Fortinet FortiWeb Reviews

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.  

For me personally, the most valuable thing is that I like the fact that it is standardized so both internal firewall management and the cloud can be managed by the same company. Communication between the two works well and it can be a benefit. We can keep a single console to manage both.  

User administrative controls could be a little bit better. I guess that would be the main thing. The usability within Fortinet could be a little bit easier on the users. But it is what it is.  

The thing that was more difficult was not the tool itself but dealing with the logistics of the compliance issues. I was applying a standard set of rules to an AWS firewall. It served a purpose. The complex part of the solution was more of a compliance issue.  

We have been using Fortinet FortiWeb probably for over a year-and-a-half. Closer to two years.  

At this point in time, scalability seems to be fine. I mean, we are talking processing requests from all over Australia. It seems to be keeping up quite well. My impression of it at this stage is that it is very scalable. It is quite well suited for data management.  

I think judging our experience with technical support is a little bit unfair because I know all the local support people. I do go into the help desk when I have to, but I do know most of the teachers or technical support staff. I would rate them as being very responsive to customers. I have had no issues. If I need something I can get it answered within the hour. It is quite good.  

It was quite easy to do the initial setup and apply basic rules. Administratively, keeping an AWS firewall and applying the Fortinet rules made it quite simple for the difficulty level of this particular requirement.  

I think that ForiWeb is expensive for what they are offering. At the end of the day, when you sell a suite, compliance within the suite is easy to maintain. That is the good part. It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise. It should just be cheaper for what they are offering in comparison to other tools on the market.  

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.  

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

It's an expensive solution, although there are no additional costs.

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

We are using FortiWeb for publishing web services and some web applications.

The interface makes it easy to identify vulnerabilities.

The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.

This product is very user-friendly.

The security is very good.

FortiWeb needs to have support for the newest technology being used in web applications. For example, some companies have developed new features using the latest technology, but we are still waiting for Fortinet to support them.

I have been using FortiWeb for between four and five years.

The stability is very good and we're fortunate that we haven't had any issues.

We have had no issues with scalability.

We are in Iran and working under sanctions, which means that we cannot buy new American products and cannot get support. Companies usually buy devices that are second hand, or from a third-party, neither of which have support.

That said, my impression is that the support is good for companies who are eligible to use it.

The initial setup was not complex. Like all Fortinet devices, it is user-friendly.

Due to the situation in Iran with the sanctions, the price of this solution is very expensive.

The only other two web application firewall products that are available in my country are F5 and Imperva.

This is a good product and I strongly recommend it, especially for companies in the banking industry.

I would rate this solution an eight out of ten.

I initially deployed it for my company, but now I administrate it for a client.

We use it to secure VMs and applications in Azure. It protects against DDoS attacks.

It's very user-friendly.

There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support. 

In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.

I have been using it for three months now. 

It is a stable solution. 

It is a scalable product. 

For some initial issues. It's good, but not during the first year. FortiWeb could improve response time and first-level support clarity.

Positive

The first implementation with an expert took two hours. My solo attempt took three weeks.

Take time to test it thoroughly. Consider buying an existing solution if needed.

Overall, I would rate the solution an eight out of ten. 

We use FortiWeb for protecting web applications.

The product has a very user-friendly dashboard.

The software's support services could be better compared to Sophos.

The product's scalability could be better compared to Sophos.

It is challenging to communicate with the FortiWeb's support team.

We use Sophos as well.

FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.

The product is expensive. I rate the pricing a ten out of ten.

I rate FortiWeb a five out of ten.

It helps us prevent attacks on servers, and we deploy it on-premises.

There are many valuable features. It has machine learning, artificial intelligence, behaviour detection, and many other features capable of detecting web attacks.

The initial setup could be simplified.

We have been using the solution for approximately ten years.

The solution is stable.

The solution is scalable.

We do not have experience with customer service and support.

The initial setup is complex and takes between three to six months.

We implemented the solution in-house.

Fortinet FortiWeb has some types of licenses, and the main licenses refer to updating a signature and a pattern.

We evaluated machine learning and the main signatures about known attack signatures.

I rate the solution a ten out of ten, and I recommend it for every organization with web services.

We use this product for load balancing and for their firewall. We are partners with Fortinet. 

I like that the GUI makes it easy to scale in terms of learning and utilization.
We chose this solution based on the online training and materials they offered. It's easily available on the web. 

There are specific functionalities that I'd like to see improve and that would basically bring it into line with what is being offered by solutions such as F5 and Imperva.

I've been using this solution for five years. 

This is a stable solution. 

The initial setup is straightforward, the deployment took us about two hours. We currently have 16 users. 

I rate this solution seven out of 10. 

The most valuable features in Fortinet FortiWeb are sandboxing and threat prevention. 

In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations.

I have been using Fortinet FortiWeb for approximately two years.

I have found Fortinet FortiWeb to be stable.

The solution is scalable, but it can only scale at a medium level.

We use the technical support from the system integration, not directly with Fortinet FortiWeb. It takes them a lot of time to solve an issue when we submit a complaint.

in Indonesia, we need more knowledgeable local support.

The initial implementation is simple and the configuration is straightforward.

The price of Fortinet FortiWeb is reasonable. This is one of the key factors of why we use this solution.

I rate Fortinet FortiWeb an eight out of ten.