Fortinet FortiWeb Reviews

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

It's an expensive solution, although there are no additional costs.

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

We are using FortiWeb for publishing web services and some web applications.

The interface makes it easy to identify vulnerabilities.

The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.

This product is very user-friendly.

The security is very good.

FortiWeb needs to have support for the newest technology being used in web applications. For example, some companies have developed new features using the latest technology, but we are still waiting for Fortinet to support them.

I have been using FortiWeb for between four and five years.

The stability is very good and we're fortunate that we haven't had any issues.

We have had no issues with scalability.

We are in Iran and working under sanctions, which means that we cannot buy new American products and cannot get support. Companies usually buy devices that are second hand, or from a third-party, neither of which have support.

That said, my impression is that the support is good for companies who are eligible to use it.

The initial setup was not complex. Like all Fortinet devices, it is user-friendly.

Due to the situation in Iran with the sanctions, the price of this solution is very expensive.

The only other two web application firewall products that are available in my country are F5 and Imperva.

This is a good product and I strongly recommend it, especially for companies in the banking industry.

I would rate this solution an eight out of ten.

FortiWeb is an application firewall. We deployed it as a web application firewall for our 16-plus web applications. We integrate this with Fortigate and the FortiSandbox, and all the applications we are hosting in the data center.

With the feat of cyber attack, the most important thing we can do is protect the web application. We can protect it from attacks like DDoS. It's helping to maintain our cyber security posture.

The most valuable product feature is the web application firewall. It still includes the inline. Its mode of operation is great. It comes with four modes of operation, reverse proxy, two transplant nodes, and WCCP. One node is there for transplant, just to have one more. Any customer, based on their network of topology and deployment type, can choose it and have an easy deployment. 

The solution has a good sandbox feature.

It is stable.

It can be better with web application firewalls. 

It is already close to the best in class. This product is up to the mark right now. 

I've used the solution for around three years. 

This is a stable, reliable solution. There are no bugs or glitches. It doesn't crash or freeze. 

Capacity-wise, since there is hardware involved, it cannot scale too much. There are some technical limitations.

We have around 2,000 users right now. 

We do not have plans to increase usage in the future.

We did not previously use a different solution. 

How easy or difficult the implementation is depends on the deployment type. It is very easy if you employ reverse proxy. However, it can be a little complex depending on what you need to do. 

There was a team that helped deploy the solution, however, for maintenance, you only need one network security engineer.

We used a third party to assist us with the setup.

We have witnessed an ROI. I'd rate the level of ROI we've seen a four out of five as it helps mitigate cyber attacks.

I'd rate the pricing at a four out of five in terms of affordability.

I'm exploring two or three products right now. We did not evaluate anything before choosing this product.

I highly recommend that any web application firewall be deployed in the IT infrastructure where companies host web applications. It should be there. Whatever you choose should integrate with a third-party load balancer.

I'd rate the solution a ten out of ten.

The support services, performance, and pricing are all valuable features. The performance is excellent.

The initial setup process could be improved.

I've been working with this solution for two years.

It is deployed both on-premises and on the cloud.

In general, we have small projects, so the scalability has been fine for our clients.

As for users, we have, in general, 50 to 100 clients.

My colleagues at the network operations center have contacted technical support. I would rate technical support at eight on a scale from one to ten.

Positive

We sell and work with several options, but we feel comfortable with Fortinet FortiWeb because the performance and feedback are great.

In general, the initial setup is easy, and I would rate it at four out of five.

I deployed it myself.

There's only one payment for the duration of the license. On a scale from one to five, I would rate pricing at four.

I have not encountered any additional costs on my projects involving Fortinet FortiWeb.

I sell or presell, and in general, the feedback is great. In fact, I think that Fortinet FortiWeb is number one in terms of performance.

We use the solution for the office in Oracle.

Fortinet FortiWeb is priced well.

The product’s stability could be improved.

I have been using Fortinet FortiWeb for one year. We are using the latest version of the solution.

The product’s stability is normal. I rate it six out of ten.

