Sold by: Fortinet Inc.
Deployed on AWS
Free Trial
FortiWeb Cloud is now FortiAppSec Cloud (fortiappsec.fortinet.com)!
FortiWeb Cloud, Fortinet's WAF-as-a-Service, defends your web applications and APIs. Subscribe to start your FREE 14 DAY TRIAL and let FortiWeb Cloud defend your web applications and APIs, leveraging AI-based machine learning that model your applications and APIs to block malicious anomalies, control bot traffic, and identify the most important threats.
4.4
Overview
FortiWeb Cloud is now FortiAppSec Cloud (fortiappsec.fortinet.com)!
Get a 14-day free, full-featured trial that includes threat intelligence services from FortiGuard Labs.
FortiWeb Cloud WAF provides easily-deployed and maintained protection for your web applications and APIs. FortiWeb Cloud defends your web applications and APIs using a multi-layered approach that intelligently and accurately protects your web applications from the OWASP Top 10 threats and more, without creating excess administrative overhead that can slow down deployment of your most critical line-of-business applications. Defend your applications against vulnerabilities, malicious bots, malware uploads, DDoS attacks, cross-site scripting, SQL injection, and advanced persistent threats (APTs). You will always have the most up to date protection from FortiGuard Labs, Fortinet's threat intelligence platform and research organization.
Using AI-based machine learning, FortiWeb continuously and automatically models your application's behavior to:
- Identify and block malicious behavior
- Discover and protect exposed web APIs
- Identify and control bot traffic
- NEW identify attack patterns across your entire web application attack surface and aggregate them into security incidents across all FortiWeb and FortiWeb Cloud protected applications in a single Threat Analytics Dashboard* so that SOC analysts can focus on the threats that matter most.
- NEW identify application vulnerabilities with automated black-box dynamic application security testing. Combines advanced crawling technology with FortiGuard Labs extensive threat research and knowledge base to test target applications against OWASP Top 10 and other vulnerabilities. Not included in the 14-day free eval trial.
Whether you are part of a security, devops, IT, compliance, or operations team, FortiWeb Cloud can enable you to protect the business-critical data your web apps and APIs rely on.
Pay only for what you use. Estimated monthly cost based on outbound monthly traffic:
-
Small web application (10-100 GB) = $25-$50
-
Medium web application (500-1000 GB) = $175-$325
-
Large web application (1 TB traffic) = $325+
-
Vulnerability scan - $20 per web application for unlimited monthly scans (optional, charged only when scan executed)
Highlights
- EASE OF USE: A built-in setup wizard and predefined policies deliver essential security within minutes, removing the usual complexity required when setting up a WAF. And with deep learning capabilities that model your application's behavior, false positive detections that drive administrative overhead are nearly eliminated
- LOW TCO: Pay only Intra-Region Data Transfer rates for traffic to the service, and Fortinet handles the data transfer-out costs as part of your subscription. Threat intelligence services from FortiGuard Labs are also included at no additional cost
- *NEW* ADVANCED THREAT ANALYTICS: Help your SOC analysts focus on the threats that matter most using the Threat Analytics Dashboard to identify attack patterns across all your cloud and on-prem deployments
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Hourly charge per web application protected by FortiWeb Cloud | $0.03 |
Total data transferred via FortiWeb Cloud (GB) | $0.40 |
Monthly charge per web application for unlimited vulnerability scans | $20.00 |
Vendor refund policy
N/A
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
By Fortinet Inc.
A next-generation cloud firewall service, FortiGate Cloud-Native Firewall (CNF) protects from threats including malware, data exfiltration and communications with malicious IP addresses.
This product has associated charges for the support provided and the Pre-configured stack.
By Barracuda Networks
Secure your inboxes pre- and post-delivery. Get AI-powered protection against all email threats, efficient threat hunting and incident response, and DMARC reporting.
Customer reviews
RahulArora
Cloud security has reduced web attack incidents and protects our public applications and APIs
Reviewed on Dec 30, 2025
Review from a verified AWS customer
What is our primary use case?
Our primary use case is protecting public facing web applications and APIs against OWASP Top 10 threats and automated attacks. Fortinet FortiWeb Cloud WAF-as-a-Service was used to protect a customer facing web application exposed to the internet. It helped detect and block malicious requests such as SQL injection and bot-driven traffic without impacting legitimate users.
What is most valuable?
The best features Fortinet FortiWeb Cloud WAF-as-a-Service offers include managed WAF rules, OWASP protection, bot mitigation, and Fortinet threat intelligence.
In day-to-day work, I use all of the features: managed WAF rules, OWASP protection, bot mitigation, and Fortinet threat intelligence. This provides a strong baseline security without requiring deep WAF expertise internally. The integration with the broader Fortinet security system is a plus regarding the features.
