FortiWeb Web Application Firewall (WAF) Reviews

I use the solution for some of my company's clients who want to protect their websites from malware and adware attacks.

From a benefit perspective, FortiWeb Web Application Firewall (WAF) protects the customers’ websites, which are used to communicate with the audience or clients.

I am not sure about what I like in the solution because I think most of the customers ask for the product whenever they want a WAF tool for any of their projects. After our company had a discussion with one of our local teams, we sold it by providing the features of the FortiWeb Web Application Firewall (WAF) that our customers like, as we mostly follow the customer requirements. Our company sells FortiWeb Web Application Firewall (WAF) if it meets our customers' requirements.

To deal with zero-day attacks, FortiWeb Web Application Firewall (WAF) needs to expand and update its database since it is one of the areas where the tool currently lacks. In short, FortiWeb Web Application Firewall (WAF) needs to update its attack prevention database.

In FortiWeb Web Application Firewall (WAF), there is a substantial amount of improvement required in the scalability area.

I have been using FortiWeb Web Application Firewall (WAF) for less than a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a five out of ten.

My company only has two customers who use FortiWeb Web Application Firewall (WAF). My company wants to sell the tool to medium and large-sized businesses with 500 or more users.

The solution is deployed on an on-premises model.

Sometimes, the product's deployment takes over one or two days because customers need to check their requirements and then may want some features. In general, it takes a minimum of two or three days to deploy the product.

Compared to the other products in the market, FortiWeb Web Application Firewall (WAF) is a reasonably priced product, but sometimes people may consider it a bit expensive. I rate the product price a four on a scale of one to ten, where one is a high price, and ten is a low price.

The product is easy to configure.

I have a separate team of three engineers in the company to manage FortiWeb Web Application Firewall (WAF).

Based on my experience and the comments from our company's customers who use the solution, I can say that FortiWeb Web Application Firewall (WAF) is a good product. Our company's customers who use the solution like it since they have been using it for about a year without any bad opinions or comments about it.

Feature-wise, FortiWeb Web Application Firewall (WAF) needs to add more functionalities. Some of the customers who use it want it to have more features, but we cannot find any in the tool presently. I can say what kind of features are required right now in the product. One customer who may want 20 features in the tool may get only 15 features that comply with the customer's requirements.

I rate the overall tool a six out of ten.

My main use case is for security and routing.

It is good for web tracking applications.  

There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.

I've been using it for a long time. It has been more than three years now. 

Stability is guaranteed stability. I'm okay with stability. I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten. 

I am okay with the support. The support's subscription is high. 

Positive

pfSense is open-source and free, while FortiWeb is subscription-based. Both are manageable, but FortiWeb's features scale up connections per second, depending on the payment plan. 

I would rate my experience with the initial setup a nine out of ten, where one is difficult, and ten is easy.

It took us two days to set up.

I deployed it myself.  I just got a reference from the old system, and I configured it.

I would rate the pricing a seven out of ten, where one is cheap and ten is expensive. 

Overall, I would rate it a solid eight out of ten.  

The solution helps us to block certain applications and websites.

The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security. 

FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security.             

We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.

I have been using FortiWeb Web Application Firewall of the past two years.

We have encountered some issues with the stability and would rate it an eight out of ten.

I would rate the scalability an eight out of ten.

The customer services is good but sometimes they are unresponsive.

Before FortiWeb and Fortinet, we used to work with Sophos. We switched to Fortinet mainly due to better support and the availability of distributors in our country. In South Africa, Sophos lacked sufficient support and the resolution times for queries were often prolonged. With more vendors and better support, Fortinet has proven to be a more reliable choice.

The deployment process of FortiWeb Web Application Firewall was easy. It took half an hour to be deployed.

FortiWeb Web Application Firewall has definitely helped with notifications of potential threats and vulnerabilities. It has impacted our operational costs by reducing them by 20%. This is mainly due to savings on bandwidth and infrastructure costs, as well as improved efficiency in handling potential threats.

