Sold by: Fortinet Inc.Â
Deployed on AWS
Free Trial
FortiWeb Cloud is now FortiAppSec Cloud (fortiappsec.fortinet.com)!
FortiWeb Cloud, Fortinet's WAF-as-a-Service, defends your web applications and APIs. Subscribe to start your FREE 14 DAY TRIAL and let FortiWeb Cloud defend your web applications and APIs, leveraging AI-based machine learning that model your applications and APIs to block malicious anomalies, control bot traffic, and identify the most important threats.
Overview
FortiWeb Cloud is now FortiAppSec Cloud (fortiappsec.fortinet.com)!
Get a 14-day free, full-featured trial that includes threat intelligence services from FortiGuard Labs.
FortiWeb Cloud WAF provides easily-deployed and maintained protection for your web applications and APIs. FortiWeb Cloud defends your web applications and APIs using a multi-layered approach that intelligently and accurately protects your web applications from the OWASP Top 10 threats and more, without creating excess administrative overhead that can slow down deployment of your most critical line-of-business applications. Defend your applications against vulnerabilities, malicious bots, malware uploads, DDoS attacks, cross-site scripting, SQL injection, and advanced persistent threats (APTs). You will always have the most up to date protection from FortiGuard Labs, Fortinet's threat intelligence platform and research organization.
Using AI-based machine learning, FortiWeb continuously and automatically models your application's behavior to:
- Identify and block malicious behavior
- Discover and protect exposed web APIs
- Identify and control bot traffic
- NEW identify attack patterns across your entire web application attack surface and aggregate them into security incidents across all FortiWeb and FortiWeb Cloud protected applications in a single Threat Analytics Dashboard* so that SOC analysts can focus on the threats that matter most.
- NEW identify application vulnerabilities with automated black-box dynamic application security testing. Combines advanced crawling technology with FortiGuard Labs extensive threat research and knowledge base to test target applications against OWASP Top 10 and other vulnerabilities. Not included in the 14-day free eval trial.
Whether you are part of a security, devops, IT, compliance, or operations team, FortiWeb Cloud can enable you to protect the business-critical data your web apps and APIs rely on.
Pay only for what you use. Estimated monthly cost based on outbound monthly traffic:
-
Small web application (10-100 GB) = $25-$50
-
Medium web application (500-1000 GB) = $175-$325
-
Large web application (1 TB traffic) = $325+
-
Vulnerability scan - $20 per web application for unlimited monthly scans (optional, charged only when scan executed)
Highlights
- EASE OF USE: A built-in setup wizard and predefined policies deliver essential security within minutes, removing the usual complexity required when setting up a WAF. And with deep learning capabilities that model your application's behavior, false positive detections that drive administrative overhead are nearly eliminated
- LOW TCO: Pay only Intra-Region Data Transfer rates for traffic to the service, and Fortinet handles the data transfer-out costs as part of your subscription. Threat intelligence services from FortiGuard Labs are also included at no additional cost
- *NEW* ADVANCED THREAT ANALYTICS: Help your SOC analysts focus on the threats that matter most using the Threat Analytics Dashboard to identify attack patterns across all your cloud and on-prem deployments
Details
Sold by
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Hourly charge per web application protected by FortiWeb Cloud | $0.03 |
Total data transferred via FortiWeb Cloud (GB) | $0.40 |
Monthly charge per web application for unlimited vulnerability scans | $20.00 |
Vendor refund policy
N/A
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Web Application Protection
Multi-layered defense against OWASP Top 10 threats, malicious bots, malware uploads, DDoS attacks, cross-site scripting, SQL injection, and advanced persistent threats
Machine Learning Security
AI-based machine learning that continuously models application behavior to identify and block malicious anomalies
API Protection
Automated discovery and protection of exposed web APIs with intelligent traffic control and threat detection
Threat Intelligence
Real-time protection updates from FortiGuard Labs threat intelligence platform with continuous vulnerability research
Attack Surface Analysis
Automated identification of attack patterns across web applications and aggregation of security incidents into a centralized Threat Analytics Dashboard
Web Application Firewall
Advanced protection against OWASP Top 10 threats using machine learning and behavioral analytics
Bot Protection
Proactive defense using fingerprinting, challenge/response techniques, and behavioral analysis to block automated attacks
Threat Intelligence
