No more typing reviews! Try our Samantha, our new voice AI agent.
Senior Information Security Consultant at Future Telecom
Real User
Oct 21, 2020
Integrates very well and easy to use, configure, and manage
Pros and Cons
  • "The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features. It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product."
  • "Our customers find Fortinet FortiWeb much better than other solutions."
  • "They could improve their support a little bit for faster response time."

What is our primary use case?

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

What is most valuable?

The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.

It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product. 

What needs improvement?

They could improve their support a little bit for faster response time. 

For how long have I used the solution?

I have been using Fortinet FortiWeb for two years.

Buyer's Guide
Fortinet FortiWeb
July 2026
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. The web application firewall is protecting the web servers in an organization from outside to inside. It probably has more than 1,000 users.

How are customer service and support?

Their technical support needs a little bit of improvement in terms of faster response time.

How was the initial setup?

The initial setup is very straightforward. It took about 30 to 40 minutes for one web application for default settings. If you want to go with complex settings, then it would probably take three to four days to understand the application backend and everything else.

What about the implementation team?

We used a system integrator. One Admin is more than enough to deploy and maintain it. It is very stable and easy to configure and deploy.

What's my experience with pricing, setup cost, and licensing?

Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor.

Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough.

What other advice do I have?

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. 

We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. 

I would rate Fortinet FortiWeb an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
GRC Security Consultant at Ionize
Consultant
Oct 11, 2020
This flexible suite solves compliance problems but that comes at a cost
Pros and Cons
  • "If I need something from tech support, I can get it answered within the hour."
  • "Both the internal firewall management and the cloud can be managed by a single console."
  • "For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company."
  • "It costs too much."
  • "It is not entirely user-friendly."
  • "I think that ForiWeb is expensive for what they are offering. It should just be cheaper for what they are offering in comparison to other tools on the market."

What is our primary use case?

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

What is most valuable?

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

What needs improvement?

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

For how long have I used the solution?

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

What do I think about the scalability of the solution?

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

How are customer service and technical support?

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

How was the initial setup?

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

What's my experience with pricing, setup cost, and licensing?

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

What other advice do I have?

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Fortinet FortiWeb
July 2026
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.
reviewer890208 - PeerSpot reviewer
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Sep 19, 2020
Efficient, stable, and has good IP reputation features, but there are many false positive with the layer 7 attacks
Pros and Cons
  • "It's stable and works efficiently against OWASP Top 10 attacks."
  • "The Layer 7 DDoS attacks need improvement, it could be better."
  • "When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks."

What is our primary use case?

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

What is most valuable?

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

What needs improvement?

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

For how long have I used the solution?

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

What do I think about the stability of the solution?

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

What do I think about the scalability of the solution?

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

How are customer service and technical support?

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Which solution did I use previously and why did I switch?

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

How was the initial setup?

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

What about the implementation team?

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution, although there are no additional costs.

What other advice do I have?

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer2323683 - PeerSpot reviewer
Network Security Engineer at a computer software company with 5,001-10,000 employees
Real User
Dec 21, 2023
User-friendly, stable and efficiently secure VMs and applications
Pros and Cons
  • "We use it to secure VMs and applications. It protects against DDoS attacks. It's very user-friendly."
  • "There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support."

What is our primary use case?

I initially deployed it for my company, but now I administrate it for a client.

What is most valuable?

We use it to secure VMs and applications in Azure. It protects against DDoS attacks.

It's very user-friendly.

What needs improvement?

There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support. 

In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.

For how long have I used the solution?

I have been using it for three months now. 

What do I think about the stability of the solution?

It is a stable solution. 

What do I think about the scalability of the solution?

It is a scalable product. 

How are customer service and support?

For some initial issues. It's good, but not during the first year. FortiWeb could improve response time and first-level support clarity.

How would you rate customer service and support?

Positive

What about the implementation team?

The first implementation with an expert took two hours. My solo attempt took three weeks.

What other advice do I have?

Take time to test it thoroughly. Consider buying an existing solution if needed.