I would rate the pricing a four out of ten.

FortiWeb should include log retention for 90 or 180 days built into the product, without requiring an additional license. Having to buy extra licenses for longer log retention is problematic and adds to the cost.

I would recommend FortiWeb to other users.

Overall, I would rate FortiWeb an eight out of ten. 

We use the solution for securing the Internet-facing servers where you can do the  load balancing with the web appliance.

FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.

I have been using FortiWeb as a partner for two years. We are using V7.2 of the solution.

Fortinet has many issues, like the zero-day attacks. Certain critical work vulnerabilities need to be immediately upgraded as an enterprise. You cannot initiate the upgrade anytime because it affects production. Usually, we schedule the upgrade. We do the configuration and scheduling of the updates. Fortinet is a 24/7 company that can release updates any time, regardless of the day of the week. FortiWeb WAF is a security solution that can be updated at any time, irrespective of the day of the week.

The solution is scalable.

On two recent occasions, I experienced delays in resolving technical issues with Fortiweb WAF, particularly when configuring explicit proxies on FortiGate firewalls. As a Fortinet partner, I was disappointed that our dedicated support channel was unavailable and that I could not obtain licenses or hardware assistance despite escalating to the country manager. Additionally, the technical support response times in the Middle East region have been inconsistent, with some areas providing excellent support while others have been unresponsive. This inconsistency has been particularly frustrating when dealing with urgent issues at remote sites. Overall, the support experience for Fortiweb WAF has been inconsistent and frustrating, particularly for Fortinet partners.

Neutral

I have used Kemp before, but I also dislike the FortiWeb. I'm trying to move to F5 because F5 is very good.

FortiWeb comes with an IP address. You need to log into the web console, and you can do it with the CLI using the console cable. You have to go in; it will initially give you a setup wizard and configure the hostname, interfaces, etc. The setup is relatively easy, but when it comes to advanced deployments. Kemp is a relatively affordable and capable solution. Fortiweb WAF offered all the features, making Kemp less appealing for enterprise-level applications. Kemp is suitable for smaller or regional websites, but it may not be as robust for global deployments.

Additionally, I could not locate the virtual domain feature in Fortiweb WAF. This feature would allow me to assign different domain names to a single website based on the user's location. Fortiweb WAF presented EDS as a workaround, but the process was overly complex and inconvenient.

Firstly, expect load balancing and a web application firewall for the same product Fortinet is offering. Start by booting up the device and use FortiWeb to connect the file by application firewall. There's a default IP address without any password. You log in, and then it shows your initial setup wizard. The wizard helps you set up the host names, Fortinet account, FortiCloud account, etc. After that, you start setting up your physical servers; then you give a virtual server, which will be a point. In a network with a firewall and port forwarding, the FortiWeb WAF device can act as a load balancer and a security gateway. It can receive traffic from the firewall, decrypt SSL/TLS traffic, inspect traffic for layer seven vulnerabilities, and then forward traffic to the appropriate internal server based on load-balancing algorithms and application-specific information provided by the servers. The FortiWeb WAF can monitor server health and performance and automatically switch traffic away from unhealthy servers.

Deployment depends on how much complexity you want to add to the product. If the customer requirement is easy, you may deploy it in one day. For example, I was working on a project with around 16 servers. Each server has a different data source; one server gives the back end, whereas the other provides the front end. That was a complex deployment. It will take around four to five days to deploy if you want to go deeper into it.

We have achieved 70% ROI.

FortiWeb is expensive. F5 is also very expensive, but it is value for money.

The solution’s maintenance and UI are easy, but some features are hidden. Their quality assurance needs to work. We used to have the upgrades and patches every month or 15 days, but now they are coming every week too. We have vulnerability.

The product needs to get more mature.

Overall, I rate the solution a six out of ten.

The solution's integration with other products is easy. Its most valuable feature is the antivirus engine.  The tool helps us comply with GDPR and KVKK standards. 

FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well. 