IP Intelligence threat feed with regular updates to block malicious IP traffic and threat campaign signatures
Traffic Management
Load balancing functionality supporting 1 VIP and up to 3 virtual servers with per-app deployment model
Automation Integration
Supports integration with automation and CI/CD tools through Automation Toolchain, CloudFormation Templates, and Quick Start Guides
Threat Prevention
AI-driven zero-day threat detection and prevention using advanced contextual analysis
Web Application Protection
Comprehensive defense against OWASP Top 10 vulnerabilities with Intrusion Prevention System (IPS) covering over 2,800 Web CVEs
Traffic Control
Advanced rate limiting and bot prevention mechanisms with traffic flow management based on IP address, XFF, JWT, cookies, and headers
API Security
Automated API discovery, real-time traffic monitoring, and auto-generated Swagger schema validation for comprehensive API governance
Deep Packet Inspection
Snort 3.0 signature enforcement providing advanced packet-level security analysis
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
20 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Blair Griffith-Barwell
Provides robust security with automatic feature updates and effective bot management
Reviewed on Apr 11, 2025
Review provided by PeerSpot
What is our primary use case?
We use Fortinet FortiWeb Cloud WAF-as-a-Service situated in front of our web-facing APIs. This includes everything that is customer-facing, business-to-business APIs, and things like that.
What is most valuable?
For us, the protection against the OWASP top ten is very valuable due to its excellent machine learning capabilities. The new features are automatically rolled out, and we can switch them on and off. Its usability is a key aspect as it is very easy to use and deploy in front of new APIs. Additional valuable features include bot management capabilities which are very effective for us.
What needs improvement?
While we find the solution to be really good overall, some improvements could be made to the alerting system, specifically around the health checks of endpoints. Enhancements to the X header forwarding capabilities would also be beneficial.
For how long have I used the solution?
We have been working with Fortinet FortiWeb Cloud WAF-as-a-Service for about four to five years now.
What do I think about the stability of the solution?
The stability of the solution is excellent. We have never had any problems with it.
What do I think about the scalability of the solution?
The scalability is excellent. It can scale quickly and is very adaptable.
How are customer service and support?
Technical support is very good. I would give them a nine out of ten. Sometimes it could be faster, but generally, their support is reliable.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
When we evaluated solutions, we compared Fortinet FortiWeb Cloud WAF-as-a-Service to AWS WAFÂ and found it just as good, if not better, in terms of the features offered.
How was the initial setup?
The initial setup was very simple. We had a quick project turnaround time and implemented it across around twenty APIs in the space of a week.
What's my experience with pricing, setup cost, and licensing?
The price is not the cheapest, but it offers great value for money. I would rate it as an eight out of ten for pricing.
Which other solutions did I evaluate?
I compared Fortinet FortiWeb Cloud WAF-as-a-Service with AWS WAFÂ during our evaluation.
What other advice do I have?
I rate Fortinet FortiWeb Cloud WAF-as-a-Service a nine out of ten. I can definitely recommend it to other users. The overall product rating is a nine.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Mohammed S.
I'm an technical support for a lot of network security products
Reviewed on Mar 27, 2025
Review provided by G2
What do you like best about the product?
FortiWeb is the best Solution for the company that publish it's Website or the company that need to access the internet
What do you dislike about the product?
Nothing it's a customized product for the big organization
What problems is the product solving and how is that benefiting you?
It can filter all the URLs and customize the sites that I can login and also help me to protect my network from any attacks.
Wellington Malagutti
Machine learning mitigates attacks with a straightforward setup and helpful support
Reviewed on Jan 30, 2025
Review provided by PeerSpot
What is our primary use case?
I have used Fortinet FortiWeb for the ID protection of a large government website with substantial web traffic. We have implemented the solution on-premises.
What is most valuable?
Fortinet FortiWeb offers a variety of protections, including machine learning that helps protect web applications. It effectively mitigates web attacks, provides virtual protections, and handles large traffic with minimal processing effort. The appliance exhibits good performance and offers features that are beneficial for web security.
