Fortinet FortiWeb Reviews

The solution helps us to block certain applications and websites.

The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security. 

FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security.             

We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.

I have been using FortiWeb Web Application Firewall of the past two years.

We have encountered some issues with the stability and would rate it an eight out of ten.

I would rate the scalability an eight out of ten.

The customer services is good but sometimes they are unresponsive.

Before FortiWeb and Fortinet, we used to work with Sophos. We switched to Fortinet mainly due to better support and the availability of distributors in our country. In South Africa, Sophos lacked sufficient support and the resolution times for queries were often prolonged. With more vendors and better support, Fortinet has proven to be a more reliable choice.

The deployment process of FortiWeb Web Application Firewall was easy. It took half an hour to be deployed.

FortiWeb Web Application Firewall has definitely helped with notifications of potential threats and vulnerabilities. It has impacted our operational costs by reducing them by 20%. This is mainly due to savings on bandwidth and infrastructure costs, as well as improved efficiency in handling potential threats.

I would rate the pricing a four out of ten.

FortiWeb should include log retention for 90 or 180 days built into the product, without requiring an additional license. Having to buy extra licenses for longer log retention is problematic and adds to the cost.

I would recommend FortiWeb to other users.

Overall, I would rate FortiWeb an eight out of ten. 

The solution's integration with other products is easy. Its most valuable feature is the antivirus engine.  The tool helps us comply with GDPR and KVKK standards. 

FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well. 

I have been working with the product for five years. 

I rate the solution's pricing a ten out of ten. 

My company has 50 users. 

The solution's support is very good. 

I use Palo Alto and Symantec products simultaneously. We chose FortiWeb WAF because of its pricing and easy implementation. 

The solution's deployment is easy and takes ten days to complete. We have two resources involved in its maintenance. 

The solution is cost-effective since it is cheaper than other alternatives. Also, the false positive rates are low. 

I rate the tool's pricing an eight out of ten. 

I rate the overall product a nine out of ten. 

We're using the Fortinet FortiWeb firewall to front-end the production and test applications we run on Azure. We're an Azure environment, and it front-ends those applications.

We currently aren't using any of the advanced features.

Fortinet FortiWeb has given us a more cost-effective security solution. Because it's a software-as-a-service or infrastructure type of platform, we've been able to replace our dedicated hardware platforms. It has given us more flexibility to be able to utilize it as a service.

It has minimized the number of technical resources and the amount of time that we've had to dedicate to setting up and managing the front-end firewall capability. From that standpoint, it has saved us time. I don't know exactly how machine learning is attached to that, but if that had anything to do with the simplification and the ability to give us the information we need reporting-wise, then it has helped us with that.

It has allowed us to not spend as many resources on trying to manage the setups that we used to have to do in the past on the security side. It has taken care of that, so at a higher level, we can manage and configure that. It has reduced some of the time that the staff spent on that, but it's hard to measure the time saved.

Some of the threat detection analytics and the filtering capabilities they give us for filtering a certain type of information that we don't want coming into the site are its valuable features. The analytics are pretty good in terms of being able to see what threats have been detected and mitigated, where they're coming from, and things like that. That has allowed us to do some additional filtering because by looking at threats, we can apply additional filters and try to minimize some of them.

Fortinet FortiWeb works well for what we do and what we use it for. It's fairly easy to use, easy to set up, and easy to monitor. It's easy to configure, monitor, and manage.

Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up. It sometimes takes a little bit of research to dig into figuring out exactly what it is. More examples would be helpful on what they have. The information sometimes doesn't relate directly to the state of the product at the time, so examples would be helpful.

We've been using this solution for a little over a year.

It has been very good. In the time we've had it, we've had only one issue when they had some sort of outage for themselves that affected us. That was the only one that I've encountered so far.

We haven't done a lot on scaling, but just from configuring the product and looking at it, it appears to be fairly good at scaling. It appears to be fairly or moderately simple to set up for scaling, but we haven't done a lot of scaling with it yet.

It's an in-house hosted web application environment that we utilize. We probably have around 500 to 1,000 people using it. We use it within our company environment. We've anywhere from 500 to 1,000 people depending on the customers that we have linked into it. 

I've contacted their tech support. For the times that I contacted them, they were very helpful. I'd rate them seven out of ten.

