Fortinet FortiWeb Reviews

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.

It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product. 

They could improve their support a little bit for faster response time. 

I have been using Fortinet FortiWeb for two years.

It is very stable.

It is very scalable. The web application firewall is protecting the web servers in an organization from outside to inside. It probably has more than 1,000 users.

Their technical support needs a little bit of improvement in terms of faster response time.

The initial setup is very straightforward. It took about 30 to 40 minutes for one web application for default settings. If you want to go with complex settings, then it would probably take three to four days to understand the application backend and everything else.

We used a system integrator. One Admin is more than enough to deploy and maintain it. It is very stable and easy to configure and deploy.

Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor.

Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough.

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. 

We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. 

I would rate Fortinet FortiWeb an eight out of ten.

The features I found valuable were web filtering, reporting, and the dashboards. We use these features for controlling the traffic in our network, mainly for our security. This means that we can have policies there that allow or don't allow certain connections.

I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted. 

I have been using Fortinet FortiWeb for more than ten years.

The only instance where we have had issues with stability was a recent one where the solution was blocking some websites that we did not intend to block and which were even whitelisted in some instances.

Our partners explained that this happened because of an issue with the SSL setup. I'm not sure if they then sorted it out or if they just switched off that functionality.

But for the past 10 years that we've used it, that was the first error or problem that we ran into. Maybe it was just teething problems since we only deployed it end of last year.

My impression is that it's quite scalable because I know they have different sizes. In one of our organizations, we had fewer users, so we're using a smaller one, which was a 60-day or something like that. And then when you are using it for a bigger organization, they also have that type of device for many users.

They'll ask you how many users are going to be governed by this firewall. So when we had fewer users, we got a smaller firewall. And then when we expanded and had many more users, we got a bigger one. It's quite scalable I think.

Their technical support is good. They'll jump onto the occasion. When you submit a log report or you request some support, they quickly respond. I would rate them a ten. Very good.

Positive

Prior to Fortinet, we used Netgear, but this was a long time ago. I think this was 15 years ago.

The initial setup was not straightforward. You need an expert to set it up with you and to configure it for you. I think the more you work with it, the better accustomed you are to it. The initial setup did not take longer than a week.

The deployment was done in a team of three people.

We implemented it with a third party, and they're the ones who always then deploy and implement it for us. The deployment didn't take more than a week.

I would say that the ROI is visible because we are happy with the security it provides.

The pricing is a bit high. It is not a cheap product.

The reason I recommend this product is because it guarantees that your network will be safe if it is set up properly and you fully utilize most of the functions.

Overall, I would rate FortiWeb solution a nine out of 10.

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

I have been using this solution for three months. 

Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

I would rate Fortinet FortiWeb a nine out of ten.

I used FortiWeb, and I was looking if the SIPTNA from Symantec had something to do with the one from Fortinet. I am a consultant and I propose Fortinet products to my customers. I usually recommend FortiWeb for companies that are looking for a WAF.

It's really easier for them to integrate. Sometimes we help them, and once it's integrated, it doesn't have a lot of requirements from their side. They just have to keep the site going with their security assessment. They do not need for us to help them more.

Usually, people want to change, solutions and we recommend that it is easy to use. Even though most products have the same functionality nowadays, FortiWeb is easy to integrate.

Fortinet's technical support is pretty slow, especially when you have quick questions. The support kind of delays itself and sometimes takes more time. That's the only thing that I can think of at the moment.

Fortinet's technical support is pretty slow and kind of delays itself when you have quick questions.

Positive

I was using another solution. I just wanted to research it to see if it had something extra. It was just some research for a project. I just wanted to know if any of them had some qualities that seemed similar to Symantec.

It's true that we are the ones that usually deploy it for our clients. Since we do it for many of them, we think it's really easy. But as for many products, it's really straightforward.

We are the ones that usually deploy it for our clients. Since we do it for many of them, we think it's really easy.

It's better. Yeah, it's really good. It's one of the main points why we offer it. Since we are partners with them, sometimes we offer our customers a lower price.

The clients that we know use both FortiWeb and Symantec. I used FortiWeb, and I was looking if the SIPTNA from Symantec had something to do with the one from Fortinet.

I would recommend FortiWeb for web application security. Most products work the same despite being different solutions.

I'd rate the solution nine out of ten.

The solution's most valuable feature is its security profile. 

The solution could improve its ease of use and add more advanced WAF features in future releases.

I have been working with the product for more than five years. 

I've worked with both F5 and Fortinet and find F5 to be much better. F5 is easier to implement, more compatible with applications, and more robust and stable. Regarding securing applications behind the WAF, F5 generally provides better security.

The solution's implementation is not complex and depends on the number and complexity of customers' applications. 

Fortinet FortiWeb's pricing is reasonable. Its licensing costs are yearly. 

The product has been in the WAF business for a long time. Its maturity cannot be compared to other alternatives. Based on my experience with Fortinet FortiWeb, I'd recommend it in specific cases, especially if you have a limited budget. It can meet basic requirements. However, other vendors have better features and support. I rate the overall product a six out of ten. 

We primarily view the VPN net and use the WAF as our web protection.

The interface is very straightforward and easy to use.

It's stable. 

The support is quite good.

We found the initial setup pretty simple. 

Sometimes, even if you follow the documentation, it doesn't work as expected. 

The solution can be a bit pricey.

I've used the solution for about one year, or maybe a bit more than that.

Sometimes it is not as stable as it could be. We've had some issues. Sometimes the loading will be disrupted for no apparent reason. It might be due to the WAF.

We have not tested the scalability of the product.

We have two people working on the solution right now. 

It's possible that we will scale the solution in the future. There is the potential that we will use it on another project.

We have contacted support for reliability issues, and they have been able to resolve everything within a matter of hours. They are very quick. 

Positive

We previously used F5. F5 needs a bit of a higher skill set. It takes some experience to operate.

The implementation took about two months. It's not so hard to set everything up. It's easier than, for example, F5, to set up.

In terms of maintenance, for WAF, I need about three people to handle various tasks. 

We hired a consultant to assist us during the setup. The consultant helped my people learn the process so we could become self-sufficient. 

We have not seen any ROI at this time. 

The solution is a little expensive. I'd rate it a three out of five in terms of affordability.

I cannot speak to the exact price we pay for the product.

We didn't really look into other options as my boss is pretty well versed in other options. However, we are always looking into comparisons. 

We are using the latest version of the solution.

I'd rate the solution an eight out of ten.

I am using FortiWeb as a web application firewall and as a load balancer for HTTP applications. 

The most valuable feature is ease of use.

It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.

I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device. For example, if I have one device that costs $2,600 USD then it can have two licenses, where it can operate as a load balancer as well as a WAF.

We have been using FortiWeb for three years.

This is a good solution, stability-wise.

FortiWeb is a scalable product and we have about 3,000 users.

That said, we need to purchase a model with more capacity because this is a small one, and our business has expanded in the past three years.

We have been in contact with technical support and we are satisfied with them.

We did not use another similar solution before choosing FortiWeb.

The initial setup is straightforward.

Any FortiWeb deployment needs about two weeks because when it is first implemented, in phase one, machine learning takes place. It is needed because every application needs some customization. FortiWeb needs approximately two weeks to build this profile. After that, an expert will do some fine-tuning on the profile and the appliance will start to work.

During the deployment, we used a system integrator, but after that, we can manage it by ourselves. Our network team has seven people including one technician, one manager, and five administrators.

There are no licensing costs.

In summary, this is a good product and I can recommend it for others.

I would rate this solution an eight out of ten.

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.