Fortinet FortiWeb Reviews

We are using Fortinet FortiWeb to deliver service to our customers.

The valuable feature of Fortinet FortiWeb vulnerability scanner.

I have been using Fortinet FortiWeb for approximately 14 years.

The Fortinet FortiWeb is very stable.

We did not have any problems with the scalability of Fortinet FortiWeb.

We have the development and network teams using the solution. It is approximately seven people in total.

I did not use the support from Fortinet FortiWeb.

The initial setup We Fortinet FortiWeb is straightforward. The full process of the deployment took approximately two weeks to 16 days.

Most of the deployment is done by our development team because they have some parameters that match the configuration. However, when we initially did the deployment we used a consultant company.

The license to use Fortinet FortiWeb is approximately $14,000.

I rate the price of Fortinet FortiWeb a four out of five.

The solution does not require a lot of maintenance.

I would recommend this solution to others. If someone wants to use the internet with an application website or any other internet application, content filtering is very useful to filter all the requests that are coming to the server so that no one can hack or harm the system.

I rate Fortinet FortiWeb a nine out of ten.

We use the solution to protect the various services of our site, E-commerce, file service, and download service.

The most important feature of this solution is protection from an attack.

The maintenance fee for this product could be improved and it needs to be easier to scale up. 

I have been using the solution for four to five years. 

Stability is very important and yes, the product is stable.

The solution is not very scalable, to scale up would require another deployment with a new appliance and a change to the network.

I would say technical support is good for this solution.

Setup for this solution is easy, with one being easy and five being hard I would rate it a two out of five. Deployment took a few days. 

We have between 100 and 200 users of the solution in our company. 

I would rate the solution a six out of ten. 

In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

• 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
• Easy integration with various Fortinet products such as FortiSandbox for APT detection.
• ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

• Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
• Rule creation and fine tuning are easy, as compared to its competitors.
• Product has provided adequate assurance to organization’s PCI DSS program.

Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

It’s been almost one year since we started using this solution.

The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

FortiWeb provides a wide variety of deployment options such as

• Reverse proxy
• Inline transparent
• True transparent proxy
• Offline sniffing
• WCCP (Web Cache Communication Protocol)

Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.

Generally, we are using it to protect our internet-facing web applications. So if there are any security vulnerabilities in our applications, the solution can provide protection.

It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs.

They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary. 

The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.

I have been using FortiWeb for three years.

I think it's quite reliable so long as it's configured. 

As long as we accurately scale our requirements from the start, I think the solution is quite scalable and quite easy to scale up later on.

They are quite helpful. But I think because our department is quite stable and configured correctly, we are rarely using the support. Everything works perfectly.

I think it's quite complex because we need to know how the application works.  

We are using local support to configure the solutions for us. We also purchase local maintenance and support on top of the routine product support and updates. Because it is a
very specialized product, we need a very skillful person with expertise in the product to configure the solution for us.

In a high availability cluster configuration, where the primary FortiGate is working and the secondary is a backup, Fortinet requires us to buy two licenses instead of one whether we are actually using it or not. With other products, you only purchase one license because we only use one license per instance.

You need to accurately calculate the requirements of your infrastructure before implementing FortiWeb or any other web application firewall. Accuracy is very critical when scaling the product or the model that will be deployed on your infrastructure. 

I would rate FortiWeb an eight out of ten.

Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself.

SSL Offloading, as it simplifies the public certificate handling and brings additional protection features. 

Also, L-7 protection, as it makes possible to protect legacy/not up-to-date servers/applications without changing the application code.

• Centralized management of multiple devices, and GUI improvement, could reduce the learning curve. 
• The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions. 
• Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration.

No issues with stability.

No issues with scalability. (Actually, our traffic usually does not reach 50% of unit capacity).

Good. Usually takes one day to get over all the assessment procedures to start to handle the issue.

The previous vendor discontinued its product.

A little bit complex, as understanding the GUI arrangement and terms took more time and effort than we expected.

Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes.

We acquired a Fortinet-based project, so we didn’t evaluate other ones.

I rate it eight out of 10. I understand that a 10 is for products that not only execute smoothly but are also easy to use and manage, even when used on a multi-site corporation.

Take at least the Fortinet online course, or make sure that your reseller has experienced professionals.

• It supports OWASP top 10.
  As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:

1. Create first the objects needed.
2. Assemble the policy.

• The GUI interface is intuitive. I have never needed to use the CLI
• It has good reports.It is easy to manage.

The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

This is a false positive. If the signature was more complex, that would not occur.

I have been using it for four years.

I have not encountered any stability issues, but it always consumes a lot of memory.

Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

Price and licensing is fine; it is one of the cheapest solutions and does its job.

We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

It has a good quality/price relationship. The web vulnerability scan module is useless.

The primary use case of this solution is for security, on the periphery for the VPN.

It is easy to install and to maintain.

We are considering an upgrade to our firewall because our current version is not compatible with our FortiAnalyzer. As there is an incompatibility, we have been advised by Fortinet that an upgrade is necessary to avoid issues.

We believe this product will become obsolete.

It needs to better integrate with other platforms.

In terms of performance, it needs to be more robust. During the lockdown, we are connecting to a VPN and the connection should be faster, there should be RAM or more hardware. Also, it should include security features.

I have been using Fortinet FortiWeb for two years.

This solution is stable and w have had no issues with its stability.

It's a scalable product and we have plans to use it in the future.

We have approximately 1000 users in our organization.

We are satisfied with technical support, we have not had any issues.

The initial setup was straightforward, it was easy.

There were no issues and it was deployed in six months.

We have a team of 20 providing the IT infrastructure, including switching, firewalls, and maintenance.

We have been using Fortinet for four years and internally we are using Cisco.

We would certainly recommend this product.

I would rate this solution a nine out of ten.

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS. 

When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up.

The most valuable features are the access policies and how Fortinet gets the compilation done is really good.

I would like to have an antivirus option. 

Stability is very good. 

We haven't had any issues with scalability. You can scale up easily. 

Their technical support is good. 

We previously used Cisco. We switched because all they are is a brand name. It was a failure. We gave it a year to improve the product and it didn't so we switched. 

The initial setup was straightforward. The deployment didn't take much time. The support guys were really good. The transition from Cisco to Fortinet was a bit challenging but they had tools to make it easier. 

We require three staff for the deployment and maintenance. 

We are the resellers. 

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue.