Fortinet FortiWeb Reviews

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.

We have been using all the features and everything is nice. 

I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks. 

We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced. 

We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.

We have been using it for five years (since 2015). 

We haven't had any issues with it so far. 

The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.

We plan to use the product for the next two years. There are no major upgrades planned anytime soon.

There are four users for the product (with two being from the security team).

We have needed minimal support for the solution. The support has been okay.

We did not have a solution that we previously used.

It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.

The deployment took almost six hours to get up and running.

We used a reseller. They helped us implement the device. 

The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.

All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.

Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.

What we have now is working fine.

I would rate FortiWeb as an eight (out of 10).

The version we are using is not old, but neither is it up to date. 

We implement FortiWeb to block incoming attacks to our network and web applications.

We use complex authentication rules and forms, in addition to the solution, for protection. We also do caching with static websites and compression. 

I would say that machine learning is the most valuable upgrade from 5.8, both before and after 5.9.

The documentation for the machine learning could be better. They do not provide proper documentation explaining how the solution works or how to configure it. A good, valid KB article would be helpful. 

It is difficult to configure the machine learning and get it up and running. We put in a week of learning mode and then place it in our production. The machine and data learning is a pain point. I work with different clients. The machine-learning algorithm doesn't learn all the URL patterns. 

It would be nice to see certain software changes in order to add some kind of betterment with machine learning.

As a hardware device, the solution is very stable. This is true when compared with other web application firewalls. 

Hardware is not very shareable, as increasing capacity would require the use of a different one. But there is good scalability when it comes to WAF, SaaS and cloud solutions. The CPU cores and RAM memory capacity can always stand improvement.

From the time a ticket is created, technical support takes a while to respond, especially when compared with Cisco. In this area it is not so great. 

The deployment was very easy. Since it concerns hardware, one only need plug in the firewall and bring it up by connecting the device. It is pretty easy and not time consuming. The deployment takes, perhaps, one hour. But, the configuration and machine learning are important. 

The license can be renewed on an annual or tri-annual basis. The price is competitive. 

The solution protects a web server with more than 1,000 users making use of the solution. 

The solution is good. It has a preferable price, stability and security, all which recommend it to other users. My only issue is with the machine learning. 

I rate Fortinet FortiWeb as an eight out of ten. 

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

We are partners with Fortinet. We specialize in power customers. We use many products like FortiGate, FortiWeb, FortiAnalyzer, FortiSIEM, and FortiSandbox.

All the FortiGate products are new, even the Fortinet switches we are selling to our customers. We also install and configure the network for our customers.

With this product, you can secure all the Fortinet products together. I'm an entrepreneur. Most people fail in the publication of a firewall.

FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now. 

Fortinet FortiWeb now has artificial intelligence and machine learning.

What I would like to see improved in Fortinet FortiWeb will probably be included in the next release. The legal feature needs better step-by-step use of the form. 

We use the FortiGate guidebook for step-by-step instructions. But the FortiWeb guidebook is only is a demonstration kit which is not enough for a new installation.

FortiWeb is a stable solution.

Fortinet FortiWeb is not scalable. There is a model and a license if you want to use it. You'll need more budget to change the hardware. FortiWeb is not scalable on the same plan.

The initial setup is not simple for all the products. Some Fortinet products vary, but overall it is straightforward.

In the version of Fortinet FortiWeb that we have, it does not include the scanner. We cannot access every feature. If you have all the popular products, you can use the system perfectly to connect everything. 

Fortinet can improve the security firebase in support for HTTPS and the CPU with additional configurations. On a scale from 1 to 10, I would rate Fortinet FortiWeb a two.

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS. 

When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up.

The most valuable features are the access policies and how Fortinet gets the compilation done is really good.

I would like to have an antivirus option. 

Stability is very good. 

We haven't had any issues with scalability. You can scale up easily. 

Their technical support is good. 

We previously used Cisco. We switched because all they are is a brand name. It was a failure. We gave it a year to improve the product and it didn't so we switched. 

The initial setup was straightforward. The deployment didn't take much time. The support guys were really good. The transition from Cisco to Fortinet was a bit challenging but they had tools to make it easier. 

We require three staff for the deployment and maintenance. 

We are the resellers. 

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue. 

Fortinet FortiWeb can be used to protects business-critical web applications from attacks or vulnerabilities.

One of the big advantages of using Fortinet FortiWeb is all the Fortinet family solutions use the same user interface and logic. This makes it easy to use, configure, manage, and understand if you have used one of their solutions before or are wanting to implement other Fortinet solutions in the future. Additionally, all Fortinet solutions can be managed with one application called FortiManager.

The solution could improve by providing more integration with solutions other than the Fortinet family.

I have been using Fortinet FortiWeb for approximately five years.

The solution is stable.

Fortinet FortiWeb is scalable.

We have had approximately five customers using this solution.

The technical support has been good in my experience.

The installation of Fortinet FortiWeb is straightforward. The time it takes to do the installation depends on the environment of the customer and if there are any additional configurations needed. However, a typical basic installation takes approximately one hour.

We use one engineer that does the maintenance of the solution.

The solution can be deployed on-premise and on the cloud. We have been working with governments in Turkey and they tend not to trust their data on the cloud and choose on-premise deployments. However, many companies here are moving to the cloud.

I would recommend this solution to others.

I rate Fortinet FortiWeb a nine out of ten.

• Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
• Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
• Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
• Zero-day protection
• Advance correlation
• URL rewriting and content rewriting

Before FortiWeb deployment, we were using a combination of commercial and open-source products. It was a hassle for the administrators, due to which some areas were unintentionally overlooked and caused many problems. With FortiWeb, we got a one-box solution for internet and internet security, which reduced the time required of the administrators and improved visibility at the larger scale.

Usually patches and version upgrades are really buggy, so we usually wait about one month for a stable release to upgrade. They need to improve the new version/patch delivery mechanism. For example, if a patch fixes one functionality for web services but also causes some other functionality failure.

I have been using it since 2014.

In the first few months, we had some issues but with a custom patch, we are good.

No scalability problems so far.

I rate technical support 8.5/10.

We were using combination of solutions, due to our organisation's policies. Due to lack of visibility, administrative issues and response times, we shifted.

We had a complex environment, with multiple offices across the globe with all the data in and out from our HQ.

At the time of deployment, and still now, the price was considerable less than other solutions and varies according to license type.

We also evaluated Cisco and McAfee.

It is a great product, but be careful with version upgrades.

The primary use case of this solution is for security, on the periphery for the VPN.

It is easy to install and to maintain.

We are considering an upgrade to our firewall because our current version is not compatible with our FortiAnalyzer. As there is an incompatibility, we have been advised by Fortinet that an upgrade is necessary to avoid issues.

We believe this product will become obsolete.

It needs to better integrate with other platforms.

In terms of performance, it needs to be more robust. During the lockdown, we are connecting to a VPN and the connection should be faster, there should be RAM or more hardware. Also, it should include security features.

I have been using Fortinet FortiWeb for two years.

This solution is stable and w have had no issues with its stability.

It's a scalable product and we have plans to use it in the future.

We have approximately 1000 users in our organization.

We are satisfied with technical support, we have not had any issues.

The initial setup was straightforward, it was easy.

There were no issues and it was deployed in six months.

We have a team of 20 providing the IT infrastructure, including switching, firewalls, and maintenance.

We have been using Fortinet for four years and internally we are using Cisco.

We would certainly recommend this product.

I would rate this solution a nine out of ten.