In terms of its impact on our organization, Fortinet FortiWeb Cloud WAF-as-a-Service has been positively protecting us from security threats and automated attacks. With this layered protection against common web and API attacks, we have noticed that the incidents and risks have been reduced to a greater extent.
What needs improvement?
Better visibility and more intuitive reporting would be helpful for Fortinet FortiWeb Cloud WAF-as-a-Service. Clearer insights from Fortinet FortiWeb Cloud WAF-as-a-Service will make it easier to demonstrate security value to our stakeholders.
For how long have I used the solution?
We have been using Fortinet FortiWeb Cloud WAF-as-a-Service for several months now.
What do I think about the stability of the solution?
Fortinet FortiWeb Cloud WAF-as-a-Service has been stable so far.
What do I think about the scalability of the solution?
Fortinet FortiWeb Cloud WAF-as-a-Service scales really well with traffic growth. Being a managed cloud service, it absorbs traffic spikes without manual intervention.
How are customer service and support?
The customer support for Fortinet FortiWeb Cloud WAF-as-a-Service is good. I would rate the customer support for Fortinet FortiWeb Cloud WAF-as-a-Service nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we relied on native cloud WAFs and basic security controls before choosing Fortinet FortiWeb Cloud WAF-as-a-Service.
What was our ROI?
I have seen a return on investment primarily through reduced security incidents and lower operational effort. We have significant reduction in the need for in-house WAF expertise and constant rule tuning that was required previously.
What's my experience with pricing, setup cost, and licensing?
In terms of pricing, setup cost, and licensing, my experience with Fortinet FortiWeb Cloud WAF-as-a-Service has been good. Pricing aligns well with enterprise-grade managed WAF offerings. While not the cheapest option, the managed nature offsets operational cost.
Which other solutions did I evaluate?
We evaluated cloud-native WAFs and other managed security services before choosing Fortinet FortiWeb Cloud WAF-as-a-Service.
What other advice do I have?
Fortinet FortiWeb Cloud WAF-as-a-Service is a good fit for organizations that want stronger WAF protection without managing the infrastructure. Fortinet FortiWeb Cloud WAF-as-a-Service provides a reliable, enterprise-grade web application protection. I would rate this review an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2728626
Real-time threat intelligence has strengthened web protection and supports proactive reporting
Reviewed on Dec 03, 2025
Review from a verified AWS customer
What is our primary use case?
Fortinet FortiWeb Cloud WAF-as-a-Service is usually used for protecting web-facing applications.
What is most valuable?
The best features of Fortinet FortiWeb Cloud WAF-as-a-Service should embody top-notch elements because the company mainly sells cybersecurity solutions. On their experience, it should be at the top of their game, as it is Fortinet and they have been in the industry for a significant number of years already. The cybersecurity signatures should always be up to date.
Regular updates are one of the aspects I appreciate about Fortinet FortiWeb Cloud WAF-as-a-Service, and it is provided by a leading brand in cybersecurity.
The impact of FortiWeb's real-time threat intelligence on overall security strategies is that anything real-time could benefit an organization, especially if you are aiming to do proactive threat detection rather than just reactive. Having that feature is really advantageous from an organization's perspective.
I benefit from the comprehensive reporting capabilities with this product, especially when presenting it to high-level stakeholders.
What needs improvement?
Regarding what could be improved in Fortinet FortiWeb Cloud WAF-as-A-Service, the adoption of AI is an area that needs attention.
The utilization of AI in Fortinet FortiWeb Cloud WAF-as-a-Service still needs to be upgraded and improved. AI in terms of managing the platform and security policies are capabilities that were lacking from the last time I used it.
In the future, I would like to see a single platform for all their solutions in Fortinet FortiWeb .
For how long have I used the solution?
I have been familiar with this product for seven to eight years already.
How are customer service and support?
Fortinet's TAC is very good nowadays for technical support.
How would you rate customer service and support?
How was the initial setup?
In terms of deployment for Fortinet FortiWeb Cloud WAF-as-a-Service, it is very simple and straightforward. Comparing it to other solutions, FortiWeb does not have a steep learning curve that you need to learn before implementing the solution. There are lots of published guides online that you could refer to if you are deploying or administering it.
For deployment, it may take hours.
What other advice do I have?
I have some experience with FortiWeb. I probably know about Fortinet FortiWeb Cloud WAF-as-a-Service.
Regarding Fortinet FortiWeb Cloud WAF-as-a-Service, we are actually in the business of selling cybersecurity solutions, so I had experience with FortiWeb appliance-based solutions. Related to Fortinet FortiWeb Cloud specifically, I do not have any experience implementing or administering that solution.
For Fortinet FortiWeb Cloud WAF-as-a-Service, I am not really using it, as we are in the business of selling it.
FortiWeb's customizable security rules have not helped me much with the organization, as this is more on administering FortiWeb.