Neutral

We did have some specific hardware firewall solutions that were in place at data centers. When we went to the cloud for our applications, we wanted to move to a cloud-based front-end firewall infrastructure. We didn't want to be managing the hardware at locations. 

It was fairly straightforward. It was fairly easy to implement, but the documentation with some examples might have made it simpler. Overall, it was fairly easy to get the initial implementation in place and get things worked out.

We did it all in-house. We had probably three people for its implementation.

It requires minimal maintenance. We probably have two people involved in the maintenance.

We have seen an ROI. The previous hardware solutions we had were fairly expensive. They had a higher cost of maintenance and actual manual support because we had to support the infrastructure and we had to support the product itself. By FortiWeb providing us with a service solution that does that, we're not managing hardware. We're not investing in the hardware upfront, and we're not providing the labor to maintain and install that particular part of it. The only thing we focus on now is the setup and then the constant monitoring of what goes on and any actions we need to take as we move forward. It has helped us in that sense because we don't have the ongoing hardware licensing and hardware infrastructure that we have to mess with. So, it has definitely been a more cost-effective solution.

So far, I have been pretty pleased with the way it's priced and licensed. The way it's done makes it easy, especially for an organization like us, so I've been pleased with the way it's priced and licensed right now.

We didn't evaluate any cloud-based products. We've used Cisco products and Meraki products in the past, but they all were hardware products. When we were looking for a software solution, I had gotten a recommendation for the product from another person I worked with in the past. That person was using it and mentioned to me that I should give it a try. That's how I got into it. It was through a referral. Once I got it and tested it, it seemed like a pretty good product for what we needed, so that's how we went with it.

Fortinet FortiWeb seems to have worked well for blocking unknown threats and attacks. It hasn't necessarily helped us streamline anything, but it has simplified how we provide the front-end firewall capability.

It has reduced false positives to some degree. It tries to identify those to tell us what are the different threats, but it's hard to provide metrics without measuring what false positives might have been there. However, I do know that the reporting that it gives can identify that.

Similarly, I don't know if it has reduced the number of alerts. However, I do know that it has allowed us to categorize and understand what types of threats we get. From the threat alerts, we get to know whether they're alerts we should be concerned about or whether they're just alerts notifying us that those are things that have come in that it has taken care of. So, I don't know if it has really reduced them as much as it has helped us to understand what they are and be able to focus more on if there are alerts that we need to take action on and investigate, or whether they're alerts for things that have been taken care of and we don't necessarily have to spend any time on.

Overall, I'd rate Fortinet FortiWeb an eight out of ten for what it does.

Our company uses the solution to protect websites from SQL injection and excessive attacks on Layer 7. 

We have 500 users throughout our company. 

The solution is very easy to use with little instruction. 

The anti-defacement feature is very useful because it looks for web changes over time to protect pages. 

A better load balancer is needed when multiple servers are used for the same website. 

A dynamic routing protocol needs to be included with the next release. 

The solution does not handle batch migration as well as F5 Advanced WAF. 

I have been using the solution for five years and serve as an instructor.

The version we use is stable and reliable with no issues. 

It has been reported that the latest version has some stability issues. 

The solution is scalable. 

Scalability always depends on usability. For example, using the solution for an industrial company that has an internal product is very different than using the solution for a bank that has 10,000 internal users and 1 million customers. 

I score scalability an eight for the solution, a nine for F5 Advanced WAF, and a ten for Avi Networks. 

Technical support has been great and has a vast knowledge base with quick response times. 

The initial setup is very easy. 

Initial configurations take a maximum of four hours. 

The solution was implemented in-house. 

The solution is very inexpensive when compared to F5 Advanced WAF and Avi Networks but offers the same benefits. 

Our one-year license is $24,000 Canadian and includes all users. We are very satisfied with the solution's licensing strategy. 

F5 Advanced WAF includes more features and scalability than the solution but is very expensive. With an unlimited budget, F5 is the better choice.

The solution includes many of F5's features but is inexpensive. 

It is important as part of your regular process to update any tools including the solution. Versions are built in other countries so it is a good idea to ensure you are using the latest, gold-standard version for your area. For example, check for direct internet access, review active directory authentications, and configure users, servers, and certificates. 

The solution is super easy to use, is inexpensive, and includes great technical support. 

FortiWeb is used for web application protection. It protects a web application against attacks targeting their web applications, such as cross-site scripting, SQL injection, and other common application-specific attacks.

