Fortinet FortiWeb OverviewUNIXBusinessApplication

Fortinet FortiWeb is the #2 ranked solution in top Web Application Firewalls. PeerSpot users give Fortinet FortiWeb an average rating of 8.2 out of 10. Fortinet FortiWeb is most commonly compared to F5 Advanced WAF: Fortinet FortiWeb vs F5 Advanced WAF. Fortinet FortiWeb is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: December 2022

What is Fortinet FortiWeb?

Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

Fortinet FortiWeb Features and Benefits

APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

  • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

  • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

  • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

  • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

  • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

  • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

Reviews from Real Users

Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Archived Fortinet FortiWeb Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MohamedTaha - PeerSpot reviewer
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Real User
Top 5Leaderboard
Simple to use with a good user experience, and it provides complete security in a single product
Pros and Cons
  • "The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements."
  • "The initial setup in our data center was somewhat complex."

What is our primary use case?

We are using this product to protect something similar to an online banking network.

How has it helped my organization?

We have had a lot of web application attacks and this product has protected us. Once it was implemented, most of our problems were solved. For example, we had a DDoS attack against the seventh layer and it protected us.

What is most valuable?

The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements. It is not just a single feature.

Anti-defacement has an amazing feature whereby if something bypasses the WAF then they can rollback the website.

The user experience is very good and it is simple to use.

They have AI and machine learning capabilities, so if you are using the WAF then you don't need extra features.

What needs improvement?

The initial setup in our data center was somewhat complex.

Buyer's Guide
Fortinet FortiWeb
December 2022
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,849 professionals have used our research since 2012.

For how long have I used the solution?

We have been using Fortinet FortiWeb since 2008.

What do I think about the stability of the solution?

FortiWeb is a stable product.

What do I think about the scalability of the solution?

We have been working with this solution for more than 12 years and it has scaled with our requirements. We upgraded a lot of hardware and applications, and things change from time to time. There is not just a single point where we changed something that tested the scalability.

How are customer service and support?

Technical support is amazing. We have 24x7 support and every time we have contacted them, it takes less than two hours before everything is solved. We are confident that if we have any issue then we can communicate with the vendor and they will help us to solve the problem.

How was the initial setup?

In our data center and with the complexity of it, it takes one or two days to implement and fine-tune.

What about the implementation team?

We deployed this product in-house. We started with the training and then we implemented the solution. In case we have any problem then we can communicate with the vendor.

We have three security specialists who work as a team for maintenance.

What's my experience with pricing, setup cost, and licensing?

We renew our contract and license every three years. There are no costs in addition to the standard licensing fees. There is just one cost.

Which other solutions did I evaluate?

Prior to implementing FortiWeb, we tested Barracuda, F5, Citrix, and Sophos.

What other advice do I have?

FortiWeb is a security product that I can recommend. My advice for anybody who is implementing this type of solution is not to simply believe the words of the vendors. Test the product in your environment and then you can select the best one for your needs. A lot of vendors nowadays will tell you that they are the best, but the best thing to do is test each of the products inside your network.

The roadmap that the vendor has for this product is good. They have a lot of extra features that they are developing for future releases. They have an amazing R&D team, they know the competition, and they know the market. In my department, we find that it is amazing and are not searching for additional functionality.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Solutions Architect at a computer software company with 5,001-10,000 employees
Real User
A reliable solution with good ability for configuring multiple policies for different requirements
Pros and Cons
  • "The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb."
  • "They can introduce a scaled-down version for the SMB market. It would be very competitive in the environment."

What is our primary use case?

I am more on the design side. The use case depends on what a customer requires in terms of web protection. We mostly use it for reverse proxy and load balancing.

What is most valuable?

The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb.

What needs improvement?

They can introduce a scaled-down version for the SMB market. It would be very competitive in the environment.

For how long have I used the solution?

I have been using Fortinet FortiWeb for two or three years.

What do I think about the stability of the solution?

It is stable. You obviously need to assign and write configurations correctly.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

Every response from Fortinet is quite good and according to their SLAs.

How was the initial setup?

I don't get involved in implementation and installation.

What's my experience with pricing, setup cost, and licensing?

It is not a cheap product. It is not like a Linux or a Genex that you can deploy. It is a hardware appliance, and it is built for a specific reason and reliability.

It is an enterprise-class solution. You wouldn't find an SMB investing in something like this.

What other advice do I have?

I would recommend this solution to others if they can afford it. We plan to continue using this solution. It is a good solution, and the customers are quite happy using it. 

I would rate Fortinet FortiWeb a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Fortinet FortiWeb
December 2022
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,849 professionals have used our research since 2012.
AhmedIsmael - PeerSpot reviewer
Network & Telecom Manager at a retailer with 1,001-5,000 employees
Real User
Top 5
Easy to use, and the all-in-license covers all of the features
Pros and Cons
  • "The most valuable feature is ease of use."
  • "I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device."

What is our primary use case?

I am using FortiWeb as a web application firewall and as a load balancer for HTTP applications. 

What is most valuable?

The most valuable feature is ease of use.

It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.

What needs improvement?

I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device. For example, if I have one device that costs $2,600 USD then it can have two licenses, where it can operate as a load balancer as well as a WAF.

For how long have I used the solution?

We have been using FortiWeb for three years.

What do I think about the stability of the solution?

This is a good solution, stability-wise.

What do I think about the scalability of the solution?

FortiWeb is a scalable product and we have about 3,000 users.

That said, we need to purchase a model with more capacity because this is a small one, and our business has expanded in the past three years.

How are customer service and technical support?

We have been in contact with technical support and we are satisfied with them.

Which solution did I use previously and why did I switch?

We did not use another similar solution before choosing FortiWeb.

How was the initial setup?

The initial setup is straightforward.

Any FortiWeb deployment needs about two weeks because when it is first implemented, in phase one, machine learning takes place. It is needed because every application needs some customization. FortiWeb needs approximately two weeks to build this profile. After that, an expert will do some fine-tuning on the profile and the appliance will start to work.

What about the implementation team?

During the deployment, we used a system integrator, but after that, we can manage it by ourselves. Our network team has seven people including one technician, one manager, and five administrators.

What's my experience with pricing, setup cost, and licensing?

There are no licensing costs.

What other advice do I have?

In summary, this is a good product and I can recommend it for others.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Thameem Ansari - PeerSpot reviewer
Senior solution architect at a comms service provider with 51-200 employees
Real User
Top 5Leaderboard
Straightforward to set up, quick to deploy, and easy to maintain

What is our primary use case?

The primary use case of this solution is to protect web applications, and stop attacks.

What is most valuable?

The most valuable feature of this solution is Fail-Open.

What needs improvement?

Troubleshooting features could be incorporated with this solution.

The reporting could be optimized.

For how long have I used the solution?

I have been using this solution for three years.

We are using the latest version.

What do I think about the stability of the solution?

The stability is okay, sometimes. It could be more stable.

What do I think about the scalability of the solution?

In terms of scalability, I have faced some challenges.

We have 50 users in our organization.

How are customer service and technical support?

Technical support is good.

Which solution did I use previously and why did I switch?

Previously, I did not use another solution.

How was the initial setup?

The initial setup was straightforward.

It takes less time to deploy compared with other competitors.

One person is enough to maintain this solution.

What about the implementation team?

We did not use an integrator or reseller. I completed the deployment and implementation.

What other advice do I have?

I would recommend this solution to others who are interested in using it.

I plan to continue with my usage of this solution in the future. It's a good product, but if they could better the stability, it would be great.

