IT Central Station is now PeerSpot: Here's why

Fortinet FortiWeb OverviewUNIXBusinessApplication

Fortinet FortiWeb is #2 ranked solution in top Web Application Firewalls. PeerSpot users give Fortinet FortiWeb an average rating of 8.0 out of 10. Fortinet FortiWeb is most commonly compared to F5 Advanced WAF: Fortinet FortiWeb vs F5 Advanced WAF. Fortinet FortiWeb is popular among the large enterprise segment, accounting for 49% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 31% of all views.
Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: August 2022

What is Fortinet FortiWeb?

Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

Fortinet FortiWeb Features and Benefits

APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

  • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

  • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

  • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

  • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

  • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

  • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

Reviews from Real Users

Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Fortinet FortiWeb Pricing Advice

What users are saying about Fortinet FortiWeb pricing:
  • "It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there."
  • "It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced."
  • "It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise."
  • "We are on an annual license for this solution and the price is approximately €100."
  • "There are no costs in addition to the standard licensing fees."
  • Fortinet FortiWeb Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director at a tech services company with 51-200 employees
    Real User
    Top 20
    Good for compliance, load balancing, and high availability
    Pros and Cons
    • "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
    • "The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."

    What is our primary use case?

    We mainly use it for protection. OS scanning and load balancing are two of its main use cases.

    My team is most probably working with its latest version. In terms of the deployment, lately, it has been on the cloud because the end-user-facing web applications are usually live on the cloud.

    How has it helped my organization?

    Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.

    What is most valuable?

    The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.

    What needs improvement?

    From the feature perspective, it is pretty rich. The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect. 

    I would also like it to scale automatically based on the traffic.

    Buyer's Guide
    Fortinet FortiWeb
    August 2022
    Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    620,600 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using this solution for about six years.

    What do I think about the stability of the solution?

    I've never seen any issues, but when you turn on all the features or every single scanning, that's when it slows down a bit.

    What do I think about the scalability of the solution?

    It is scalable, but it is a roundabout way of automated scaling. It is not truly automated scaling. In general, when the size is okay, scaling is not a problem. I would like it to scale automatically based on the traffic, but that doesn't happen because automation is not there.

    I haven't seen any big issues with performance. We ran 20,000 connections through it, and it was okay. When you deploy it in the cloud, you can increase the size of the VM, and with extra licensing, it is fine performance-wise.

    It is suitable for medium and large customers. My team has deployed at least 500 of these in the last few years. In general, it's okay. We don't have any issue with it.

    How are customer service and support?

    They have been pretty good, honest, and upfront. It all comes down to expectations when you buy these things.

    I know the country manager very well. He is my friend for Fortinet. They are very good in terms of support. 

    When you buy these things from a marketplace like Amazon or AWS, the support is not as good as it can be because the first line of support is the cloud provider, and then there is the vendor. So, our preference usually is to go directly to the vendor because they know more about it.

    Which solution did I use previously and why did I switch?

    One of the best things about Azure Firewall is the automation. There is a huge difference. The second thing is pricing. 

    With FortiWeb, when you want to buy HA, you need to start designing high availability across different regions. With Azure, it comes by default.

    How was the initial setup?

    It depends on the customer and the use case. Usually, it's straightforward, but as you add more applications, it can become more and more complex.

    The deployment duration varies. Usually, designing, building, and putting in production take about four weeks, but it also depends on the application type.

    It requires maintenance all the time. Everything requires maintenance. Usually, we build it and operationalize it, and we then hand it over to the customer.

    What's my experience with pricing, setup cost, and licensing?

    It keeps changing, but it's based on the size of the VM you buy and also the traffic throughput you want from it, whereas what we have on Azure is just the traffic throughput. You can also pay on a monthly basis from Azure. During each part of the project, it's okay to get Azure-based licensing or AWS-based licensing for FortiWeb, but over time, you would want to go with the perpetual license. You should go to Fortinet and buy the license from them. So, there is a two-step process there.

    What other advice do I have?

    I would advise getting the right engineer. You need someone who is a specialist, and that's very important.

    I would rate it an eight out of 10. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Eduard Otto - PeerSpot reviewer
    Senior Technical Consultant at PROMOS consult
    Consultant
    Top 20
    Good file security and redirect web traffic well but we had trouble with a few features
    Pros and Cons
    • "One main feature we are very happy about is file security and upload functionality."
    • "The GUI could be better. It's limited."

    What is our primary use case?

    Mostly we use FortiWeb for replacing reverse proxy from our systems and add some security features to it to protect the web portal we are providing to our customers.  We use it to rewrite URLs and redirect FQDNs, et cetera, et cetera. That's the normal part.

    What is most valuable?

    The main feature I like is the ability to redirect web traffic from a readable URL to a real URL. All the security features are good.

    One main feature we are very happy about is file security and upload functionality. It will restrict the number of file types that can be uploaded to our portal and prevents any malware. It helps with security.

    What needs improvement?

    We had some trouble using some features. Maybe we understood it the wrong way when reading the manual. We had to implement some workarounds to help this problem.

    The GUI could be better. It's limited. 

    For how long have I used the solution?

    I've been using the solution for one year. 

    What do I think about the stability of the solution?

    There are no complaints on our side. The performance and stability are fine. We used to have a cluster of two appliances. Everything seems to be fine when we update the firmware. We haven't had any issues.

    What do I think about the scalability of the solution?

    The scalability may be slightly limited. We use hardware appliances. We need to buy appliances which have enough performance. You need to think about the sizing before you buy it. Scalability is not really possible with hardware. 

    We use it more and more. We are going to migrate all the connections which are directed to a proxy to the classification firewall.

    How are customer service and support?

    Normally, technical support is very good. All the tickets I opened have been solved in an average time.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    It was the very first time that we used a web application firewall. We never used anything before.

    How was the initial setup?

    We had some difficulties at the beginning in terms of setting it up. It was a very new product for us. We never had web protection firewalls before. We had some support from our supplier, so we referred to the initial implementation to get it done with external support.

    I'd rate the ease of implementation at a three out of five. 

    From a technical perspective, the deployment does not take a long time. Our problem internally was the organization and the planning as well as the communication with the other teams. That's what took so long. We started maybe one and a half years ago with the implementation and productive status was reached at the end of 2021. That's a long time. That said, one would say the management is at fault, not the actual technical staff.

    At a cluster, so single point of failure, all this stuff, it kind of took around 24 hours to get it up. The offline time was very difficult, however.

    We have two good people on staff that can handle deployment and maintenance. We are looking for another employee in the market, however, it's been very difficult to find someone.

    What about the implementation team?

    The implementation was done in-house with some help from our supplier.

    What was our ROI?

    We have not noted an ROI yet.

    What's my experience with pricing, setup cost, and licensing?

    We actually expanded our subscription for the next three years. I don't remember the exact price. It should be somewhere about 36,000 Euros. That's the cost for three years. It's moderately priced. I'd rate the general cost at a three out of five. 

    Which other solutions did I evaluate?

    We thought about other options, however, since we had a very good experience with the FortiGate Firewall, I decided to buy FortiWeb. They operate well together. 

    What other advice do I have?

    We are just customers and end-users.

    Potential new users should compare different products from different vendors to make a decision on a web application firewall. It doesn't matter if it is FortiWeb, or F5, or something else, just take some time to compare. 

    I'd rate the solution six out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Fortinet FortiWeb
    August 2022
    Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    620,600 professionals have used our research since 2012.
    Engineer : Cyber Security & Telecommunication at a tech services company with 11-50 employees
    Real User
    Top 20
    Reasonably priced and offers a good graphical user interface but need better integration capabilities
    Pros and Cons
    • "The initial setup is pretty straightforward."
    • "The support side of things can be improved."

    What is our primary use case?

    We primarily used the solution as a POC to see how effective it is and so far we're happy with it. 

    We used it for protecting our web servers and the use of some web applications within a financial institution.

    What is most valuable?

    They have a very good graphical user interface. 

    The initial setup is pretty straightforward.

    The solution is stable.

    The scalability is pretty good.

    We have found the pricing to be pretty reasonable. 

    What needs improvement?

    During the POC we did encounter problems. For example, the integration with the HSM for storing keys was not ideal.

    The downside is on the security side and is the firewall. When you look at the firewall, it doesn't do decryption and you have to depend on other third-party tools to do that. Or you would have to use another FortiGate product which makes things a little complicated. Today, people look for simplicity in terms of design. That's one downside to Fortinet's Firewall. The downside to FortiWeb is it had issues integrating with HSM. They fixed the issue, however, it took a long time to fix and it wasn't pleasant. I had to work with deadlines and I could not make the deadlines due to the slow timeline on their side.

    For the firewall, when you deploy IPS, the IPS doesn't have visibility into encrypted traffic and 70% of traffic these days is encrypted, and that's the conservative figure of the actual percentage. If your IPS doesn't have that visibility, then it is not really doing the job that it has to do. In comparison, Palo Alto is the best firewall in terms of performance and has the technical specifications that we need. 

    The support side of things can be improved. They need to quickly tend to issues and resolve them as soon as possible. Those are the expectations.

    For how long have I used the solution?

    We've only used FortiWeb for a POC. 

    What do I think about the stability of the solution?

    The stability of the product has been good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. When you look at the specs and if you do what they say in the specs, in terms of ensuring that you're not overlooking anything, it's a good product. 

    What do I think about the scalability of the solution?

    The solution can scale. That's not a problem at all.

    How are customer service and support?

    Technical support could be more responsive. They need to address issues faster. I'm not completely happy with the level of support we receive.

    How was the initial setup?

    Generally, the solution is easy to set up. It's not overly complex. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is pretty good if you look at other top options in this space. They are reasonable. 

    Which other solutions did I evaluate?

    I've also looked at Palo Alto, and it has the specifications that we need, however, the pricing is quite high.

    What other advice do I have?

    Our company is a Fortinet partner.

    I'd rate the solution at a seven out of ten.

    In terms of functionality, it does a perfect job, however, when you have to integrate with third-party tools, that's where you might have issues. Going forward, maybe what Fortinet needs to do is to ensure that they don't have integration issues with the other big vendors that are common in terms of what's deployed out there. Someone might want FortiWeb, however, for example in my case where a bank needed to integrate that with Jamalt or HSM for description, they have to do their homework. 

    When you're dealing with financial clients, they need to have seamless integration and not to have these challenges where it would take time to fix as an issue. That should be figured out pre-deployment. Companies in banking can't wait for clients to point out that this is an issue. They have to attend to it beforehand and resolve issues to meet expectations. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    BrianFortington - PeerSpot reviewer
    GRC Security Consultant at Ionize
    Consultant
    Top 10
    This flexible suite solves compliance problems but that comes at a cost
    Pros and Cons
    • "If I need something from tech support, I can get it answered within the hour."
    • "Both the internal firewall management and the cloud can be managed by a single console."
    • "It costs too much."
    • "It is not entirely user-friendly."

    What is our primary use case?

    Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

    What is most valuable?

    For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

    What needs improvement?

    User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

    The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

    For how long have I used the solution?

    We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

    What do I think about the scalability of the solution?

    At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

    How are customer service and technical support?

    I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

    How was the initial setup?

    It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

    What's my experience with pricing, setup cost, and licensing?

    I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

    What other advice do I have?

    My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

    On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Technical Presales Engineer at a comms service provider with 11-50 employees
    Real User
    Top 20
    Stable with a simple deployment and lots of extra features
    Pros and Cons
    • "The solution has a very simple deployment."
    • "It may be better if it were easier to create roles."

    What is our primary use case?

    We primarily use the solution for configuration and structuring policy.

    What is most valuable?

    The solution has a very simple deployment.

    There are lots of great features within the product. Even though I don't personally use too many of them, it's nice to have them available.

    What needs improvement?

    It may be better if it were easier to create roles.

    The interface could be a bit better.

    Everything is pretty manual. We do need to improvise a bit. Automation might make it easier.

    The pricing is a little bit high for us.

    For how long have I used the solution?

    I've been using the solution for about one year.

    What do I think about the stability of the solution?

    The solution is stable. I don't recall dealing with bugs or glitches. It doesn't crash or freeze. It's pretty reliable.

    What do I think about the scalability of the solution?

    The solution is scalable. We always check our information before we hit any limitations. I just need to assess my servers and the amount of traffic. I believe it to be scalable enough.

