Fortinet Managed Rules for AWS WAF are very effective, but areas for improvement include better visibility into rule logic, deeper API schema validation, and advanced bot management features. For example, legitimate API payloads can be blocked due to generic pattern matching without clear logs indicating the trigger, and there is a need for more advanced capabilities in bot detection, such as device fingerprinting.
Fortinet Managed Rules for AWS WAF could be improved by providing more granular visibility and tuning capabilities while still keeping the managed nature of the service. Simplifying rule customization and offering clearer insights into why certain rules trigger would help reduce the effort required to fine‑tune policies for complex applications. Additional enhancements around analytics and reporting — such as faster access to traffic insights and clearer threat context — would further improve operational efficiency and help teams respond more quickly to security events.
Fortinet Managed Rules for AWS WAF has a very complex configuration. It has a dependency on its license for IPS signatures and web filtering, and it is resource-intensive with large requirements in very large network environments. Managing multiple firewalls, log storage, and analytics can be challenging. There are also upgrade issues and very limited third-party integrations. The price is very high. The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it. Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.
The basic functionality of protecting against OWASP Top 10 vulnerabilities is standard for any WAF solution; however, I am concerned about Fortinet's effectiveness with modern web applications since it protects not only monolithic applications but also Kubernetes applications. My core concern regarding the product lies in the reporting functions, where I face limitations, particularly tenant-wise. I cannot generate individual reports for multiple tenants.
Learn what your peers think about Fortinet Managed Rules for AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
Fortinet Managed Rules for AWS WAF enhances security by offering pre-configured firewall rules designed to protect AWS applications from common exploits and vulnerabilities.Fortinet Managed Rules for AWS WAF offers advanced threat protection specifically tailored for the AWS environment. It seamlessly integrates with AWS WAF, providing security teams with a comprehensive solution to defend against sophisticated attacks without extensive configurations. The rules continually update to tackle...
Fortinet Managed Rules for AWS WAF are very effective, but areas for improvement include better visibility into rule logic, deeper API schema validation, and advanced bot management features. For example, legitimate API payloads can be blocked due to generic pattern matching without clear logs indicating the trigger, and there is a need for more advanced capabilities in bot detection, such as device fingerprinting.
Fortinet Managed Rules for AWS WAF could be improved by providing more granular visibility and tuning capabilities while still keeping the managed nature of the service. Simplifying rule customization and offering clearer insights into why certain rules trigger would help reduce the effort required to fine‑tune policies for complex applications. Additional enhancements around analytics and reporting — such as faster access to traffic insights and clearer threat context — would further improve operational efficiency and help teams respond more quickly to security events.
Fortinet Managed Rules for AWS WAF has a very complex configuration. It has a dependency on its license for IPS signatures and web filtering, and it is resource-intensive with large requirements in very large network environments. Managing multiple firewalls, log storage, and analytics can be challenging. There are also upgrade issues and very limited third-party integrations. The price is very high. The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it. Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.
The basic functionality of protecting against OWASP Top 10 vulnerabilities is standard for any WAF solution; however, I am concerned about Fortinet's effectiveness with modern web applications since it protects not only monolithic applications but also Kubernetes applications. My core concern regarding the product lies in the reporting functions, where I face limitations, particularly tenant-wise. I cannot generate individual reports for multiple tenants.