I would rate Fortinet FortiWeb an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Enayat Galsulkar - PeerSpot reviewer
Senior Information Security Consultant at Future Telecom
Real User
Top 5Leaderboard
Integrates very well and easy to use, configure, and manage
Pros and Cons
  • "The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features. It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product."
  • "They could improve their support a little bit for faster response time."

What is our primary use case?

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

What is most valuable?

The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.

It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product. 

What needs improvement?

They could improve their support a little bit for faster response time. 

For how long have I used the solution?

I have been using Fortinet FortiWeb for two years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. The web application firewall is protecting the web servers in an organization from outside to inside. It probably has more than 1,000 users.

How are customer service and technical support?

Their technical support needs a little bit of improvement in terms of faster response time.

How was the initial setup?

The initial setup is very straightforward. It took about 30 to 40 minutes for one web application for default settings. If you want to go with complex settings, then it would probably take three to four days to understand the application backend and everything else.

What about the implementation team?

We used a system integrator. One Admin is more than enough to deploy and maintain it. It is very stable and easy to configure and deploy.

What's my experience with pricing, setup cost, and licensing?

Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor.

Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough.

What other advice do I have?

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. 

We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. 

I would rate Fortinet FortiWeb an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Technical Presales Engineer at a comms service provider with 11-50 employees
Real User
Stable with a simple deployment and lots of extra features
Pros and Cons
  • "The solution has a very simple deployment."
  • "It may be better if it were easier to create roles."

What is our primary use case?

We primarily use the solution for configuration and structuring policy.

What is most valuable?

The solution has a very simple deployment.

There are lots of great features within the product. Even though I don't personally use too many of them, it's nice to have them available.

What needs improvement?

It may be better if it were easier to create roles.

The interface could be a bit better.

Everything is pretty manual. We do need to improvise a bit. Automation might make it easier.

The pricing is a little bit high for us.

For how long have I used the solution?

I've been using the solution for about one year.

What do I think about the stability of the solution?

The solution is stable. I don't recall dealing with bugs or glitches. It doesn't crash or freeze. It's pretty reliable.

What do I think about the scalability of the solution?

The solution is scalable. We always check our information before we hit any limitations. I just need to assess my servers and the amount of traffic. I believe it to be scalable enough.

We have about five users on the solution currently. They're engineers. We have one box. Many users just need one box. If you want a firewall, or you want various applications on a firewall, you need another box.

How are customer service and technical support?

We don't have direct experience with their technical support team. If we need technical support, we get it from the distributor. If we do reach out to them, it's typically for diagnostics. So far, we've been satisfied with the level of support we've received.

How was the initial setup?

The initial setup isn't too complex. It's pretty straightforward. The product has a model deployment. You just need one port. After that, access is simple.

The deployment and installation took about one day. It is pretty fast because the setup is pretty easy to execute on.

For deployment, you just need two people. You don't need a bunch of staff to handle it.

What about the implementation team?

We're an integrator. We just appraise the distributor behind us in order to help us in the deployment. It's a really simple deployment though. An organization most likely wouldn't need assistance. A solution like Cisco may require assistance as there would need to be adjustments done on it. It's a bit more complex.

What's my experience with pricing, setup cost, and licensing?

The solution can be a bit expensive. It's not a product line. We use other devices as well as it's not a one-stop-shop. If you need a firewall, for example, you need to buy another product, like Fortinet. FortiWeb doesn't cover things like firewalls. 

The license itself is also quite expensive.

What other advice do I have?

We're using the latest version of the solution.

Usually, for our security programs, I'm using on-prem. For now, in my experience, the typical Indonesian customer is using on-prem, as they worry about using the cloud, as the data cannot be stored in HR and it's actually often stored in another country. 

It's my understanding that we'll continue to use the solution for a while to come.

Overall, I would recommend the product. On a scale from one to ten, I'd rate it at an eight. If it had a better interface and/or better pricing, I might rate it a bit higher.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Thameem Ansari - PeerSpot reviewer
Thameem AnsariSenior solution architect at a comms service provider with 51-200 employees
Top 5LeaderboardReal User

The deployment for easy

BrianFortington - PeerSpot reviewer
GRC Security Consultant at Ionize
Consultant
This flexible suite solves compliance problems but that comes at a cost
Pros and Cons
  • "If I need something from tech support, I can get it answered within the hour."
  • "Both the internal firewall management and the cloud can be managed by a single console."
  • "It costs too much."
  • "It is not entirely user-friendly."

What is our primary use case?

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

What is most valuable?

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

What needs improvement?

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

For how long have I used the solution?

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

What do I think about the scalability of the solution?

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

How are customer service and technical support?

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

How was the initial setup?

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

What's my experience with pricing, setup cost, and licensing?

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

What other advice do I have?

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Muhammed-Shafi - PeerSpot reviewer
Presales Solutions Architect at Hilal Computers
Real User
It is stable but needs good service and training
Pros and Cons
  • "It is a stable product."
  • "Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them. They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported."

What is most valuable?

It is a stable product. 

What needs improvement?

Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them.

They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported.

For how long have I used the solution?

We have been using Fortinet FortiWeb for four years. 

What do I think about the stability of the solution?

Its stability is fine wherever we have implemented it.

How are customer service and technical support?

Its support is a bit difficult to get. They need to improve the service. 

How was the initial setup?

It is straightforward, but we still need good training.

What's my experience with pricing, setup cost, and licensing?

It is fine now. We had to earlier negotiate the price.

What other advice do I have?

We are a solution provider and system integrator company. We work for DCC countries. We deal with Fortinet, Meraki, Sophos, Check Point, Barracuda, and Juniper SRX solutions.

Fortinet FortiWeb is comparable to Barracuda. We don't have many customers for Fortinet WAF, and we couldn't get that much good feedback. We mostly use Barracuda WAF. We use it even in the cloud environment. 

Fortinet is fine on the firewall side. We haven't sold many Barracuda firewalls, but for WAF, we mostly use Barracuda. We prefer Barracuda because they provide good training, and they always follow up. Customers also prefer Barracuda or any other WAF service. Customers receive good support from Barracuda. Fortinet WAF is rare. 

I would recommend this product only based on customer requirements. At the end of the day, how you install, configure, and meet customer requirements are more valuable. I never place a product ahead of a customer. Fortinet WAF might not be suitable for certain customers. Similarly, Barracuda WAF might not be suitable for certain customers. I always get customer requirements and then supply the product according to their requirements.

I would rate Fortinet Fortiweb a five out of ten. It is neither good nor bad.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Efficient, stable, and has good IP reputation features, but there are many false positive with the layer 7 attacks
Pros and Cons
  • "It's stable and works efficiently against OWASP Top 10 attacks."
  • "The Layer 7 DDoS attacks need improvement, it could be better."

What is our primary use case?

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

What is most valuable?

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

What needs improvement?

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

For how long have I used the solution?

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

What do I think about the stability of the solution?

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

What do I think about the scalability of the solution?

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

How are customer service and technical support?

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Which solution did I use previously and why did I switch?

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

How was the initial setup?

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

What about the implementation team?

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution, although there are no additional costs.

What other advice do I have?

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jr. Engineer at a computer software company with 5,001-10,000 employees
Real User
Easy to install and maintain, with good technical support
Pros and Cons
  • "It is easy to install and to maintain."
  • "In terms of performance, it needs to be more robust."

What is our primary use case?

The primary use case of this solution is for security, on the periphery for the VPN.

What is most valuable?

It is easy to install and to maintain.

What needs improvement?

