
Overview
Video 1
Video 1
Video 2
This listing is for AWS WAF Classic only. Fortinets WAF rulesets are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Complete OWASP Top 10 Ruleset combines Fortinets other AWS WAF rulesets into one comprehensive package to protect web applications and to cover the entire list of OWASP Top 10 web application threats. Included are the SQLi/XSS, General and Known Exploits, and Malicious Bots rulesets.
For extended web application firewall features such as detailed trigger/event visibility, custom whitelisting and dedicated tools to fine tune and manage detections as well as detailed event visibility and AI-based behavioral attack detection you can try the FortiWeb Cloud Product: https://aws.amazon.com/marketplace/pp/prodview-rbkvcwsvcpgsk?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
For more information on AWS WAF Classic, you can find documentation here: https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html
Pricing information: Pricing consists of two dimensions:
- $30 per month for each web ACL using the Fortinet Managed Rules, per region
- $1.8 per million requests in each region
Pricing examples:
pricing example: 2x web acl in a single region (ie us-east-1)
Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month
pricing example: 2x web acl in two regions (ie us-east-1 & us-east-2)
Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month
pricing example: 3x web acl in two regions and one using a CloudFront (ie us-east-1, us-east-2, CloudFront)
Managed rule group charges = $90.00 (3x units for 3x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $108.00/month
Highlights
- Complete set of all rules offered by Fortinet
- Can be configured to log, alert and/or block
- Regular updates from FortiGuard Labs
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $30.00 |
Charge per million requests in each available region | $1.80 |
Vendor refund policy
Non-Refundable
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Support offered by Fortinet. Contact Fortinet directly by email - awswaf@fortinet.com . Please see FAQ for more info.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Standard contract
Customer reviews
Security rules have protected parcel lockers from attacks and now need smarter AI-driven threat detection
What is our primary use case?
We are using Fortinet Managed Rules for AWS WAF for one of our front-end applications called the lockers application, where it will be interacted with our postmen in Belgium. For that application to protect against hackers and bots, we are using these WAF rules.
Currently, I have used Fortinet Managed Rules for AWS WAF in the AWS service provider for cloud. We have integrated this in the WAF for the locker application, which is an end customer application, and we receive around thousands to hundreds of thousands of requests coming to our application. Since this is publicly exposed, we are using it to make our application more secure and robust without any downtime or security attacks.
What is most valuable?
Fortinet Managed Rules for AWS WAF is mainly used for controlling the use of bots and hackers, and tracking geolocation rules and source IP behaviors, which is very helpful in our application and organization from a security perspective.
The main features include integration with AWS , Azure , and Google Cloud . Additionally, it helps protect against OWASP Top 10 vulnerabilities, helps prevent data breaching, and ensures regulatory compliance.
Fortinet Managed Rules for AWS WAF has positively impacted us. We were not having financial losses because our application, the lockers, is where citizens place their parcels. Someone could potentially try to manipulate those devices. To protect against such security risks and penalties, this solution helped notify us about what is coming to our application from a hacker's perspective and how they are trying to exploit the application. To mitigate these things, it has been helpful for us.
Since using Fortinet Managed Rules for AWS WAF, financial losses have gradually decreased. Because this is a customer-facing environment where citizens of Belgium use the lockers to place their parcels, we were able to mitigate this risk. Additionally, whenever a hacker was trying to exploit the system and asking for a bounty, that threat was completely eliminated. These two things are very valuable for our application to mitigate.
What needs improvement?
Fortinet Managed Rules for AWS WAF should have AI-driven threat detection to reduce false positives, and the UI should be improved. Additionally, improvements should be made to the logging methods and web application protection. It should also be more effective for modern environments, and as the world evolves along with AI, it should evolve with an AI-driven architecture as well.
We are emerging in the AI space, and Fortinet Managed Rules for AWS WAF should be AI compatible as well. I am not certain whether it is AI compatible, as I have not used that particular service. I suggest enhancing it for more AI-driven applications.
For how long have I used the solution?
I have been using Fortinet Managed Rules for AWS WAF for the last one year.
What do I think about the stability of the solution?
Fortinet Managed Rules for AWS WAF is stable.
What do I think about the scalability of the solution?
Fortinet Managed Rules for AWS WAF was easily scaled without any issues. We did not have to monitor anything, but it scaled directly.
How are customer service and support?
The customer support for Fortinet Managed Rules for AWS WAF was very prompt. Whenever assistance was needed, there was always an engineer available to help us. I really appreciate their support.
Which solution did I use previously and why did I switch?
I have not used any other services. I am directly using Fortinet Managed Rules for AWS WAF only.
How was the initial setup?
I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace , which is the only option available.
Since it is present in AWS, the cost of Fortinet Managed Rules for AWS WAF is not high, and my customer is also happy with the cost and the work it is doing. At the integration level, it is a click and use solution.
What was our ROI?
For return on investment, since we are protecting our application from Layer 7 attacks and deadly attacks, Fortinet Managed Rules for AWS WAF helps us prevent data breaches and protects against hackers trying to exploit the lockers or someone trying to steal parcels from the lockers. For that, it has been very helpful.
Which other solutions did I evaluate?
I checked F5 and Imperva before choosing Fortinet Managed Rules for AWS WAF. Comparing all those options, I made the decision to use Fortinet.
What other advice do I have?
I would rate Fortinet Managed Rules for AWS WAF a seven out of ten. I highly recommend others to try Fortinet Managed Rules for AWS WAF and see how exactly these managed rules are working.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Protection against API attacks has improved and security teams save time with managed rules
What is our primary use case?
My main use case for Fortinet Managed Rules for AWS WAF is to manage our rules and utilize its pre-configured security rules as an AWS WAF forensic provider.
What is most valuable?
The best features Fortinet Managed Rules for AWS WAF offers include regularly updated rules which incorporate the latest threat intelligence, logs, alerts, and the ability to block malicious requests that we have found on this WAF .
Fortinet Managed Rules for AWS WAF