What needs improvement?
The usability of the interface could be improved as it is not user-friendly.
For how long have I used the solution?
I have had experience with Fortinet solutions for about five years.
What do I think about the stability of the solution?
The product is very stable.
What do I think about the scalability of the solution?
The scalability of Fortinet FortiWeb is good. It handles large traffic with minimal impact on CPU usage and maintains various protections and filters efficiently.
How are customer service and support?
The technical support is really good. The technicians have extensive knowledge about their product, and the proximity of Fortinet with customers ensures quick issue resolution.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used Cloudflare and Imperva solutions recently for personal projects and small companies. Cloudflare is extremely user-friendly and simple to operate, while Fortinet requires a little more work.
How was the initial setup?
Fortinet FortiWeb is simple to set up and not overly complex.
What was our ROI?
The product helps to mitigate web attacks effectively, providing a return with minimal investment.
Which other solutions did I evaluate?
Other solutions evaluated include Cloudflare and Imperva.
What other advice do I have?
I recommend Fortinet FortiWeb. The appliance offers very good performance and a reasonable price. In terms of overall rating, I give the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Lilian Blaitt
Efficiently identifies and addresses vulnerabilities while providing robust protection
Reviewed on Jan 14, 2025
Review provided by PeerSpot
What is our primary use case?
I use it for all the applications in my company that need external access. I route the traffic to FortiWeb first, and after this, I direct it to the cloud or on-premises solutions.
What is most valuable?
It is a secure tool. It is user-friendly and easy to work with. It is possible to easily find vulnerabilities with the WAFÂ . I understand that the return is good since I haven't had any significant attacks. The vulnerabilities I found were easy to close. I think the return is good. It is a good tool.
What needs improvement?
I do not have any notes on improvement.
For how long have I used the solution?
I have used FortiWeb for two years in the cloud, and two more years before that on the on-premises solutions.
What do I think about the stability of the solution?
Stability is very stable.
What do I think about the scalability of the solution?
Scalability is good.
How are customer service and support?
All the time, when I needed support, they answered quickly and helped me solve the issues. It is good support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I used Orca in the past and changed to Wiz in the middle of last year. These are the tools where I have a little bit of knowledge. I didn't work directly with Orca. I just supported it since I started working with CSPM while we were deactivating Orca and starting with Wiz .
How was the initial setup?
The setup was easy. It was not difficult to integrate with our applications.
What about the implementation team?
Internally, it was me and one more person, along with the consultant from Fortinet, handling the implementation. This process was quick.
What was our ROI?
I understand that the return is good. I haven't had any significant attacks. The vulnerabilities I found were easy to close.Â
What's my experience with pricing, setup cost, and licensing?
It is not too expensive.Â
Which other solutions did I evaluate?
I use F5 more in an on-prem environment and FortiWeb in the cloud environment. Both tools are very good. I have worked with F5 for five or six years, and FortiWeb for two years. The solutions for both are similar. There's nothing to say that F5 is more secure than Fortinet. Both tools are very similar.
What other advice do I have?
Overall product rating: nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
KENNETH OBONYO
Security needs have been confidently met with seamless integration
Reviewed on Jan 14, 2025
Review provided by PeerSpot
What is our primary use case?
Mostly, we use it for institutional and government offices, probably for security purposes.
What is most valuable?
Currently, there are no valuable features that stand out. I haven't seen any clients or ones that have contacted me about any issue.
What needs improvement?
The only thing I encountered was related to integration, mostly concerning translation. However, things are good now. I learned from my mistake when I reached out, and now, everything is fine. I have no complaints about it.
For how long have I used the solution?
I work with the Fortinet firewall. I have been using it for more than three years now.
How are customer service and support?
At times of configuration, I usually contact customer care from Fortinet directly through chat. The company provides technical support, and they are mostly available 24/7.Â
How would you rate customer service and support?
Neutral
How was the initial setup?
Deploying usually takes me one day to complete.
What's my experience with pricing, setup cost, and licensing?
It is budget-friendly. In my opinion, Fortinet saves money and is cheaper from my perspective. It is twice cheaper.
What other advice do I have?
I rate the overall solution ten out of ten.