We are considering an upgrade to our firewall because our current version is not compatible with our FortiAnalyzer. As there is an incompatibility, we have been advised by Fortinet that an upgrade is necessary to avoid issues.

We believe this product will become obsolete.

It needs to better integrate with other platforms.

In terms of performance, it needs to be more robust. During the lockdown, we are connecting to a VPN and the connection should be faster, there should be RAM or more hardware. Also, it should include security features.

For how long have I used the solution?

I have been using Fortinet FortiWeb for two years.

What do I think about the stability of the solution?

This solution is stable and w have had no issues with its stability.

What do I think about the scalability of the solution?

It's a scalable product and we have plans to use it in the future.

We have approximately 1000 users in our organization.

How are customer service and technical support?

We are satisfied with technical support, we have not had any issues.

How was the initial setup?

The initial setup was straightforward, it was easy.

There were no issues and it was deployed in six months.

We have a team of 20 providing the IT infrastructure, including switching, firewalls, and maintenance.

What other advice do I have?

We have been using Fortinet for four years and internally we are using Cisco.

We would certainly recommend this product.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Arash Azari Samani - PeerSpot reviewer
Data Center Network Expert at TOSAN
Real User
User-friendly and makes it easy to find vulnerabilities
Pros and Cons
  • "This product is very user-friendly."
  • "FortiWeb needs to have support for the newest technology being used in web applications."

What is our primary use case?

We are using FortiWeb for publishing web services and some web applications.

What is most valuable?

The interface makes it easy to identify vulnerabilities.

The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.

This product is very user-friendly.

The security is very good.

What needs improvement?

FortiWeb needs to have support for the newest technology being used in web applications. For example, some companies have developed new features using the latest technology, but we are still waiting for Fortinet to support them.

For how long have I used the solution?

I have been using FortiWeb for between four and five years.

What do I think about the stability of the solution?

The stability is very good and we're fortunate that we haven't had any issues.

What do I think about the scalability of the solution?

We have had no issues with scalability.

How are customer service and technical support?

We are in Iran and working under sanctions, which means that we cannot buy new American products and cannot get support. Companies usually buy devices that are second hand, or from a third-party, neither of which have support.

That said, my impression is that the support is good for companies who are eligible to use it.

How was the initial setup?

The initial setup was not complex. Like all Fortinet devices, it is user-friendly.

What's my experience with pricing, setup cost, and licensing?

Due to the situation in Iran with the sanctions, the price of this solution is very expensive.

Which other solutions did I evaluate?

The only other two web application firewall products that are available in my country are F5 and Imperva.

What other advice do I have?

This is a good product and I strongly recommend it, especially for companies in the banking industry.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
it_user976896 - PeerSpot reviewer
Network Engineer at a tech services company with 201-500 employees
Reseller
User-friendly GUI, easy to configure, and technical support responds quickly
Pros and Cons
  • "The GUI is user-friendly."
  • "The integration with other products should be improved."

What is our primary use case?

We are a product reseller and this is one of the solutions that we provide for our customers. At this point, we have only implemented it for one customer.

What is most valuable?

The GUI is user-friendly.

It is easy to configure compared to solutions by other vendors, such as F5.

What needs improvement?

The integration with other products should be improved.

This product does not come with bare metal protection, so we need more network features. We don't want to be as dependent on a separate next-generation firewall.

The pricing could be made more competitive.

What do I think about the stability of the solution?

So far, the stability has been okay.

What do I think about the scalability of the solution?

We have not had a problem with scalability but we have only deployed it for one project.

How are customer service and technical support?

The technical support is very good and they are fast to respond.

Which solution did I use previously and why did I switch?

I have also worked with similar solutions by F5 and Barracuda. FortiWeb is easier to configure because the F5 product requires more technical knowledge. The Barracuda solution has the advantage that DDoS support is built-in and there is no need to integrate with other products.

How was the initial setup?

The initial setup is straightforward, although integration is more difficult. For example, if you want to have DDoS attack support then you need to integrate with the firewall. With the solution from Barracuda, the DDoS capability is already included.

What's my experience with pricing, setup cost, and licensing?

FortiWeb is more expensive than some competing products.

Which other solutions did I evaluate?

We have a lot of requests for Barracuda solutions from our customers. One of the reasons for this is that the pricing is cheaper by quite a lot.

What other advice do I have?

While I have not done comprehensive testing with FortiWeb, I have no complaints so far.

My advice for anybody who is considering this product is that if they are not very advanced in terms of technical training, this product is a good choice because it is very simple to implement.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
IT Infrastructure Manager with 201-500 employees
Real User
The learning mode of the appliance picks up on the pattern of SSL attacks
Pros and Cons
  • "I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks."
  • "We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced."

What is our primary use case?

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

How has it helped my organization?

We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.

What is most valuable?

We have been using all the features and everything is nice. 

I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks. 

What needs improvement?

We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced. 

We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.

For how long have I used the solution?

We have been using it for five years (since 2015). 

What do I think about the stability of the solution?

We haven't had any issues with it so far. 

What do I think about the scalability of the solution?

The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.

We plan to use the product for the next two years. There are no major upgrades planned anytime soon.

There are four users for the product (with two being from the security team).

How are customer service and technical support?

We have needed minimal support for the solution. The support has been okay.

Which solution did I use previously and why did I switch?

We did not have a solution that we previously used.

How was the initial setup?

It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.

The deployment took almost six hours to get up and running.

What about the implementation team?

We used a reseller. They helped us implement the device. 

The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.

What's my experience with pricing, setup cost, and licensing?

All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.

Which other solutions did I evaluate?

Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.

What other advice do I have?

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.

What we have now is working fine.

I would rate FortiWeb as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1217868 - PeerSpot reviewer
Information security at a financial services firm with 1-10 employees
Real User
Provides us with security to access critical applications and it's easy to understand how to manage
Pros and Cons
  • "The GUI is user-friendly and it's easy to understand how to manage it."
  • "Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it."

What is our primary use case?

Our primary use case is to protect an integral application against vulnerabilities. It's a WAF. It protects against vulnerabilities. We have run tests against it. We also use it for two-factor authentication before authorizing anybody to access the critical application.

How has it helped my organization?

We required security to access critical applications. We otherwise would not have been able to use the end notifications. We wanted to use the application and it's critical to us, Fortiweb enabled us to have that ability. 

What is most valuable?

We are able to have an application layer different from the application itself that is protected by the FortiWeb Portal authentication feature. 

What needs improvement?

Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it. 

What do I think about the stability of the solution?

It's very stable. I've never had any issues. 

What do I think about the scalability of the solution?

The scalability is quite good. It's a virtual machine so we know the exact resource so if we would have to increase it would be easily scalable. 

We have around 15 users in our company. The users are end-users and technicians. 

How are customer service and technical support?

Fortinet support is very good. 

How was the initial setup?

The initial setup was quite straightforward. The GUI is user-friendly and it's easy to understand how to manage it. We used an expert to finalize the last 10% of the configuration because we wanted specific settings regarding the security. We knew what we wanted to block and we needed an expert for the specific rules. Otherwise, 90% of the setup was done in-house. 

The deployment only took two to three days. We only needed one employee to install it. 

What's my experience with pricing, setup cost, and licensing?

The costs are standard. We pay around $1,600 yearly. 

Which other solutions did I evaluate?

We also looked at Software CTM. It was impossible to use compared to FortiWeb. 

What other advice do I have?

Be sure that the security is correctly configured and all the attack patterns are covered. Make sure to do an independent assessment of the security. 

I would rate it a nine out of ten. We are very satisfied with it. 

