Security Team Lead at a outsourcing company with 1,001-5,000 employees
Reseller
Top 5
Nov 20, 2025
Fortinet can improve their technical support, especially the response time. There appears to be an issue with their SLA. When a customer opens a ticket, it is picked up within one or two hours. However, after the customer submits a specific question and requests troubleshooting help from Fortinet support, it takes at least three to five days to provide a proper answer. The response time from the support team is an area that requires improvement.
There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firmware versions and releasing them before checking, which leads to many bugs in these versions. The reason for not giving Fortinet FortiWeb an eight is because every 45 to 60 days, they are releasing a patch. Without checking these patches, users face many issues, which are called bugs, and some policies will not work.
Their AI technology is good. Overall, Fortinet is only good. The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now. If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place. The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats. There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.
There are some issues pertaining to the migration. If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall. There is some integration work required to do that.
For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.
Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.
Senior Vice President Operations at Alackrity Consols
Real User
Top 10
Jul 16, 2024
FortiWeb could have an inbound load balancing pack. Currently, they don't have it, but they have the print product for that. It'll be better if they have it on the same product.
We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.
The price could be close to Imperva; Imperva is the number one firewall. FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that. I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.
Head - System and Network Admin at Reliance Producers Cooperative
Real User
Top 5
Jan 4, 2024
There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.
Network Security Engineer at a computer software company with 5,001-10,000 employees
Real User
Dec 18, 2023
There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support. In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.
Network & Security Engineer at a tech services company with 51-200 employees
Real User
Nov 24, 2023
FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.
Senior Security Consultant at a retailer with 10,001+ employees
Consultant
Oct 18, 2023
Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.
WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks. I hope the next release includes integration with the vulnerability scanner, a great feature of FortiWeb. If customers have vulnerability scanners, they can export the scan's result and post it to FortiWeb to patch completely.
Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.
Fortinet FortiWeb is an automatic,...
Fortinet can improve their technical support, especially the response time. There appears to be an issue with their SLA. When a customer opens a ticket, it is picked up within one or two hours. However, after the customer submits a specific question and requests troubleshooting help from Fortinet support, it takes at least three to five days to provide a proper answer. The response time from the support team is an area that requires improvement.
There is room for improvement in Fortinet FortiWeb. The team was only from FortiGate itself. They are making new firmware versions and releasing them before checking, which leads to many bugs in these versions. The reason for not giving Fortinet FortiWeb an eight is because every 45 to 60 days, they are releasing a patch. Without checking these patches, users face many issues, which are called bugs, and some policies will not work.
Their AI technology is good. Overall, Fortinet is only good. The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now. If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place. The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats. There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.
There are some issues pertaining to the migration. If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall. There is some integration work required to do that.
For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.
Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.
The tool's price and performance are areas of concern where improvements are required.
FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well.
FortiWeb could have an inbound load balancing pack. Currently, they don't have it, but they have the print product for that. It'll be better if they have it on the same product.
We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.
The price could be close to Imperva; Imperva is the number one firewall. FortiWeb cannot do some kind of ADC solution, like load balancing. I hope they improve that. I'm looking for the ADC solution, the load balancing solution. Because application firewalls with multiple line solutions do come with it. So, I think it should be integrated within FortiWeb WAF.
It would be good if the solution integrated with other solutions, like SAP.
We have encountered issues with webhooks and management of FortiWeb Web Application Firewall's on-premise version.
There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.
There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support. In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.
FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.
Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.
The user interface can be improved. Also, there are authentication failures that need improvement in the next release.
WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks. I hope the next release includes integration with the vulnerability scanner, a great feature of FortiWeb. If customers have vulnerability scanners, they can export the scan's result and post it to FortiWeb to patch completely.
FortiWeb Web Application Firewall's signature database updates could be improved.