The solution is scalable.

The initial setup depends on technical knowledge.

The solution is cheaper compared with other solutions. It has a yearly license.

Overall, I rate the solution a seven out of ten.

The version we are using is not old, but neither is it up to date. 

We implement FortiWeb to block incoming attacks to our network and web applications.

We use complex authentication rules and forms, in addition to the solution, for protection. We also do caching with static websites and compression. 

I would say that machine learning is the most valuable upgrade from 5.8, both before and after 5.9.

The documentation for the machine learning could be better. They do not provide proper documentation explaining how the solution works or how to configure it. A good, valid KB article would be helpful. 

It is difficult to configure the machine learning and get it up and running. We put in a week of learning mode and then place it in our production. The machine and data learning is a pain point. I work with different clients. The machine-learning algorithm doesn't learn all the URL patterns. 

It would be nice to see certain software changes in order to add some kind of betterment with machine learning.

As a hardware device, the solution is very stable. This is true when compared with other web application firewalls. 

Hardware is not very shareable, as increasing capacity would require the use of a different one. But there is good scalability when it comes to WAF, SaaS and cloud solutions. The CPU cores and RAM memory capacity can always stand improvement.

From the time a ticket is created, technical support takes a while to respond, especially when compared with Cisco. In this area it is not so great. 

The deployment was very easy. Since it concerns hardware, one only need plug in the firewall and bring it up by connecting the device. It is pretty easy and not time consuming. The deployment takes, perhaps, one hour. But, the configuration and machine learning are important. 

The license can be renewed on an annual or tri-annual basis. The price is competitive. 

The solution protects a web server with more than 1,000 users making use of the solution. 

The solution is good. It has a preferable price, stability and security, all which recommend it to other users. My only issue is with the machine learning. 

I rate Fortinet FortiWeb as an eight out of ten. 

The most valuable feature of Fortinet FortiWeb is the reports and the AI-based features.

Fortinet FortiWeb could improve data integration.

I have been using Fortinet FortiWeb for approximately six months.

Fortinet FortiWeb is a stable solution.

The Fortinet FortiWeb is scalable.

We have three administrators using the solution and more than 300 end users using it.

The support from Fortinet FortiWeb is good, but they could improve their response time.

Positive

We did not use another solution prior to Fortinet FortiWeb.

In the initial setup of Fortinet FortiWeb, we wanted to deploy it with WCCP mode, but we cannot do it because of the limitation with our Cisco ASA firewalls. It's difficult to integrate with FortiWeb. It is difficult to integrate Fortinet FortiWeb with other vendors other than Fortinet solutions. We cannot integrate it into our existing Cisco Firewall environment. We had to change the system to true transparent deployment mode.

The price of Fortinet FortiWeb is expensive in our Ethiopian currency.

I rate Fortinet FortiWeb a nine out of ten.

Fortinet FortiWeb was used to support mobile applications.

The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration.

Fortinet FortiWeb could improve in reference architecture for different deployment scenarios.

I have been using Fortinet FortiWeb for approximately three years.

Fortinet FortiWeb is stable.

The technical support from Fortinet FortiWeb is excellent.

I have used many other solutions and I formally recommend NGINX. The challenge I have with NGINX is handing over the project to the end customer. The skillsets for managing NGINX as a WAF are a lot. This is what was drawing me towards F5. I wanted something that is seamless from end-to-end, for the customer.

The advantages of NGINX are that it's community-based, and you can get it anytime. Fortinet FortiWeb you have to go through a channel, there's an initial acquisition, and then the annual support which are things that we don't have to consider when we're dealing with NGINX.

The initial setup of Fortinet FortiWeb was easy. The full implementation took approximately one week.

The price of Fortinet FortiWeb depends from customer to customer because some customers are considering using other solutions, such as Imperva. The price of Fortinet FortiWeb sits well for the middle-sized customers that we deal with.

The price is based on our partner model, we are able to negotiate a good discount on GPR because we're also selling the firewall appliance.

I rate Fortinet FortiWeb a seven out of ten.