We have an issue when the underlying web protected generates a logout and we want the authentication portal to recognize that the application has been logged out. When the underlying application generates a logout, the portal does not recognize the logout. I would like a way for the FortiWeb portal to easily recognize the portal. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager at a government with 201-500 employees
Real User
Good security and technical support, but more report templates should be available

What is most valuable?

The most valuable features are support and security.

What needs improvement?

More templates should be made available for reporting.

I would like to see more improvements with respect to threat intelligence.

For how long have I used the solution?

I have been using Fortinet FortiWeb for a few years.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

Scalability is good. We have more than 1,000 users.

How are customer service and technical support?

The technical support is okay and I am satisfied with it.

How was the initial setup?

The initial setup is straightforward and the deployment can be completed within a couple of hours.

What other advice do I have?

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Yousef Altaj - PeerSpot reviewer
Tech Manager at Global tec
Reseller
Problematic licensing requires upgrades at scale with additional expense for advanced features
Pros and Cons
  • "FortiWeb offers machine learning in the latest product. This fixed many problems. There are no false negatives."
  • "Fortinet FortiWeb is not scalable. You'll need more budget to change the hardware."

What is our primary use case?

We are partners with Fortinet. We specialize in power customers. We use many products like FortiGate, FortiWeb, FortiAnalyzer, FortiSIEM, and FortiSandbox.

All the FortiGate products are new, even the Fortinet switches we are selling to our customers. We also install and configure the network for our customers.

How has it helped my organization?

With this product, you can secure all the Fortinet products together. I'm an entrepreneur. Most people fail in the publication of a firewall.

What is most valuable?

FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now. 

Fortinet FortiWeb now has artificial intelligence and machine learning.

What needs improvement?

What I would like to see improved in Fortinet FortiWeb will probably be included in the next release. The legal feature needs better step-by-step use of the form. 

We use the FortiGate guidebook for step-by-step instructions. But the FortiWeb guidebook is only is a demonstration kit which is not enough for a new installation.

What do I think about the stability of the solution?

FortiWeb is a stable solution.

What do I think about the scalability of the solution?

Fortinet FortiWeb is not scalable. There is a model and a license if you want to use it. You'll need more budget to change the hardware. FortiWeb is not scalable on the same plan.

How was the initial setup?

The initial setup is not simple for all the products. Some Fortinet products vary, but overall it is straightforward.

What other advice do I have?

In the version of Fortinet FortiWeb that we have, it does not include the scanner. We cannot access every feature. If you have all the popular products, you can use the system perfectly to connect everything. 

Fortinet can improve the security firebase in support for HTTPS and the CPU with additional configurations. On a scale from 1 to 10, I would rate Fortinet FortiWeb a two.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
E Beernink - PeerSpot reviewer
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
Real User
Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet
Pros and Cons
  • "It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
  • "The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures."

What is our primary use case?

We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.

What is most valuable?

It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.

What needs improvement?

The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do. 

It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.

For how long have I used the solution?

I've been using the solution for 2.5 years.

What do I think about the stability of the solution?

It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.

What do I think about the scalability of the solution?

We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.

How are customer service and technical support?

The technical support is very good.

How was the initial setup?

The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.

Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.

What's my experience with pricing, setup cost, and licensing?

You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.

What other advice do I have?

Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.

In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.

I would rate this solution eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer at a tech services company with 11-50 employees
Real User
Good pricing, and provides for faster and more secure application deployment
Pros and Cons
  • "The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability."
  • "We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point."

What is our primary use case?

I primarily use this solution for the protection of our applications. We chose Fortinet because you can check an application and deploy it in real time. We use the WAF solution from Fortinet to protect against new exploits discovered. Within Fortinet, there is a way to secure such bugs and exploits in the application we're running.

What is most valuable?

The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability. This part of the intelligence and behavioral analysis makes it very easy to tell if the user just used a few wrong characters in the field or not. It also checks to see if different characters are being entered very quickly, and can tell whether the user is actually typing something.

Another feature is the possibility to balance the traffic and there's lots of integration with your sandbox.

What needs improvement?

We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point. But, from what I understand, we haven't looked at the market to see how this can be done yet.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

In terms of stability, we haven't had a crash or malfunction.

What do I think about the scalability of the solution?

We've used the solution for two years and it's been okay.

We are operating at approximately sixty percent capacity. The solution is used all the time, but you can measure this because there are different boxes that you can buy for different levels. In our case, we keep some at thirty to forty percent available. In order to be able to watch an application and protect a larger amount of traffic, we keep it at this level. So we're good on this scalability or performance side.

How are customer service and technical support?

We haven't had any technical issues, because it was designed as specified in the documentation. I know we have local support, so if there is an issue we can call and escalate the call to get the support if there is a problem. We are within the warranty service period, so from this side, we are comfortable with this solution.

Which solution did I use previously and why did I switch?

We did use another solution, but, compared with the competition, we got the best ratio of performance to price when we chose Fortinet. We could use F5, for example, but the price is not as good.

How was the initial setup?

The setup for one application is sort of complex but based on the automatic profiling, they're learning. You are provided with a set of policies that meet best practices and security recommendations, so you are good to go in a very short time.

What about the implementation team?

We did the implementation ourselves. It was not required to have some higher level of expertise order to implement. There were no functions that were not documented, so we didn't need any outside party involved with this process.

What's my experience with pricing, setup cost, and licensing?

The solution gives us the best price to performance ratio.

What other advice do I have?

The interface has been a pain in the past but now with the later version, 2.2, the user behavior analysis has improved. Before when you want to deploy an application, for example, you needed to have a login page and make sure to search for the user behavior and all the interactions. That way, you could generate flexible usage for that application. Now that's automated, so apart from that, there's no huge report or feature that we would like to improve.

I would rate this product a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SE at a comms service provider with 11-50 employees
Real User
Top 10
The firewall/waf features, GUI for administration, and licensing support all need improvements
Pros and Cons
  • "What we like about Fortinet FortiWeb is it has all the features. We use all of them, so we have to turn on all the options."
  • "Fortinet FortiWeb needs to improve the way it's configured. Common services like publishing exchange should be done in one click only."

What is our primary use case?

Publishing Web application, Exchange, Lotus Domino. Some microservices. 

How has it helped my organization?

Fortiweb improved way people work and access internal resources based on http/https communication. 

What is most valuable?

It depends on the project and what the customer is looking for. 

What needs improvement?

First of all, upgrade path should be introduced for scaling up or down VM deployment. Second, they need to include better wizards for publishing common applications like MS Exchange. 

.

For how long have I used the solution?

I have been using Fortinet products for 15 years or more.

What do I think about the stability of the solution?

Fortinet FortiWeb has been extensively used by us previously, but we are going to decrease the usage now because of cost. 

What do I think about the scalability of the solution?

Fortinet FortiWeb is scalable but you have to do forklift upgrades. 

How are customer service and technical support?

Fortinet has had some rough times. When they started expanding a bit, they completely screwed up their support system. The support had no clue what they were doing except just asking dumb questions. Now is bit different since Fortinet consolidated their support but still you need to pass L1 support quickly. 

How was the initial setup?

Even from the early days, Fortigate/Fortiweb was easy to set up. It had an ugly interface but it has been improved every year. 


What about the implementation team?

I deliver different security solution to customers. 

What's my experience with pricing, setup cost, and licensing?

The license cost depends on the size of the box or the size of the solution. It can go from few K Euros to a few hundred thousand Euros a year depending on your size.

What other advice do I have?

If you are looking to be partner with Fortinet, you have to buy licenses. Not even VMs are free to partners.  

