When discussing Fortinet FortiWeb Cloud WAF-as-a-Service, I always recommend it. Either I can recommend F5. Most users require security via SSL, so I recommend Fortinet FortiWeb Cloud WAF-as-a-Service because you can get bot security, DOS protection, signature-based technology, and certification. You will receive all Layer 7 security. That is why I recommended Fortinet FortiWeb Cloud WAF-as-a-Service. Whatever publicly accessible applications exist, they should use the WAF solution. People in banking, marketing, and finance are only using the WAF solution. If it is a mid or small company, they do not require a WAF solution because they do not have a public platform and are not publishing that application. For enterprise level, I can recommend a WAF solution or a firewall.
Technical Engineer Technical Security at a tech services company with 10,001+ employees
Real User
Top 5
Feb 25, 2026
Fortinet FortiWeb Cloud WAF-as-a-Service is deployed for our organization, and we also deploy it for our customers as part of the managed services we provide, so it is being deployed and managed as a service. I work with Fortinet products, including firewalls and WAF services, which are part of what we work with.
General Manager at a manufacturing company with 10,001+ employees
Real User
Top 5
Dec 30, 2025
Our primary use case is protecting public facing web applications and APIs against OWASP Top 10 threats and automated attacks. Fortinet FortiWeb Cloud WAF-as-a-Service was used to protect a customer facing web application exposed to the internet. It helped detect and block malicious requests such as SQL injection and bot-driven traffic without impacting legitimate users.
Network and Security Engineer (Contractor) at Clymora Technology Limited
Real User
Top 5
Nov 21, 2025
Fortinet FortiWeb Cloud WAF-as-a-Service protects our customers' websites, including e-commerce sites, normal websites, and web applications. I can provide a quick example of a customer website where we protect an e-commerce site, especially in Kenya where WAFs are mostly used in banks to meet the PCI DSS standard. The service blocks attacks like cross-site scripting and DDoS, as well as all website-related attacks. Fortinet FortiWeb Cloud WAF-as-a-Service helps protect against many attacks related to web applications, including SQL injection and misconfigurations from customers that lead to vulnerabilities like denial of service and attempts to exfiltrate sensitive data, particularly for banks.
Principal Network Architect at a financial services firm with 201-500 employees
Real User
Top 5
Apr 11, 2025
We use Fortinet FortiWeb Cloud WAF-as-a-Service situated in front of our web-facing APIs. This includes everything that is customer-facing, business-to-business APIs, and things like that.
IT Specialist at a manufacturing company with 10,001+ employees
Real User
Top 5
Jan 14, 2025
I use it for all the applications in my company that need external access. I route the traffic to FortiWeb first, and after this, I direct it to the cloud or on-premises solutions.
Learn what your peers think about Fortinet FortiWeb Cloud WAF-as-a-Service. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
Fortinet FortiWeb Cloud WAF-as-a-Service provides cloud-based web application protection, ensuring businesses secure their web apps against threats without hardware management, offering dynamic scalability and threat intelligence. Fortinet FortiWeb Cloud WAF-as-a-Service offers an advanced security platform that effectively protects web applications from cyber threats by leveraging comprehensive threat intelligence and efficient traffic management. Its cloud-native architecture facilitates...
When discussing Fortinet FortiWeb Cloud WAF-as-a-Service, I always recommend it. Either I can recommend F5. Most users require security via SSL, so I recommend Fortinet FortiWeb Cloud WAF-as-a-Service because you can get bot security, DOS protection, signature-based technology, and certification. You will receive all Layer 7 security. That is why I recommended Fortinet FortiWeb Cloud WAF-as-a-Service. Whatever publicly accessible applications exist, they should use the WAF solution. People in banking, marketing, and finance are only using the WAF solution. If it is a mid or small company, they do not require a WAF solution because they do not have a public platform and are not publishing that application. For enterprise level, I can recommend a WAF solution or a firewall.
Fortinet FortiWeb Cloud WAF-as-a-Service is deployed for our organization, and we also deploy it for our customers as part of the managed services we provide, so it is being deployed and managed as a service. I work with Fortinet products, including firewalls and WAF services, which are part of what we work with.
Our primary use case is protecting public facing web applications and APIs against OWASP Top 10 threats and automated attacks. Fortinet FortiWeb Cloud WAF-as-a-Service was used to protect a customer facing web application exposed to the internet. It helped detect and block malicious requests such as SQL injection and bot-driven traffic without impacting legitimate users.
Fortinet FortiWeb Cloud WAF-as-a-Service protects our customers' websites, including e-commerce sites, normal websites, and web applications. I can provide a quick example of a customer website where we protect an e-commerce site, especially in Kenya where WAFs are mostly used in banks to meet the PCI DSS standard. The service blocks attacks like cross-site scripting and DDoS, as well as all website-related attacks. Fortinet FortiWeb Cloud WAF-as-a-Service helps protect against many attacks related to web applications, including SQL injection and misconfigurations from customers that lead to vulnerabilities like denial of service and attempts to exfiltrate sensitive data, particularly for banks.
We use Fortinet FortiWeb Cloud WAF-as-a-Service situated in front of our web-facing APIs. This includes everything that is customer-facing, business-to-business APIs, and things like that.
I use it for all the applications in my company that need external access. I route the traffic to FortiWeb first, and after this, I direct it to the cloud or on-premises solutions.