FortiWeb allows the organization to operate efficiently without any downtime or serious security breach.

FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications. It also has a very low rate of false positives and incorporates other FortiGuard capabilities, such as detection of botnet traffic.

For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.

I have been working with FortiWeb for approximately four years, maybe more.

FortiWeb has proven to be very stable and does not introduce latency in the network.

The product can scale according to the organization's traffic and architecture. It is available as a virtual appliance and a hardware appliance.

Fortinet provides very good support, which I would rate as eight out of ten.

Positive

At the moment, we are only working with Fortinet and not with other web application firewalls.

Someone without prior experience with the product might find it challenging to deploy. However, Fortinet provides good online training to assist administrators.

The total cost of ownership should be calculated based on the actual protection it offers to the application. Deploying FortiWeb can save 20% to 30% of resources within the organization.

FortiWeb uses a subscription-based license, but there is also an option for a perpetual license. It's not the cheapest solution. That said, it is worth the investment.

I have experience with other web application products.

I'd rate the solution nine out of ten.

I use the solution for some of my company's clients who want to protect their websites from malware and adware attacks.

From a benefit perspective, FortiWeb Web Application Firewall (WAF) protects the customers’ websites, which are used to communicate with the audience or clients.

I am not sure about what I like in the solution because I think most of the customers ask for the product whenever they want a WAF tool for any of their projects. After our company had a discussion with one of our local teams, we sold it by providing the features of the FortiWeb Web Application Firewall (WAF) that our customers like, as we mostly follow the customer requirements. Our company sells FortiWeb Web Application Firewall (WAF) if it meets our customers' requirements.

To deal with zero-day attacks, FortiWeb Web Application Firewall (WAF) needs to expand and update its database since it is one of the areas where the tool currently lacks. In short, FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database.

In FortiWeb Web Application Firewall (WAF), there is a substantial amount of improvement required in the scalability area.

I have been using FortiWeb Web Application Firewall (WAF) for less than a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a five out of ten.

My company only has two customers who use FortiWeb Web Application Firewall (WAF). My company wants to sell the tool to medium and large-sized businesses with 500 or more users.

The solution is deployed on an on-premises model.

Sometimes, the product's deployment takes over one or two days because customers need to check their requirements and then may want some features. In general, it takes a minimum of two or three days to deploy the product.

Compared to the other products in the market, FortiWeb Web Application Firewall (WAF) is a reasonably priced product, but sometimes people may consider it a bit expensive. I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price.

The product is easy to configure.

I have a separate team of three engineers in the company to manage FortiWeb Web Application Firewall (WAF).

Based on my experience and the comments from our company's customers who use the solution, I can say that FortiWeb Web Application Firewall (WAF) is a good product. Our company's customers who use the solution like it since they have been using it for about a year without any bad opinions or comments about it.

Feature-wise, FortiWeb Web Application Firewall (WAF) needs to add more functionalities. Some of the customers who use it want it to have more features, but we cannot find any in the tool presently. I can say what kind of features are required right now in the product. One customer who may want 20 features in the tool may get only 15 features that comply with the customer's requirements.

I rate the overall tool a six out of ten.

My main use case is for security and routing.

It is good for web tracking applications.  

There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.

I've been using it for a long time. It has been more than three years now. 

Stability is guaranteed stability. I'm okay with stability. I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten. 

I am okay with the support. The support's subscription is high. 

Positive

pfSense is open-source and free, while FortiWeb is subscription-based. Both are manageable, but FortiWeb's features scale up connections per second, depending on the payment plan. 

I would rate my experience with the initial setup a nine out of ten, where one is difficult, and ten is easy.

It took us two days to set up.

I deployed it myself.  I just got a reference from the old system, and I configured it.

I would rate the pricing a seven out of ten, where one is cheap and ten is expensive. 

Overall, I would rate it a solid eight out of ten.  

The product has some unique features. The machine learning feature reduces the false positives. The tool detects zero-day attacks. It has an in-built antivirus, which most WAF tools do not have.

Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.

I have been using the solution for almost six years.

The technical support is fine. The support team gives delayed responses if there is a complex issue.

Neutral

I have worked with F5 Advanced WAF. It is a robust product and is suitable for complex environments. It is flexible. However, it depends on other solutions for inbuilt security and packet inspection.

The initial setup is easy. It requires less intervention.

I recommend the product to others. Overall, I rate the solution an eight out of ten.