Fortiweb in essence, needs to become part of Fortigate. Fortinet is not suitable for SMB customers since you have to deploy several boxes in order to get thing right. Also, speed of deployment is important and that isn't fast with many boxes. 

On a scale from one to ten, I would rate this product a solid seven. It's a good product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
RafigFeizullayev - PeerSpot reviewer
Head of Security systems department at Zerde Business Solutions
Reseller
Good performance, easy setup and good UTM features like self-encryption
Pros and Cons
  • "All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet, FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features."
  • "New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems."

What is our primary use case?

All of our customers use it because they need a proxy solution. Fortinet provides us the best solution to do this. I don't believe that Check Point or Palo Alto can do what Fortinet does. 

How has it helped my organization?

There's a high school with many branches in our country. I configured it for them and they are very happy with Fortinet. Fortinet's performance is very good. 

What is most valuable?

All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet: FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features.

What needs improvement?

New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems. I don't have anything to say about what to do to improve this product. It's a great solution for us.

What do I think about the scalability of the solution?

Scalability is very good. Our customers that use Fortinet have two thousand local users.

How are customer service and technical support?

Any problems that our customers have, they first call me and I support them. If I can't solve a problem I create a ticket. This happens very rarely. Their technical support is very good because they always help me.

How was the initial setup?

The initial setup is very simple to configure. Our customers are very happy with that.

The time it takes to deploy depends on how deep our project is. Sometimes it can take a week and sometimes a month. Minimum a week though.

What about the implementation team?

All Fortinet products that we sell, I deploy by myself.

What's my experience with pricing, setup cost, and licensing?

The licensing policy is very good. Our customers are very happy with that.

Which other solutions did I evaluate?

When our customers ask about Palo Alto we can sell them a Palo Alto but we try to explain that Fortinet is a great solution. 

What other advice do I have?

I would rate it an eleven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Oliver Rodrigues - PeerSpot reviewer
Senior Network Security Planning at Ooredoo Kuwait
Reseller
Has a mechanism to detect all of your entries that aren't used and clean them up but they should have an antivirus option
Pros and Cons
  • "When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up."
  • "I would like to have an antivirus option."

What is our primary use case?

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS. 

How has it helped my organization?

When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up.

What is most valuable?

The most valuable features are the access policies and how Fortinet gets the compilation done is really good.

What needs improvement?

I would like to have an antivirus option. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Stability is very good. 

What do I think about the scalability of the solution?

We haven't had any issues with scalability. You can scale up easily. 

How are customer service and technical support?

Their technical support is good. 

Which solution did I use previously and why did I switch?

We previously used Cisco. We switched because all they are is a brand name. It was a failure. We gave it a year to improve the product and it didn't so we switched. 

How was the initial setup?

The initial setup was straightforward. The deployment didn't take much time. The support guys were really good. The transition from Cisco to Fortinet was a bit challenging but they had tools to make it easier. 

We require three staff for the deployment and maintenance. 

What about the implementation team?

We are the resellers. 

What other advice do I have?

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Network Security Engineer at Technicom Mali
Real User
Top 5
Anti-defacement feature intelligently handles complete website backup
Pros and Cons
  • "Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."
  • "FortiWeb does not exist in a cloud-based form. Its only available for deployment as a virtual appliance on AWS and Azure IaaS platforms. Because of the trend to WAF environments, it would be good to have it as a SaaS. Also, FortiWeb would be more competitive if it combined WAF and DDoS protection."

What is our primary use case?

We are a system integrator so we propose FortiWeb to our clients who are looking to protect their public web applications like e-banking platforms, teleservice, and so on.

How has it helped my organization?

A customer said to us that before FortiWeb they regularly had to back up their whole website folder to prevent defacement and ransomware. Now, with the FortiWeb Anti-defacement feature, this process is handled more intelligently, as FortiWeb does it for them.

What is most valuable?

Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.).

What needs improvement?

FortiWeb does not exist in a cloud-based form. Its only available for deployment as a virtual appliance on AWS and Azure IaaS platforms. Because of the trend to WAF environments, it would be good to have it as a SaaS. Also, FortiWeb would be more competitive if it combined WAF and DDoS protection.

For how long have I used the solution?

One to three years.

What other advice do I have?

I rate FortiWeb at eight out of 10 because it is good at what it does but I think it could do more, like combining DDoS protection.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Paula Wong - PeerSpot reviewer
CEO at a tech services company with 11-50 employees
Real User
Protects our customers' web infrastructure environment

How has it helped my organization?

Fortinet FortiWeb has improved my organization by protecting our customers' web infrastructure environment.

What is most valuable?

The most valuable feature is the web application firewall (WAF).

What needs improvement?

Their support needs improvement.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

I would rate their technical support as a nine out of 10.

Which solution did I use previously and why did I switch?

We previously used NetScaler.

How was the initial setup?

The initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable.

Which other solutions did I evaluate?

Not applicable.

What other advice do I have?

Evaluate this product against other vendors out there.

We were previously a partner.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network System Administrator at a tech services company with 201-500 employees
Real User
Protected our web servers from outside attacks. Certificates were deleted when firmware was upgraded.
Pros and Cons
  • "We were able to protect our web servers from outside attacks."
  • "The false positives are annoying.​"
  • "I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.​"

How has it helped my organization?

We were able to protect our web servers from outside attacks. It has really helped us with publishing servers which were published on Microsoft Forefront TMG.

What is most valuable?

All of its feature are valuable to us. If you ask me which is the most valuable, it is the load balancing, then I would say the security features. Publishing OWA is also a good feature.

What needs improvement?

We started with FortiWeb400C, then we did an upgrade to FortiWeb 400D. I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.

The false positives are also annoying.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We did not encounter with any stability issues.

What do I think about the scalability of the solution?

We did not encounter with any scalability issues.

How are customer service and technical support?

Fortinet technical support is really good. I would give them a nine out of 10.

Which solution did I use previously and why did I switch?

We did not use a WAF before. We used Microsoft TMG, but it is not a WAF.

How was the initial setup?

Initial setup is straightforward, and it is not too complex.

What's my experience with pricing, setup cost, and licensing?

It really pays off to buy licences for multiple years.

Which other solutions did I evaluate?

No.

What other advice do I have?

It is a really good product. It is worth using in your network.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partners.
PeerSpot user
Technical Advisor at a tech services company with 51-200 employees
Real User
L-7 protection safeguards legacy servers/applications without changing application code
Pros and Cons
  • "Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself."
  • "SSL Offloading simplifies the public certificate handling and brings additional protection features."
  • "L-7 protection makes possible to protect legacy/not up-to-date servers/applications without changing the application code."
  • "Centralized management of multiple devices, and GUI improvement, could reduce the learning curve."
  • "The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions."
  • "Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."

How has it helped my organization?

Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself.

What is most valuable?

SSL Offloading, as it simplifies the public certificate handling and brings additional protection features. 

Also, L-7 protection, as it makes possible to protect legacy/not up-to-date servers/applications without changing the application code.

What needs improvement?

  • Centralized management of multiple devices, and GUI improvement, could reduce the learning curve. 
  • The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions. 
  • Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. (Actually, our traffic usually does not reach 50% of unit capacity).

How are customer service and technical support?

Good. Usually takes one day to get over all the assessment procedures to start to handle the issue.

Which solution did I use previously and why did I switch?

The previous vendor discontinued its product.

How was the initial setup?

A little bit complex, as understanding the GUI arrangement and terms took more time and effort than we expected.

What's my experience with pricing, setup cost, and licensing?

Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes.

Which other solutions did I evaluate?