    We have about five users on the solution currently. They're engineers. We have one box. Many users just need one box. If you want a firewall, or you want various applications on a firewall, you need another box.

    How are customer service and technical support?

    We don't have direct experience with their technical support team. If we need technical support, we get it from the distributor. If we do reach out to them, it's typically for diagnostics. So far, we've been satisfied with the level of support we've received.

    How was the initial setup?

    The initial setup isn't too complex. It's pretty straightforward. The product has a model deployment. You just need one port. After that, access is simple.

    The deployment and installation took about one day. It is pretty fast because the setup is pretty easy to execute on.

    For deployment, you just need two people. You don't need a bunch of staff to handle it.

    What about the implementation team?

    We're an integrator. We just appraise the distributor behind us in order to help us in the deployment. It's a really simple deployment though. An organization most likely wouldn't need assistance. A solution like Cisco may require assistance as there would need to be adjustments done on it. It's a bit more complex.

    What's my experience with pricing, setup cost, and licensing?

    The solution can be a bit expensive. It's not a product line. We use other devices as well as it's not a one-stop-shop. If you need a firewall, for example, you need to buy another product, like Fortinet. FortiWeb doesn't cover things like firewalls. 

    The license itself is also quite expensive.

    What other advice do I have?

    We're using the latest version of the solution.

    Usually, for our security programs, I'm using on-prem. For now, in my experience, the typical Indonesian customer is using on-prem, as they worry about using the cloud, as the data cannot be stored in HR and it's actually often stored in another country. 

    It's my understanding that we'll continue to use the solution for a while to come.

    Overall, I would recommend the product. On a scale from one to ten, I'd rate it at an eight. If it had a better interface and/or better pricing, I might rate it a bit higher.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    PeerSpot user
    Thameem Ansari - PeerSpot reviewer
    Thameem AnsariSenior solution architect at a comms service provider with 51-200 employees
    Top 5LeaderboardReal User

    The deployment for easy

    Carlos Pindado - PeerSpot reviewer
    Director of business and digital transformation at SERNIVEL3
    Real User
    Top 20
    Useful single location dashboard controls, stable, and helpful support
    Pros and Cons
    • "You have the ability to control everything from one single dashboard."
    • "The solution could improve by being able to handle different use cases."

    What is our primary use case?

    We use Fortinet FortiWeb for industrial companies. We are making doing network segmentation inside the industrial park, which is quite difficult and we have to design, develop and maintain all of the different kinds of solutions. We brought Fortinet FortiWeb to protect against forbidden access and for special access for providers in the industry.

    How has it helped my organization?

    We do not use this solution for our organization but for clients' organizations. For example, one customer uses the solution for the protection of all their different applications. Additionally, the solution has protected the servers that are in the DMC, such as services for people in other countries that have to have access.

    What is most valuable?

    You have the ability to control everything from one single dashboard.

    What needs improvement?

    The solution could improve by being able to handle different use cases.

    For how long have I used the solution?

    I have used Fortinet FortiWeb within the past 12 months.

    What do I think about the stability of the solution?

    The stability is good.

    What do I think about the scalability of the solution?

    The scalability is quite good. The scalability has been good for each industry. You can integrate Fortinet FortiWeb with all kinds of products of the same vendor. This allows the ability for a lot of different functions that you don't have to have really competent staff because you do not have different vendors. You don't have to call another vendor for solving one ticket or problem. This made everything simple, it was very good.

    We have approximately 2,000 people using this solution.

    When our customers have acquired more industrial plants we will propose this solution for all those industrial plant customers.

    How are customer service and support?

    The technical support is good.

    I would rate the technical support of Fortinet FortiWeb an eight out of ten.

    Which solution did I use previously and why did I switch?

    We previously used F5.

    How was the initial setup?

    The installation was straightforward and it took us approximately one month. There are a lot of services, approximately 15, and other parts to configure.

    What about the implementation team?

    We used consultants, technicians and, an integrator for the implementation.

    We do not need more than three people to do the maintenance and support of Fortinet FortiWeb.

    What was our ROI?

    We have seen a return on investment. It has been decent but not the best. We choose to work with one large customer and it has been similar to an investment.