I have been working with the product for five years. 

I rate the solution's pricing a ten out of ten. 

My company has 50 users. 

The solution's support is very good. 

I use Palo Alto and Symantec products simultaneously. We chose FortiWeb WAF because of its pricing and easy implementation. 

The solution's deployment is easy and takes ten days to complete. We have two resources involved in its maintenance. 

The solution is cost-effective since it is cheaper than other alternatives. Also, the false positive rates are low. 

I rate the tool's pricing an eight out of ten. 

I rate the overall product a nine out of ten. 

In most cases, the customer uses WAF to protect web applications.

The machine learning on FortiWeb WAF is valuable. It is useful for new customers because it provides new signatures, and machine learning, which can help provide new information to customers about their websites.

WAF needs more signatures on FortiWeb and updates the database continuously to protect against new attacks. I hope the next release includes integration with the vulnerability scanner, a great feature of FortiWeb. If customers have vulnerability scanners, they can export the scan's result and post it to FortiWeb to patch completely.

I have been working with FortiWeb WAF for four years. We are working with the latest version.

The solution is stable.

The solution is not scalable. If you are running medium-sized hardware, you must upgrade and purchase new hardware. Fortinet has an issue with scalability at this point.

I have received fantastic support.

The initial setup and config are a piece of cake. The steps followed during deployment depend on the customer since not all customers have the same deployment phases. We guide deployment depending on the customer's needs. Most of the time I have deployed FortiWeb, it took one month. We needed to boot up vulnerability and configure security controls on each website. After that, the administrator on the customer's side will continue working with FortiWeb.

Maintenance is easy because WAF has a powerful view of logs.

Fortinet has a single license, and it's easy to deploy the license and doesn't take time to retrieve it. WAF is just plug-and-play, unlike other vendors. WAF wins this point. FortiWeb WAF is priced well for customers compared to other vendors' solutions.

I also work with F5 Networks. The comparison is a little bit complicated. Depending on the customer's needs, we do not recommend deploying F5 in a small environment. F5 needs a lot of administrators and an IT department. On the other hand, Fortinet will be better in this situation. We need a few people to support WAF. Otherwise, both vendors are perfect.

If you plan to deploy FortiWeb, you must have the right device to achieve high availability. I rate FortiWeb WAF a ten out of ten.

We use the solution for web filtering purposes. We use it to allow or block any application.

The most valuable features of the solution are SD-WAN, filtration, web filter, application filter, and IPS. The solution's console is very user-friendly and very easy to manage. The solution has good stability and a user-friendly interface.

It would be good if the solution integrated with other solutions, like SAP.

I have been using FortiWeb Web Application Firewall (WAF) for nine to ten years.

FortiWeb Web Application Firewall is a very stable solution.

I rate the solution’s stability ten out of ten.

Every location with 200 to 300 people has installed the FortiWeb Web Application Firewall.

I rate the solution a nine out of ten for scalability.

Our experience with the solution's technical support has been good. We promptly get support from the technical support team.

Positive

The solution’s initial setup is easy and can be done in a few hours.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine or ten out of ten.

I would recommend FortiWeb Web Application Firewall to other users because it is a good product.

Overall, I rate the solution a nine out of ten.

We use FortiWeb Web Application Firewall for security features while working in the financial area.

The product has good integration features.

The product's integration with Cisco needs improvement.

I have been using FortiWeb Web Application Firewall for 30 years.

The platform's stability is good, with good assessment and low-level design.

FortiWeb Web Application Firewall's scalability is good.

I have used Palo Alto and Check Point before.

The product is complicated to set up. The deployment time depends on the customer. Some customers have a deployment time of six to seven months, while others have a deployment time of two months. The process involves an assessment for a month, then a low-level design for another month.

FortiWeb has a good presence because of its price.

We are integrators with all the product certifications. We have a good team. We prefer assessment and low-level design before starting with the project.

I rate FortiWeb Web Application Firewall an eight out of ten.