We acquired a Fortinet-based project, so we didn’t evaluate other ones.

What other advice do I have?

I rate it eight out of 10. I understand that a 10 is for products that not only execute smoothly but are also easy to use and manage, even when used on a multi-site corporation.

Take at least the Fortinet online course, or make sure that your reseller has experienced professionals.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user821967 - PeerSpot reviewer
Viznet Bilişim Hizmetleri
Real User
Auto Learn makes policy additions or deletions for my customers very simple​
Pros and Cons
  • "Auto Learn feature: Makes policy additions or deletions for my customers very simple​"
  • "HA Architecture needs improvement. I would improve it by working on AP HA."

How has it helped my organization?

Security.

What is most valuable?

  • Web application security features, because they are more effective
  • Stability 
  • Auto Learn feature: Makes policy additions or deletions for my customers very simple

What needs improvement?

HA Architecture. I would improve it by working on AP HA.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with stability, with the true network topology.

How are customer service and technical support?

I am Fortinet expert, but L4 support is working very well.

Which solution did I use previously and why did I switch?

Previously used F5, NetScaler, Imperva. Other products feature LB WAFs, so a limited WAF feature. This product's primary feature is WAF. I chose this product because it prioritizes security.

How was the initial setup?

Very complex. More security features.

What's my experience with pricing, setup cost, and licensing?

Cheaper than others.

Which other solutions did I evaluate?

F5, NetScaler, Imperva and Squid.

What other advice do I have?

Here's how I would break down my rating of this product:

  • Session Management: 10 out of 10 
  • Security: 10 out of 10 
  • Stability: 10 out of 10
  • Health check feature: eight out of 10.

If your goal is security, FortiWeb is your best choice.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
FabiolaOliveros - PeerSpot reviewer
Technology Consultant at a tech services company with 11-50 employees
Consultant
Detection engine provides a high rate of exposure of web attacks
Pros and Cons
  • "High-performance and detection engines, provide a high rate of exposure of web attacks."
  • "FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure."
  • "Integration and learning about attacks. I would improve these areas by making FortiWeb integrate with other network technologies and feedback from multiple platforms."

How has it helped my organization?

Mitigation of attacks and thefts in an online banking platform.

What is most valuable?

High-performance and detection engines, because of their high rate of exposure of web attacks.

What needs improvement?

Integration and learning about attacks. I would improve these areas by making FortiWeb integrate with other network technologies and feedback from multiple platforms.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

The equipment is dimensioned as a function of servers traffic. To scale on the platform it is necessary to acquire superior models.

How is customer service and technical support?

Excellent.

How was the initial setup?

It was simple and functional.

What's my experience with pricing, setup cost, and licensing?

FortiWeb can be purchased in VM mode for a lower price and the same features.

Which other solutions did I evaluate?

The WAF module of F5 was evaluated.

What other advice do I have?

FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure.

I would advise requesting a PoC test with a learning policy.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user818139 - PeerSpot reviewer
Security Consultant at a tech services company with 11-50 employees
Consultant
Give us built-in security templates, strong threat intelligence, and is AV integrated
Pros and Cons
  • "Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.)."
  • "Built-in security templates, AV integrated, strong threat intelligence."

    How has it helped my organization?

    With other vendors you need to go through a learning period. With FortiWeb you can just apply a high-security profile and move on. It's very easy to reduce false positives.

    What is most valuable?

    • Built-in security templates
    • AV integrated
    • Strong threat intelligence

    Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.).

    Requires very little effort to add device to topology or replace existing WAF device with FortiWeb.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    No issues with scalability.

    How are customer service and technical support?

    Eight out of 10.

    Which solution did I use previously and why did I switch?

    F5, A10, KEMP.

    How was the initial setup?

    It's very easy.

    What other advice do I have?

    Be sure to look at industry reviews, they have good knowledge about threat intelligence.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Security Consultant at Accenture
    Real User
    It has provided stability to applications. The hardware is not sturdy.

    What is most valuable?

    Application delivery is strong.

    How has it helped my organization?

    It has provided stability to applications.

    What needs improvement?

    The hardware does not measure up. Fortinet does not have sturdy hardware.

    For how long have I used the solution?

    I have been using it for three years.

    Which solution did I use previously and why did I switch?

    My client was using it when we took over operation of the project.

    What's my experience with pricing, setup cost, and licensing?

    The price is not too low and it’s not too high.

    Which other solutions did I evaluate?

    I did not evaluate other options. This product was already implemented.

    What other advice do I have?

    Check the market before implementing it... because I didn’t get the chance to do so.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user389823 - PeerSpot reviewer
    Head of Security at a tech company with 1,001-5,000 employees
    Vendor
    If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.

    What is most valuable?

    • SSL offloading
    • Unlimited number of protected servers
    • Load balancing

    How has it helped my organization?

    If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.

    What needs improvement?

    It would be great if FortiWeb could provide web forms like Microsoft TMG. (For example, OWA Exchange portal or SharePoint portal.) Many of our customers are looking forward to this functionality.

    For how long have I used the solution?

    I don’t use it, but as a partner of Fortinet, I implement it at customers’ sites. Our customers have been using it for about two years.

    What do I think about the stability of the solution?

    One of our customers recently experienced a stability problem. The customer has two FortiWeb appliances in an HA cluster (A-P). Something happened and both FortiWeb units became MASTER. Only a reboot of one of the units helped them. We opened a ticket.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    Sometimes technical support is very slow, but sometimes they work very fast. So I will rate it 5/10.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution.

    How was the initial setup?

    Initial setup is not very complex. But if we have problems with configuration, we ask support.

    What's my experience with pricing, setup cost, and licensing?

    We always recommend the full bundle, but sometimes we offer a budget-conscious solution for the customer.

    Which other solutions did I evaluate?

    Before choosing this product, I did not evaluate other options.

    What other advice do I have?

    Look at the PRICE and the PERFORMANCE.

    Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Fortinet partner.
    PeerSpot user
    it_user430797 - PeerSpot reviewer
    Network Engineer at a mining and metals company with 1,001-5,000 employees
    Vendor
    It can bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels. The user interface and update/support is not quite user-friendly.

    What is most valuable?

    The bandwidth limitation and restriction feature is most reliable and useful, working as expected and hasn’t had any crash or excessive load issues.

    Using the interface to set bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels is really useful for allocating dedicated bandwidth for senior users, reducing it for public users, etc.

    How has it helped my organization?

    This product allows our organization to manage each user’s bandwidth limitation for internet service and overall.

    What needs improvement?

    The user interface and update/support is not quite user-friendly.

    Obviously nowadays these are just normal features, but we are looking for QoS, application visibility, web filtering and mostly threat detection/malware protection/IPS for security side/etc.

    For how long have I used the solution?

    We have been using it for five years.

    What do I think about the stability of the solution?

    We have not encountered any stability issues. Not at all. We have placed it in our data center, and the equipment’s hardware stability is quite good. The equipment works fine when there is a power outage and comes back. Never had a hardware issue.

    What do I think about the scalability of the solution?

    We knew the equipment’s scalability and feature range, so it is fair.

    How are customer service and technical support?

    There were a few issues with technical support when we tried to extend contract/support.

    Which solution did I use previously and why did I switch?

    We used Microsoft ISA software firewall, and we encountered hardware and software failures a lot. We decided to change to a hardware solution because of many power outages.

    How was the initial setup?

    Initial setup was straightforward and easy to manage.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is bit high but fair for a hardware unit. However, licensing and benefits for my country and region is not good.

    What other advice do I have?