    What's my experience with pricing, setup cost, and licensing?

    We are on an annual license for this solution and the price is approximately €100.

    Which other solutions did I evaluate?

    We have evaluated a number of solutions, such as Citrix NetScaler.

    What other advice do I have?

    I would recommend those wanting to implement this solution to use good integrators, there are not too many people who know about this solution. I lived in Spain and there are not too many installations made, it's quite difficult to find people that know a lot about it. It's not a difficult installation and the vendor helped us a lot and is very helpful. You have professional services you can use from the vendor if you choose, but they are quite expensive for customers.

    One of the biggest lessons I have learned from using Fortinet FortiWeb is Fortinet helps you a lot. They can develop something specifically for a customers' use case without any costs for them.

    I rate Fortinet FortiWeb a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    MohamedTaha - PeerSpot reviewer
    Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
    Real User
    Top 5Leaderboard
    Simple to use with a good user experience, and it provides complete security in a single product
    Pros and Cons
    • "The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements."
    • "The initial setup in our data center was somewhat complex."

    What is our primary use case?

    We are using this product to protect something similar to an online banking network.

    How has it helped my organization?

    We have had a lot of web application attacks and this product has protected us. Once it was implemented, most of our problems were solved. For example, we had a DDoS attack against the seventh layer and it protected us.

    What is most valuable?

    The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements. It is not just a single feature.

    Anti-defacement has an amazing feature whereby if something bypasses the WAF then they can rollback the website.

    The user experience is very good and it is simple to use.

    They have AI and machine learning capabilities, so if you are using the WAF then you don't need extra features.

    What needs improvement?

    The initial setup in our data center was somewhat complex.

    For how long have I used the solution?

    We have been using Fortinet FortiWeb since 2008.

    What do I think about the stability of the solution?

    FortiWeb is a stable product.

    What do I think about the scalability of the solution?

    We have been working with this solution for more than 12 years and it has scaled with our requirements. We upgraded a lot of hardware and applications, and things change from time to time. There is not just a single point where we changed something that tested the scalability.

    How are customer service and technical support?

    Technical support is amazing. We have 24x7 support and every time we have contacted them, it takes less than two hours before everything is solved. We are confident that if we have any issue then we can communicate with the vendor and they will help us to solve the problem.

    How was the initial setup?

    In our data center and with the complexity of it, it takes one or two days to implement and fine-tune.

    What about the implementation team?

    We deployed this product in-house. We started with the training and then we implemented the solution. In case we have any problem then we can communicate with the vendor.

    We have three security specialists who work as a team for maintenance.

    What's my experience with pricing, setup cost, and licensing?

    We renew our contract and license every three years. There are no costs in addition to the standard licensing fees. There is just one cost.

    Which other solutions did I evaluate?

    Prior to implementing FortiWeb, we tested Barracuda, F5, Citrix, and Sophos.

    What other advice do I have?

    FortiWeb is a security product that I can recommend. My advice for anybody who is implementing this type of solution is not to simply believe the words of the vendors. Test the product in your environment and then you can select the best one for your needs. A lot of vendors nowadays will tell you that they are the best, but the best thing to do is test each of the products inside your network.

    The roadmap that the vendor has for this product is good. They have a lot of extra features that they are developing for future releases. They have an amazing R&D team, they know the competition, and they know the market. In my department, we find that it is amazing and are not searching for additional functionality.

    I would rate this solution a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Giorgi Sakhokia - PeerSpot reviewer
    Information Security Officer at State Audit Office
    Real User
    Top 5
    Flexible, easy to learn and configure, and has almost everything that a web application firewall needs
    Pros and Cons
    • "It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
    • "When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."

    What is our primary use case?

    We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

    What is most valuable?

    It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

    It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

    What needs improvement?

    When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

    For how long have I used the solution?

    I have been using this solution for three months. 

    What do I think about the stability of the solution?

    Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

    What do I think about the scalability of the solution?

    It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

    How are customer service and technical support?

    We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

    What about the implementation team?

    We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

    Which other solutions did I evaluate?

    We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

    What other advice do I have?

    We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

    I would rate Fortinet FortiWeb a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
    Updated: August 2022
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.