Overall, I would rate the solution an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Cyber Security Engineer at Mudra Electronics limited
Real User
Nov 8, 2023
Has a user-friendly dashboard, but its technical support services need improvement
Pros and Cons
  • "The product has a very user-friendly dashboard."
  • "The product's scalability could be better."

What is our primary use case?

We use FortiWeb for protecting web applications.

What is most valuable?

The product has a very user-friendly dashboard.

What needs improvement?

The software's support services could be better compared to Sophos.

What do I think about the scalability of the solution?

The product's scalability could be better compared to Sophos.

How are customer service and support?

It is challenging to communicate with the FortiWeb's support team.

Which solution did I use previously and why did I switch?

We use Sophos as well.

How was the initial setup?

FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.

What's my experience with pricing, setup cost, and licensing?

The product is expensive. I rate the pricing a ten out of ten.

What other advice do I have?

I rate FortiWeb a five out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Soroush-Enayati - PeerSpot reviewer
Network security engineer at freelancer
Real User
Nov 25, 2022
Great machine learning, artificial intelligence and behaviour detection
Pros and Cons
  • "It helps us prevent attacks on servers."
  • "There are many valuable features; it has machine learning, artificial intelligence, behaviour detection, and many other features capable of detecting web attacks."
  • "The initial setup is complex."
  • "The initial setup is complex and takes between three to six months."

What is our primary use case?

It helps us prevent attacks on servers, and we deploy it on-premises.

What is most valuable?

There are many valuable features. It has machine learning, artificial intelligence, behaviour detection, and many other features capable of detecting web attacks.

What needs improvement?

The initial setup could be simplified.

For how long have I used the solution?

We have been using the solution for approximately ten years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

We do not have experience with customer service and support.

How was the initial setup?

The initial setup is complex and takes between three to six months.

What about the implementation team?

We implemented the solution in-house.

What's my experience with pricing, setup cost, and licensing?

Fortinet FortiWeb has some types of licenses, and the main licenses refer to updating a signature and a pattern.

Which other solutions did I evaluate?

We evaluated machine learning and the main signatures about known attack signatures.

What other advice do I have?

I rate the solution a ten out of ten, and I recommend it for every organization with web services.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
willie.Na. - PeerSpot reviewer
System Engineer at Trans Business Machines Ltd
Real User
Jun 29, 2022
Easy to scale in terms of learning and utilization with a user-friendly GUI
Pros and Cons
  • "I like that the GUI makes it easy to scale in terms of learning and utilization."
  • "Lacks functionalities that are available in other solutions."
  • "There are specific functionalities that I'd like to see improve and that would basically bring it into line with what is being offered by solutions such as F5 and Imperva."

What is our primary use case?

We use this product for load balancing and for their firewall. We are partners with Fortinet. 

What is most valuable?

I like that the GUI makes it easy to scale in terms of learning and utilization.
We chose this solution based on the online training and materials they offered. It's easily available on the web. 

What needs improvement?

There are specific functionalities that I'd like to see improve and that would basically bring it into line with what is being offered by solutions such as F5 and Imperva.

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

This is a stable solution. 

How was the initial setup?

The initial setup is straightforward, the deployment took us about two hours. We currently have 16 users. 

What other advice do I have?

I rate this solution seven out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Presale Engineer at a computer software company with 1,001-5,000 employees
Real User
Jun 1, 2022
Has excellent performance, pricing, and support services
Pros and Cons
  • "The support services, performance, and pricing are all valuable features, and the performance is excellent."
  • "The initial setup process could be improved."

What is most valuable?

The support services, performance, and pricing are all valuable features. The performance is excellent.

What needs improvement?

The initial setup process could be improved.

For how long have I used the solution?

I've been working with this solution for two years.

It is deployed both on-premises and on the cloud.

What do I think about the scalability of the solution?

In general, we have small projects, so the scalability has been fine for our clients.

As for users, we have, in general, 50 to 100 clients.

How are customer service and support?

My colleagues at the network operations center have contacted technical support. I would rate technical support at eight on a scale from one to ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We sell and work with several options, but we feel comfortable with Fortinet FortiWeb because the performance and feedback are great.

How was the initial setup?

In general, the initial setup is easy, and I would rate it at four out of five.