    It is an easy-to-manage, great product for a small office.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user256842 - PeerSpot reviewer
    IT Admin at a comms service provider with 1,001-5,000 employees
    Vendor
    I set it up on my own. I'd like to see improvements in its internet and servers features.

    What is most valuable?

    • Firewall policy

    What needs improvement?

    • Internet
    • Servers

    For how long have I used the solution?

    I have used it for a year and a half.

    What do I think about the stability of the solution?

    We had one stability issue when I ran it once with Wireshark; it froze.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    I cannot rate technical support because I have not used it yet.

    Which solution did I use previously and why did I switch?

    I switched from SonicWALL to Fortinet. I am happier now.

    How was the initial setup?

    Initial setup was not that difficult. It was different to my previous solution; I could do it on my own.

    Which other solutions did I evaluate?

    Before choosing this product, I did not evaluate other options.

    What other advice do I have?

    • Be aware of logs.
    • Does not compare with Check Point about finding policies.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Information Security Expert at a financial services firm with 501-1,000 employees
    Vendor
    It helps us protect our web and database servers from being penetrated from outside the office.

    What is most valuable?

    The most valuable features of the product are its IPS and VPN server.

    How has it helped my organization?

    The device is very handy and it helps us to protect our web and database servers from being penetrated from outside the office.

    What needs improvement?

    The antivirus and the IPS can be improved in the future.

    For how long have I used the solution?

    I have used it for about two years.

    What do I think about the stability of the solution?

    Fortunately, we have not yet encountered any stability issues!

    What do I think about the scalability of the solution?

    With the 600-C model, we had some scalability issues.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution.

    How was the initial setup?

    Initial setup was very straightforward and simple.

    What's my experience with pricing, setup cost, and licensing?

    These devices, especially the 1500-D model, are really worth purchasing and using.

    Which other solutions did I evaluate?

    Before choosing this product, we evaluated many products such as Cisco, Juniper, Cyberoam, and Sophos.

    What other advice do I have?

    In my opinion, the FortiGate appliances, and especially the D series, are really powerful ones and worth providing for your network.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Security Expert at a tech services company
    Consultant
    Next-gen firewall and built-in server load balancing. A BYOD feature is missing.

    What is most valuable?

    • UTM
    • Ease of use
    • Built-in server load balancing
    • VPN
    • Next-gen firewall features

    How has it helped my organization?

    It provides good security visibility.

    What needs improvement?

    A BYOD feature is missing; this could be a good add-on.

    For how long have I used the solution?

    I have used it for about 18 months.

    What do I think about the stability of the solution?

    I did not really encounter any stability issues; it performs well.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues in 18 months.

    How are customer service and technical support?

    Technical support is average; it could improve.

    Which solution did I use previously and why did I switch?

    We previously used Cisco PIX and ASA. We switched because there is no next-gen firewall in the Cisco portfolio.

    How was the initial setup?

    Initial setup was straightforward.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is competitive. Licensing could get expensive as we add feature sets.

    Which other solutions did I evaluate?

    Before choosing this product, we evaluated Palo Alto, SonicWALL and Juniper.

    What other advice do I have?

    It is a good option, keeping in mind pricing and features.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Network Administrator at a local government with 501-1,000 employees
    Real User
    It’s an all-in-one solution that gives more Wi-Fi control capability.

    What is most valuable?

    • Routing
    • Web filtering
    • Wi-Fi control

    How has it helped my organization?

    It’s an all-in-one solution that lowers the cost of having multiple solutions. It gave us more Wi-Fi control capability.

    What needs improvement?

    - Logging

    For how long have I used the solution?

    We have been using this model for one year. We previously implemented earlier models for six years.

    What do I think about the stability of the solution?

    We have encountered very few stability problems. In six years, we had one device that need to be shipped back to Fortinet. We had HA set up at that location, so there was no down time.

    We did not have a problem upgrading their firmware updates.

    What do I think about the scalability of the solution?

    Yes and no; you have to size it right before buying. The hardware on some models is not expandable, but you can easily turn software add-ons on and off.

    How are customer service and technical support?

    I’ll give them an 8/10 for technical support.

    Which solution did I use previously and why did I switch?

    We had a Cisco router and a Barracuda. We switched from that to a FortiGatefirewall and the Cisco Router. Finally, when the Cisco router was going bad, we replaced it with a FortiGate 100 for firewall and routing capability.

    How was the initial setup?

    Initial setup complexity depends on the network. The admin console is easy to use.

    What's my experience with pricing, setup cost, and licensing?

    They have options for their licensing. Look at what you are going to use it for and purchase that way.

    Which other solutions did I evaluate?

    Before choosing this product, we did not evaluate other options. We had one of the smaller firewalls, and we upgraded to one of their bigger ones.

    What other advice do I have?

    Look at sizing. And if you are a 24/7/365 shop, get two for HA.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user440631 - PeerSpot reviewer
    it_user440631Senior Security Consultant at a tech services company with 51-200 employees
    Consultant

    This review seems to apply to Fortinet's Fortigate firewalls instead of Fortiweb (Web Application Firewall).

    See all 2 comments
    PeerSpot user
    IT Support Engineer at a consumer goods company with 51-200 employees
    Real User
    You can set QoS according to application priority.

    Valuable Features

    • Security profiles with application control & web filtering. You can filter which applications are allowed or blocked inside your network, according to the port they are using. Web filtering - which can be applied to Skype for example, prevent botnets, and P2P - also is very helpful when you want to control what is allowed inside the network.
    • QoS. You can set QoS according to application priority.
    • Antivirus from end to end
    • Remote and site-to-site VPN

    Improvements to My Organization

    We have minimized our expenses for internet security/antivirus in host-side products such as FortiClient installation, which has antimalware/web security/antivirus and protects the host from vulnerabilities while connected to the server.

    Room for Improvement

    I would like to see support for throughput up to 10 gbps and WAN support. Depending on your device’s design, I’d like to see throughput support up to 2 mbps for SSL, 3 mbps for IPS, and 1.5 mbps for applications. This might already be offered with newer versions.

    I haven't used the latest release of device. From my current device perspective, reporting is good, but I want to see, in the future releases if they haven't done yet, is the total traffic alert (highest peak) that could receive on mobile or email. This is very helpful if you could set in required interval to monitor the total traffic that could feel the traffic in your hands.

    Use of Solution

    I have used it for five years.

    Stability Issues

    No issues encountered.

    Scalability Issues

    No issues encountered.

    Customer Service and Technical Support

    I rate the level of technical support 9/10.

    Initial Setup

    It was straightforward for minimal configuration and requirements, CLI for complex configuration.

    Pricing, Setup Cost and Licensing

    Pricing and licensing is good and it depends on what the business solution requires.

    Other Advice

    FortiNet shows me the health of the entire network. Evaluate how you would use FortiNet UTM. Look for the solution which fits your business infrastructure requirements such as VPNs, firewalls, application and web filtering, throughput, and most of all, which device which gives you the best performance.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Senior Developer, Project Manager at FPT Software
    MSP
    It makes our web site system work nice and smooth. The UI is a little complicated for new users.

    What is most valuable?

    How has it helped my organization?

    It makes our web site system work nice and smooth.

    What needs improvement?

    The UI is a little complicated for new users.

    For how long have I used the solution?

    I have been using it for over a year.

    What do I think about the stability of the solution?

    I have not yet encountered any stability issues.

    What do I think about the scalability of the solution?

    I have not yet encountered any scalability issues.

    How are customer service and technical support?

    I have even contacted technical support once.

    Which solution did I use previously and why did I switch?

