company doesn't use AI with the tool.

I recommend the product to others. I would say that others need to have it if they have a shopping website or something similar. I know it is hard to sell because we find it quite hard whenever my company tries to do so.

The solution offers 100 percent integration with other Fortinet security products.

The ease of policy configuration in the tool is okay.

I rate the tool a nine to ten out of ten.