What about the implementation team?

I deployed it myself.

What's my experience with pricing, setup cost, and licensing?

There's only one payment for the duration of the license. On a scale from one to five, I would rate pricing at four.

I have not encountered any additional costs on my projects involving Fortinet FortiWeb.

What other advice do I have?

I sell or presell, and in general, the feedback is great. In fact, I think that Fortinet FortiWeb is number one in terms of performance.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
PeerSpot user
Ali Rochmat - PeerSpot reviewer
Sales Manager For State-Ownership Enterprise at PT EDI INDONESIA
Reseller
Feb 15, 2022
Useful sandboxing, effective threat protection, and simple configuration
Pros and Cons
  • "The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention."
  • "In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations."

What is most valuable?

The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention. 

What needs improvement?

In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations.

For how long have I used the solution?

I have been using Fortinet FortiWeb for approximately two years.

What do I think about the stability of the solution?

I have found Fortinet FortiWeb to be stable.

What do I think about the scalability of the solution?

The solution is scalable, but it can only scale at a medium level.

How are customer service and support?

We use the technical support from the system integration, not directly with Fortinet FortiWeb. It takes them a lot of time to solve an issue when we submit a complaint.

in Indonesia, we need more knowledgeable local support.

How was the initial setup?

The initial implementation is simple and the configuration is straightforward.

What's my experience with pricing, setup cost, and licensing?

The price of Fortinet FortiWeb is reasonable. This is one of the key factors of why we use this solution.

What other advice do I have?

I rate Fortinet FortiWeb an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1472592 - PeerSpot reviewer
Director at a tech services company with 51-200 employees
Real User
Feb 12, 2022
Good for compliance, load balancing, and high availability
Pros and Cons
  • "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
  • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."
  • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work."

What is our primary use case?

We mainly use it for protection. OS scanning and load balancing are two of its main use cases.

My team is most probably working with its latest version. In terms of the deployment, lately, it has been on the cloud because the end-user-facing web applications are usually live on the cloud.

How has it helped my organization?

Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.

What is most valuable?

The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.

What needs improvement?

From the feature perspective, it is pretty rich. The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect. 

I would also like it to scale automatically based on the traffic.

For how long have I used the solution?

I have been using this solution for about six years.

What do I think about the stability of the solution?

I've never seen any issues, but when you turn on all the features or every single scanning, that's when it slows down a bit.

What do I think about the scalability of the solution?

It is scalable, but it is a roundabout way of automated scaling. It is not truly automated scaling. In general, when the size is okay, scaling is not a problem. I would like it to scale automatically based on the traffic, but that doesn't happen because automation is not there.

I haven't seen any big issues with performance. We ran 20,000 connections through it, and it was okay. When you deploy it in the cloud, you can increase the size of the VM, and with extra licensing, it is fine performance-wise.

It is suitable for medium and large customers. My team has deployed at least 500 of these in the last few years. In general, it's okay. We don't have any issue with it.

How are customer service and support?

They have been pretty good, honest, and upfront. It all comes down to expectations when you buy these things.

I know the country manager very well. He is my friend for Fortinet. They are very good in terms of support. 

When you buy these things from a marketplace like Amazon or AWS, the support is not as good as it can be because the first line of support is the cloud provider, and then there is the vendor. So, our preference usually is to go directly to the vendor because they know more about it.

Which solution did I use previously and why did I switch?

One of the best things about Azure Firewall is the automation. There is a huge difference. The second thing is pricing. 

With FortiWeb, when you want to buy HA, you need to start designing high availability across different regions. With Azure, it comes by default.

How was the initial setup?

It depends on the customer and the use case. Usually, it's straightforward, but as you add more applications, it can become more and more complex.

The deployment duration varies. Usually, designing, building, and putting in production take about four weeks, but it also depends on the application type.

It requires maintenance all the time. Everything requires maintenance. Usually, we build it and operationalize it, and we then hand it over to the customer.

What's my experience with pricing, setup cost, and licensing?

It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there.

What other advice do I have?

I would advise getting the right engineer. You need someone who is a specialist, and that's very important.

I would rate it an eight out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.