Fortinet FortiWeb Valuable Features
The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead.
Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb.
Machine learning capabilities in FortiWeb:
I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.
View full review »JH
JavedHashmi
Chief Technology Officer at Future Point Technologies
The most valuable features of Fortinet FortiWeb are its basic features of WAS top ten, DDoS attacks, and bot attacks. Additionally, the machine learning-based threat detection is significant, as it uses a learning method that eases the configuration burden, making it very useful. The AI-driven threat detection enhances protection capabilities, and the product is equipped with hardware acceleration, improving performance considerably. Fortinet has improved its performance multifold.
View full review »
The features that I value most in FortiWeb include its inspection of traffic for Intrusion Prevention, Anti-Malware, and whitelisting capabilities. It allows specific IP whitelisting or even regional whitelisting, ensuring only whitelisted traffic from certain geographical regions can access the environment. These security features provide a comprehensive defense against malicious activities.
View full review »Buyer's Guide
Fortinet FortiWeb
July 2025

Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.
I like the integration with our existing Fortinet infrastructure. It's easy to integrate, and it's easy to make policy-driven. That's the feature I like – usability, simplicity, and ease of use.
View full review »We use FortiWeb for extended protection profiles to mitigate SQL injection and other web application threats. It is effective against web application threats and helps with our API protection and load balancing.
Additionally, it is cost-effective compared to other solutions.
View full review »Fortinet FortiWeb is much cheaper compared to other solutions like the ones from F5 Networks, which have more capabilities. I think Fortinet FortiWeb is not as capable as F5 Networks, but it is cheaper. The key point for Fortinet FortiWeb is that when I give it to the customers, I see it is cheaper than F5 Networks.
All the players in the market are already using AI. In the AI area, I don't find any specific feature for Fortinet FortiWeb that is special compared to the other products in the market.
Fortinet FortiWeb's ML features are good, but they do not make the tool any special because all the products in the market, like F5 Networks, already use AI features. The AI feature does not make Fortinet FortiWeb any special.
FortiWeb has antivirus, web filtering, and application control features. Being part of the next-generation firewall, it's highly effective in ensuring security. The capability to protect from malicious activities is significant, alongside other features like application control.
View full review »There are very few specific things that are not present in cloud-native firewalls, like Azure Firewall or AWS Firewall. They lack many features, such as the ability to handle paths in requests larger than eight KB. For example, if you upload a document or the page size exceeds eight KB, you might face issues with AWS and other cloud-native firewalls. FortiWeb can handle requests of up to 10MB, providing this capability. It also has a very user-friendly UI. Even someone new to FortiWeb or any firewall system, with the right contextual knowledge, can configure it effectively. The support and documentation provided by Fortinet are generally sufficient for any team to manage infrastructure using Fortinet and FortiWeb.
View full review »The ease of configuration is valuable. We have Azure WAF, we have OCI WAF, and we also have Cloud Armor for GCP, but their configuration isn't very easy. It's pretty simple in FortiWeb, and we can enable or configure whatever we want.
Its cost is also good. If I'm using an application for 15 days, I pay only for 15 days.
FortiWeb is good for blocking unknown threats and attacks. I've done a PoC with Azure WAF and OCI WAF, and in comparison, FortiWeb is quite good.
View full review »HB
Hend Barbary
Network Security Engineer at GAFI
Actually, most of the features of the tool are really good, but I would like to emphasize the importance of its machine learning features, as it can be implemented smoothly in Fortinet FortiWeb, and it is very helpful for our company.
FortiWeb's ease of deployment is what we liked the most about it. Implementing FortiWeb was extremely fast and easy, which was a significant advantage. It comes with several preconfigured rule sets and templates.
FortiWeb effectively addressed unknown threats. We get regular reports that we check. So far, we've had no issues at all. Around 99 percent of our public-facing infrastructure is restricted by source IP to our partners' networks, so our attack surface is restricted. WAF picked up and blocked any attacks before they can impact us.
FortiWeb is effortless to use and manage. The documentation is excellent, which is another huge advantage. The layout is logical and intuitive. You can create templates and reapply them to new applications, so we don't need to do a fresh configuration for each application. We have a template that represents our security benchmark. There are a few exceptions that we need to add for each application, but we can redeploy the security benchmark template for each new application that we create.
JH
JavedHashmi
Chief Technology Officer at Future Point Technologies
The AI engine and machine learning features distinguish FortiWeb from other solutions. It has a robust UI. FortiWeb is solidly accurate and provides excellent protection against zero-day attacks using machine learning. It appears to be effective because we've never experienced a breach from a zero-day attack.
We use almost all of the features, including analytics, malware detection, bot mitigation, and API discovery.
The solution is very easy to use with little instruction.
The anti-defacement feature is very useful because it looks for web changes over time to protect pages.
View full review »The policies and the filtering are the most valuable features, especially traffic, URL, and application filtering. The solution is excellent at detecting vulnerabilities.
The product is great for blocking unknown threats and attacks. We've had excellent results over the past two years, and the way it detects and filters traffic is outstanding.
The FortiWeb Cloud is straightforward to use; with a basic overview of how to apply policies, create NAT rules, etc., it's easy. The console is user-friendly enough that anyone can create and apply policies.
The solution also helped reduce our false positives by 20-25%.
Our organization receives fewer alerts thanks to the solution, and we don't have to think about the security of the URLs for applications. We put the whole domain behind the WAF, and if it's configured correctly from the beginning, we spend minimal time making changes and get the precise results we need. Our alerts have been reduced by approximately 5%.
View full review »The most valuable features of FortiWeb include its dashboard and out-of-the-box integrations with other Fortinet products, which enhance its effectiveness. FortiWeb's position as part of the Fortinet platform makes it particularly beneficial for Fortinet customers, offering seamless integration and operational cost savings.
View full review »When it comes to blocking unknown threats and attacks, I would give it the highest score possible. We first started using AWS and its Web Application Firewalls. That was okay, but it was quite a manual process to keep it up to date, whereas Fortinet is always up to date, and the default rules or the modules that you can turn on are very easy to use.
Overall, the solution is extremely easy to use. It's all very step-by-step. We just tell it what DNS records to approve and it sets up an SSL certificate. And then, all traffic just starts flowing through Fortinet and then straight over to us. Our network is quite secure, so we have allowed individual IPs that are listed by Fortinet so that we're not just blanket-accepting everything. It's enabling our web servers to be more secure by only allowing Fortinet, instead of the whole world, like we used to.
Also, if you want to diagnose something, rather than outright blocking it, you can just log it so you can see what's happening.
You can go through the audit trail as well. There might be a situation where it will prompt you to block everyone's traffic from a specific IP.
In terms of FortiWeb's advanced modules, we have two main, different Fortinet applications. One is for our web-based stuff and the other is for our Windows agents, which is all API traffic. We use different sets of the modules, or the advanced features, but across both, we use pretty much everything.
I like FortiWeb's usability and ease of configuration. It's simple to configure rules and exceptions inside the attack log. We block everything by default. If something isn't working, we ask the system admin to adjust the template and add exceptions. I'm interested in the AI attack pattern-matching feature, but we haven't tested it yet.
API is another feature that we haven't used in production, but I'm generally pleased that FortiWeb has this ability, and we can customize our application how we want.
View full review »The solution is easy to configure and deploy.
There is a richness in the rules and out-of-the-box tools that is not available with native firewall solutions.
View full review »MS
Mohammed Subhan
Consultant at AEC
The solution offers good configurations and works well with other Fortinet products.
The solution is scalable.
We found the implementation process to be simple.
If you want to block domains, you can do so. You do have the power to control access.
View full review »Some of the threat detection analytics and the filtering capabilities they give us for filtering a certain type of information that we don't want coming into the site are its valuable features. The analytics are pretty good in terms of being able to see what threats have been detected and mitigated, where they're coming from, and things like that. That has allowed us to do some additional filtering because by looking at threats, we can apply additional filters and try to minimize some of them.
Fortinet FortiWeb works well for what we do and what we use it for. It's fairly easy to use, easy to set up, and easy to monitor. It's easy to configure, monitor, and manage.
DN
Diana Nongera
I.T. Manager at Pacific Cigarette Company
The features I found valuable were web filtering, reporting, and the dashboards. We use these features for controlling the traffic in our network, mainly for our security. This means that we can have policies there that allow or don't allow certain connections.
View full review »Usually, people want to change, solutions and we recommend that it is easy to use. Even though most products have the same functionality nowadays, FortiWeb is easy to integrate.
View full review »The solution's most valuable feature is its security profile.
View full review »The most valuable product feature is the web application firewall. It still includes the inline. Its mode of operation is great. It comes with four modes of operation, reverse proxy, two transplant nodes, and WCCP. One node is there for transplant, just to have one more. Any customer, based on their network of topology and deployment type, can choose it and have an easy deployment.
