Fortinet FortiWeb Reviews

Generally, we are using it to protect our internet-facing web applications. So if there are any security vulnerabilities in our applications, the solution can provide protection.

It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs.

They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary. 

The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.

I have been using FortiWeb for three years.

I think it's quite reliable so long as it's configured. 

As long as we accurately scale our requirements from the start, I think the solution is quite scalable and quite easy to scale up later on.

They are quite helpful. But I think because our department is quite stable and configured correctly, we are rarely using the support. Everything works perfectly.

I think it's quite complex because we need to know how the application works.  

We are using local support to configure the solutions for us. We also purchase local maintenance and support on top of the routine product support and updates. Because it is a
very specialized product, we need a very skillful person with expertise in the product to configure the solution for us.

In a high availability cluster configuration, where the primary FortiGate is working and the secondary is a backup, Fortinet requires us to buy two licenses instead of one whether we are actually using it or not. With other products, you only purchase one license because we only use one license per instance.

You need to accurately calculate the requirements of your infrastructure before implementing FortiWeb or any other web application firewall. Accuracy is very critical when scaling the product or the model that will be deployed on your infrastructure. 

I would rate FortiWeb an eight out of ten.

The version we are using is not old, but neither is it up to date. 

We implement FortiWeb to block incoming attacks to our network and web applications.

We use complex authentication rules and forms, in addition to the solution, for protection. We also do caching with static websites and compression. 

I would say that machine learning is the most valuable upgrade from 5.8, both before and after 5.9.

The documentation for the machine learning could be better. They do not provide proper documentation explaining how the solution works or how to configure it. A good, valid KB article would be helpful. 

It is difficult to configure the machine learning and get it up and running. We put in a week of learning mode and then place it in our production. The machine and data learning is a pain point. I work with different clients. The machine-learning algorithm doesn't learn all the URL patterns. 

It would be nice to see certain software changes in order to add some kind of betterment with machine learning.

As a hardware device, the solution is very stable. This is true when compared with other web application firewalls. 

Hardware is not very shareable, as increasing capacity would require the use of a different one. But there is good scalability when it comes to WAF, SaaS and cloud solutions. The CPU cores and RAM memory capacity can always stand improvement.

From the time a ticket is created, technical support takes a while to respond, especially when compared with Cisco. In this area it is not so great. 

The deployment was very easy. Since it concerns hardware, one only need plug in the firewall and bring it up by connecting the device. It is pretty easy and not time consuming. The deployment takes, perhaps, one hour. But, the configuration and machine learning are important. 

The license can be renewed on an annual or tri-annual basis. The price is competitive. 

The solution protects a web server with more than 1,000 users making use of the solution. 

The solution is good. It has a preferable price, stability and security, all which recommend it to other users. My only issue is with the machine learning. 

I rate Fortinet FortiWeb as an eight out of ten. 

We are primarily using the solution for our security applications as well as email and internet protection.

The product is very easy to use.

We find that it is quite stable and reliable. 

The solution can scale quite well.

The installation process is very simple. 

The technical support on offer is helpful.

The solution could offer more integration opportunities. 

We started using the solution about five or so years ago. It's been a while at this point. 

The stability has been good over the years. It does not crash or freeze. There are no bugs or glitches. The performance is reliable. 

The product does scale well. If a company needs to expand it, it can do so.

Some of our clients have over a hundred users. Others only have 50. the size of the setups varies. 

We've had a good experience with technical support. They are helpful and responsive. We're quite satisfied with the level of service they provide. 

We also currently use Cisco for some security and protection.

We found the initial setup to be easy. It's straightforward. It's not complex or difficult at all. A company shouldn't have any issues with the setup at all.

The installation and deployment process is fast. It doesn't take more than a day.

We have two engineers on staff that can handle deployment and maintenance. 

We have a team in-house that can manage it. We don't need the assistance of outside integrators or consultants. 

We have a yearly subscription that we renew annually.

We're using the latest version of the solution. I cannot speak to the exact version number, as I don't have it on hand. 

We're a company that helps implement this product for clients. 

At this time, I'd rate the product at an eight out of ten. We've largely been very satisfied with its capabilities. 

I'd recommend the product to other users and companies. 

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries. 

It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. 

It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.

When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.

I have been using this solution for three months. 

Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.

It is flexible and scalable. We have about 400 employees, and all of them are using this solution. 

We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.

We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.

We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.

I would rate Fortinet FortiWeb a nine out of ten.

I am using FortiWeb as a web application firewall and as a load balancer for HTTP applications. 

The most valuable feature is ease of use.

It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.

I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device. For example, if I have one device that costs $2,600 USD then it can have two licenses, where it can operate as a load balancer as well as a WAF.

We have been using FortiWeb for three years.

This is a good solution, stability-wise.

FortiWeb is a scalable product and we have about 3,000 users.

That said, we need to purchase a model with more capacity because this is a small one, and our business has expanded in the past three years.

We have been in contact with technical support and we are satisfied with them.

We did not use another similar solution before choosing FortiWeb.

The initial setup is straightforward.

Any FortiWeb deployment needs about two weeks because when it is first implemented, in phase one, machine learning takes place. It is needed because every application needs some customization. FortiWeb needs approximately two weeks to build this profile. After that, an expert will do some fine-tuning on the profile and the appliance will start to work.

During the deployment, we used a system integrator, but after that, we can manage it by ourselves. Our network team has seven people including one technician, one manager, and five administrators.

There are no licensing costs.

In summary, this is a good product and I can recommend it for others.

I would rate this solution an eight out of ten.

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features.

It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product. 

They could improve their support a little bit for faster response time. 

I have been using Fortinet FortiWeb for two years.

It is very stable.

It is very scalable. The web application firewall is protecting the web servers in an organization from outside to inside. It probably has more than 1,000 users.

Their technical support needs a little bit of improvement in terms of faster response time.

The initial setup is very straightforward. It took about 30 to 40 minutes for one web application for default settings. If you want to go with complex settings, then it would probably take three to four days to understand the application backend and everything else.

We used a system integrator. One Admin is more than enough to deploy and maintain it. It is very stable and easy to configure and deploy.

Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor.

Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough.

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. 

We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. 

I would rate Fortinet FortiWeb an eight out of ten.

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

It's an expensive solution, although there are no additional costs.

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.