    My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we discovered that we needed another solution. We chose FortiWeb after a little research into the market.

    How was the initial setup?

    Initial setup was straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is a little high.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user406593 - PeerSpot reviewer
    Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    At first, it helped us publish e-banking services, but we soon discovered it was an easy way to deploy other internal websites in an intranet style.

    What is most valuable?

    • FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
    • Rewrite
    • Redirect
    • Proxy reverse mode

    How has it helped my organization?

    It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.

    What needs improvement?

    I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:

    • Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
      • If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
      • If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
    • Upgrading from 5.3.x to 5.5.x:
      • Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
      • Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.

    For how long have I used the solution?

    I have used it for three years.

    What do I think about the stability of the solution?

    It really is a powerful WAF; more than one year running with no stability issues.

    What do I think about the scalability of the solution?

    We did not have to scale our web servers; we just added new servers without any issue.

    How are customer service and technical support?

    The support is good, but they need more experts, because sometimes they take too much time to provide solutions.

    Which solution did I use previously and why did I switch?

    Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.

    How was the initial setup?

    The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.

    What's my experience with pricing, setup cost, and licensing?

    I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.

    Which other solutions did I evaluate?

    For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.

    What other advice do I have?

    I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Information Security Leader at a government
    Vendor
    It has helped us prevent exploitation of vulnerabilities while we are working on code. Signatures are basic and prone to firing false positives.

    What is most valuable?

    • It supports OWASP top 10.
      As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:
    1. Create first the objects needed.
    2. Assemble the policy.
    • The GUI interface is intuitive. I have never needed to use the CLI
    • It has good reports.It is easy to manage.

    How has it helped my organization?

    The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

    What needs improvement?

    The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

    User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

    This is a false positive. If the signature was more complex, that would not occur.

    For how long have I used the solution?

    I have been using it for four years.

    What do I think about the stability of the solution?

    I have not encountered any stability issues, but it always consumes a lot of memory.

    How are customer service and technical support?

    Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

    Which solution did I use previously and why did I switch?

    ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

    How was the initial setup?

    It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

    What's my experience with pricing, setup cost, and licensing?

    Price and licensing is fine; it is one of the cheapest solutions and does its job.

    Which other solutions did I evaluate?

    We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

    What other advice do I have?

    It has a good quality/price relationship. The web vulnerability scan module is useless.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Senior Information Security Engineer with 1,001-5,000 employees
    Vendor
    With Layer 7 server load balancing, it makes decisions based on the content of messages. It also can offload slow connections from the upstream servers.

    What is most valuable?

    • Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
    • Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
    • Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
    • Zero-day protection
    • Advance correlation
    • URL rewriting and content rewriting

    How has it helped my organization?

    Before FortiWeb deployment, we were using a combination of commercial and open-source products. It was a hassle for the administrators, due to which some areas were unintentionally overlooked and caused many problems. With FortiWeb, we got a one-box solution for internet and internet security, which reduced the time required of the administrators and improved visibility at the larger scale.

    What needs improvement?

    Usually patches and version upgrades are really buggy, so we usually wait about one month for a stable release to upgrade. They need to improve the new version/patch delivery mechanism. For example, if a patch fixes one functionality for web services but also causes some other functionality failure.

    For how long have I used the solution?

    I have been using it since 2014.

    What do I think about the stability of the solution?

    In the first few months, we had some issues but with a custom patch, we are good.

    What do I think about the scalability of the solution?

    No scalability problems so far.

    How are customer service and technical support?

    I rate technical support 8.5/10.

    Which solution did I use previously and why did I switch?

    We were using combination of solutions, due to our organisation's policies. Due to lack of visibility, administrative issues and response times, we shifted.

    How was the initial setup?

    We had a complex environment, with multiple offices across the globe with all the data in and out from our HQ.

    What's my experience with pricing, setup cost, and licensing?

    At the time of deployment, and still now, the price was considerable less than other solutions and varies according to license type.

    Which other solutions did I evaluate?

    We also evaluated Cisco and McAfee.

    What other advice do I have?

    It is a great product, but be careful with version upgrades.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Director with 51-200 employees
    Vendor
    Other firewalls are just as good, but this product is at a much better price point.

    What is most valuable?

    We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.

    How has it helped my organization?

    I would not say it has improved how we function because I think that other leading vendors firewalls are as good. However, I do think that FortiGate can do it at a much better price point than, for example, Cisco ASA or Palo Alto.

    What needs improvement?

    The CLI could be improved by removing all default syntax from the config. The debugging of crypto VPN is not as informative as other vendors’ firewalls. The GUI is also not as good as some vendors, but overall as a package and considering price, it still provides value for money.

    For how long have I used the solution?

    I first used the Fortinet solutions in 2005 when it was version 2 & 3; since then, it has matured a lot and is much better. I would definitely recommend it, primarily on value for money. For the newer versions, I have been using 1000C and 300D, with FortiGate VM01 firewalls running a mix of software versions 5.4 and 5.2 for almost two years.

    What do I think about the stability of the solution?

    I did not encounter any stability issues.

    What do I think about the scalability of the solution?

    FortiManager is required for scalable managing of multiple devices, but we do not have enough to need that. I think that the logging could be better but for that, FortiAnalyzer is recommended, which we do not have.

    How are customer service and technical support?

    We have not needed to use Fortinet TAC.

    Which solution did I use previously and why did I switch?

    This solution replaced some old Juniper ISG firewalls that were EoL; nobody in the company had Juniper SRX experience and the choice was made for Fortinet before I started at the company.

    How was the initial setup?

    Initial setup for what we need to use it is very straightforward. There are certain features (such as TACACS) where you need to use CLI, but most things can be done with the GUI.

    What's my experience with pricing, setup cost, and licensing?

    Very competitive; Fortinet would always be an option for a perimeter firewall for me if I were needing new kit. I would always include it in any quotes and options, although depending on the requirements, I might decide to choose something else.

    Which other solutions did I evaluate?

    I have used firewalls that I find easier to manage, configure and troubleshoot. However, the Fortinet firewalls are pretty good, and in terms of value for money, they are outstanding.

    Pros: Cost for performance, very feature rich, GUI is pretty good.

    Cons: Debugging is not as good as I find Cisco ASA. CLI is overly complicated by all syntax showing in the configuration. The GUI is not as nice as CheckPoint or Palo Alto.

    What other advice do I have?

    Evaluate the product first and compare it to what you are used to and what you want. It provides very good value for money, but if the budget were there, I would probably choose another vendor in certain circumstances.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Senior Analyst at a financial services firm with 1,001-5,000 employees
    Real User
    20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements. Product support is a major concern.

    What is most valuable?

    In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

    • 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
    • Easy integration with various Fortinet products such as FortiSandbox for APT detection.
    • ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

    How has it helped my organization?

    • Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
    • Rule creation and fine tuning are easy, as compared to its competitors.
    • Product has provided adequate assurance to organization’s PCI DSS program.

    What needs improvement?

    Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

    The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

    Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

    For how long have I used the solution?

    It’s been almost one year since we started using this solution.

    What do I think about the scalability of the solution?

    The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

    How are customer service and technical support?

    As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

    Which solution did I use previously and why did I switch?

    We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

    How was the initial setup?

    Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

    FortiWeb provides a wide variety of deployment options such as

    • Reverse proxy
    • Inline transparent
    • True transparent proxy
    • Offline sniffing
    • WCCP (Web Cache Communication Protocol)

    What's my experience with pricing, setup cost, and licensing?

    Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

    Which other solutions did I evaluate?

    We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

    What other advice do I have?

    Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

    Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.