The solution has a good sandbox feature.
It is stable.
PL
PingLiu
Project development at a comms service provider with 1,001-5,000 employees
The interface is very straightforward and easy to use.
It's stable.
The support is quite good.
We found the initial setup pretty simple.
View full review »CP
Carlos Pindado
Director of business and digital transformation at SERNIVEL3
You have the ability to control everything from one single dashboard.
View full review »KA
Khalil-Aarousse
Sales manager at Xxx
Fortinet FortiWeb is priced well.
The most valuable feature of Fortinet FortiWeb is the reports and the AI-based features.
View full review »The main feature I like is the ability to redirect web traffic from a readable URL to a real URL. All the security features are good.
One main feature we are very happy about is file security and upload functionality. It will restrict the number of file types that can be uploaded to our portal and prevents any malware. It helps with security.
There are many valuable features in this solution including vulnerability scanning, IPS, and geolocalization. The product is user-friendly and simple.
VK
VinothKumar12
Senior Cyber Security Engineer at a tech services company with 201-500 employees
I would say that machine learning is the most valuable upgrade from 5.8, both before and after 5.9.
The reporting available is pretty great.
We find the configuration capabilities to be very good.
Technical support is helpful.
It's stable.
It can scale well.
I like the user interface.
View full review »YA
Yassir Ali
Network and Security Engineer at ONB
The valuable feature of Fortinet FortiWeb vulnerability scanner.
The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration.
View full review »TI
Takao Itasaka
Manager at a construction company with 1-10 employees
The most important feature of this solution is protection from an attack.
View full review »DT
Diego Tomaz
Presale Engineer at a computer software company with 1,001-5,000 employees
The support services, performance, and pricing are all valuable features. The performance is excellent.
View full review »The compliance piece is the best feature. Load balancing is also valuable, which is something that all web application firewalls do. Another valuable feature is high availability. You can scale it very well. Load balancing and high availability are the two reasons why we picked it for a couple of banks.
View full review »They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary.
View full review »KA
Khalil AbdulrahmanAlasbahi
Commercial Manager at Natco Information technology
The product is very easy to use.
We find that it is quite stable and reliable.
The solution can scale quite well.
The installation process is very simple.
The technical support on offer is helpful.
View full review »GS
Giorgi Sakhokia
Information Security Officer at State Audit Office
It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution.
It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.
View full review »The most valuable feature is ease of use.
It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.
View full review »EG
Enayat Galsulkar
Senior Information Security Consultant at Future Telecom
The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.
It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product.
View full review »BF
BrianFortington
GRC Security Consultant at Ionize
For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.
View full review »MS
Muhammed-Shafi
Presales Solutions Architect at Hilal Computers
It is a stable product.
View full review »It's stable and works efficiently against OWASP Top 10 attacks.
It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.
Overall, it has many features.
View full review »AA
Arash Azari Samani
Data Center Network Expert at TOSAN
The interface makes it easy to identify vulnerabilities.
The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.
This product is very user-friendly.
The security is very good.
View full review »AK
AbhimanyuKumar
Cyber Security Engineer at Mudra Electronics limited
The product has a very user-friendly dashboard.
View full review »There are many valuable features. It has machine learning, artificial intelligence, behaviour detection, and many other features capable of detecting web attacks.
View full review »I like that the GUI makes it easy to scale in terms of learning and utilization.
We chose this solution based on the online training and materials they offered. It's easily available on the web.
The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention.
View full review »MH
Mohamed Hussein
Security Engineer at a tech consulting company with 51-200 employees
The most valuable feature is the attack signature and machine learning.
View full review »MC
MauricioCorrêa
Full support analyst at Gruppen
My experience with the solution has been very positive. Fortinet is a great SD-WAN player when it comes to security capabilities. Also, it offers many models for a host of environments. I like the solution's SD-WAN features.
View full review »They have a very good graphical user interface.
The initial setup is pretty straightforward.
The solution is stable.
The scalability is pretty good.
We have found the pricing to be pretty reasonable.
View full review »One of the big advantages of using Fortinet FortiWeb is all the Fortinet family solutions use the same user interface and logic. This makes it easy to use, configure, manage, and understand if you have used one of their solutions before or are wanting to implement other Fortinet solutions in the future. Additionally, all Fortinet solutions can be managed with one application called FortiManager.
View full review »MT
MohamedTaha
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements. It is not just a single feature.
Anti-defacement has an amazing feature whereby if something bypasses the WAF then they can rollback the website.
The user experience is very good and it is simple to use.
They have AI and machine learning capabilities, so if you are using the WAF then you don't need extra features.
View full review »The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb.
View full review »The most valuable feature of this solution is Fail-Open.
View full review »The solution has a very simple deployment.
There are lots of great features within the product. Even though I don't personally use too many of them, it's nice to have them available.
View full review »It is easy to install and to maintain.
View full review »The GUI is user-friendly.
It is easy to configure compared to solutions by other vendors, such as F5.
View full review »We have been using all the features and everything is nice.
I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks.
View full review »We are able to have an application layer different from the application itself that is protected by the FortiWeb Portal authentication feature.
The most valuable features are support and security.
View full review »YA
Yousef Altaj
Tech Manager at Global tec
FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now.
Fortinet FortiWeb now has artificial intelligence and machine learning.
EB
E Beernink
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.
View full review »The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability. This part of the intelligence and behavioral analysis makes it very easy to tell if the user just used a few wrong characters in the field or not. It also checks to see if different characters are being entered very quickly, and can tell whether the user is actually typing something.
Another feature is the possibility to balance the traffic and there's lots of integration with your sandbox.
View full review »DI
imadam
SE at a comms service provider with 11-50 employees
It depends on the project and what the customer is looking for.
View full review »RF
RafigFeizullayev
Head of Security systems department at Zerde Business Solutions
All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet: FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features.
View full review »OR
Oliver Rodrigues
Senior Network Security Planning at Ooredoo Kuwait
The most valuable features are the access policies and how Fortinet gets the compilation done is really good.
View full review »DD
Drissa DOUMBIA
Network Security Engineer at Technicom Mali
Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.).
View full review »PW
Paula Wong
CEO at a tech services company with 1-10 employees
The most valuable feature is the web application firewall (WAF).
View full review »All of its feature are valuable to us. If you ask me which is the most valuable, it is the load balancing, then I would say the security features. Publishing OWA is also a good feature.
View full review »SSL Offloading, as it simplifies the public certificate handling and brings additional protection features.
Also, L-7 protection, as it makes possible to protect legacy/not up-to-date servers/applications without changing the application code.
View full review »- Web application security features, because they are more effective
- Stability
- Auto Learn feature: Makes policy additions or deletions for my customers very simple
FO
FabiolaOliveros
Technology Consultant at a tech services company with 11-50 employees
High-performance and detection engines, because of their high rate of exposure of web attacks.
View full review »- Built-in security templates
- AV integrated
- Strong threat intelligence
Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.).
Requires very little effort to add device to topology or replace existing WAF device with FortiWeb.
Application delivery is strong.
View full review »- SSL offloading
- Unlimited number of protected servers
- Load balancing
The bandwidth limitation and restriction feature is most reliable and useful, working as expected and hasn’t had any crash or excessive load issues.
Using the interface to set bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels is really useful for allocating dedicated bandwidth for senior users, reducing it for public users, etc.
View full review »- Firewall policy
The most valuable features of the product are its IPS and VPN server.
View full review »- UTM
- Ease of use
- Built-in server load balancing
- VPN
- Next-gen firewall features
- Routing
- Web filtering
- Wi-Fi control
- Security profiles with application control & web filtering. You can filter which applications are allowed or blocked inside your network, according to the port they are using. Web filtering - which can be applied to Skype for example, prevent botnets, and P2P - also is very helpful when you want to control what is allowed inside the network.
- QoS. You can set QoS according to application priority.
- Antivirus from end to end
- Remote and site-to-site VPN
- Firewall
- Load balancing
- FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
- Rewrite
- Redirect
- Proxy reverse mode
- It supports OWASP top 10.
As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:
- Create first the objects needed.
- Assemble the policy.
- The GUI interface is intuitive. I have never needed to use the CLI
- It has good reports.It is easy to manage.
- Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
- Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
- Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
- Zero-day protection
- Advance correlation
- URL rewriting and content rewriting
We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.
View full review »In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:
- 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
- Easy integration with various Fortinet products such as FortiSandbox for APT detection.
- ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.
It's easy to use and allows us to integrate solutions together.
View full review »The reporting and token system is good. The AI machine learning was qualified to block and report any suspicious activity.
View full review »Buyer's Guide
Fortinet FortiWeb
July 2025

Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.