It will be difficult for me to answer questions about certain aspects of this product. I have given this product an overall rating of eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Meshack Okundi
Protects high-risk financial and government websites from evolving threats while helping meet compliance requirements
Reviewed on Nov 21, 2025
Review from a verified AWS customer
What is our primary use case?
Fortinet FortiWeb Cloud WAF-as-a-Service protects our customers' websites, including e-commerce sites, normal websites, and web applications.
I can provide a quick example of a customer website where we protect an e-commerce site, especially in Kenya where WAFs are mostly used in banks to meet the PCI DSS standard. The service blocks attacks like cross-site scripting and DDoS, as well as all website-related attacks.
Fortinet FortiWeb Cloud WAF-as-a-Service helps protect against many attacks related to web applications, including SQL injection and misconfigurations from customers that lead to vulnerabilities like denial of service and attempts to exfiltrate sensitive data, particularly for banks.
What is most valuable?
The best features of Fortinet FortiWeb Cloud WAF-as-a-Service include PCI DSS compliance, which is a key tool for enabling banks to meet standards, DDoS protection, and zero-day attack protection that safeguards applications from unknown threats. The service also provides effective threat detection for SQL injection and cross-site scripting.
Since using Fortinet FortiWeb Cloud WAF-as-a-Service, I have positively impacted my organization due to a noticeable decrease in attacks, especially cross-site injections and DDoS attacks. It has significantly helped us meet PCI DSS standards while being cost-effective.
What needs improvement?
Fortinet FortiWeb Cloud WAF-as-a-Service could be improved with better logging capabilities, as many come with less spacing, necessitating a FortiSIM for enhanced functionality.
In addition to logging, I would suggest that Fortinet FortiWeb Cloud WAF-as-a-Service enhance the reporting interface to be more intuitive and user-friendly, with greater customization options tailored to customer needs.
For how long have I used the solution?
I have been using Fortinet FortiWeb Cloud WAF-as-a-Service for roughly less than four years.
What do I think about the stability of the solution?
Fortinet FortiWeb Cloud WAF-as-a-Service is definitely stable.
What do I think about the scalability of the solution?
In my experience, Fortinet FortiWeb Cloud WAF-as-a-Service's scalability is quite good, and I would rate it at eight point five out of ten.
How are customer service and support?
I have interacted with Fortinet customer support, and the experience has been lovely and straightforward, as they are easily approachable and work on issues until resolution within the SLA.
I would rate the customer support for Fortinet FortiWeb Cloud WAF-as-a-Service as nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, I used F5, which is quite expensive and requires highly trained personnel for configuration, making Fortinet FortiWeb Cloud WAF-as-a-Service much easier to use.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing for Fortinet FortiWeb Cloud WAF-as-a-Service is good, and it is quite affordable compared to other WAFs.
Which other solutions did I evaluate?
Before choosing Fortinet FortiWeb Cloud WAF-as-a-Service, I evaluated other options, primarily comparing F5 and FortiWAF, as those were the only two we used.
What other advice do I have?
Fortinet FortiWeb Cloud WAF-as-a-Service meets all the basic capabilities expected of a WAF , offers numerous features, and is affordable compared to other WAFs in the market.
For others considering Fortinet FortiWeb Cloud WAF-as-a-Service, my advice is to focus on the cost-effectiveness, as it is relatively cheaper compared to other WAFs while still offering the necessary features for blocking attacks.
Fortinet has created a holistic product that integrates features including AI and API protection, with straightforward automation and articulate reporting that even less experienced engineers can use easily. There is something small or specific that could further improve Fortinet FortiWeb Cloud WAF-as-a-Service.
I give Fortinet FortiWeb Cloud WAF-as-a-Service a rating of nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Blair Griffith-Barwell
Provides robust security with automatic feature updates and effective bot management
Reviewed on Apr 11, 2025
Review provided by PeerSpot
What is our primary use case?
We use Fortinet FortiWeb Cloud WAF-as-a-Service situated in front of our web-facing APIs. This includes everything that is customer-facing, business-to-business APIs, and things like that.
What is most valuable?
For us, the protection against the OWASP top ten is very valuable due to its excellent machine learning capabilities. The new features are automatically rolled out, and we can switch them on and off. Its usability is a key aspect as it is very easy to use and deploy in front of new APIs. Additional valuable features include bot management capabilities which are very effective for us.
What needs improvement?
While we find the solution to be really good overall, some improvements could be made to the alerting system, specifically around the health checks of endpoints. Enhancements to the X header forwarding capabilities would also be beneficial.
For how long have I used the solution?
We have been working with Fortinet FortiWeb Cloud WAF-as-a-Service for about four to five years now.
What do I think about the stability of the solution?
The stability of the solution is excellent. We have never had any problems with it.
What do I think about the scalability of the solution?
The scalability is excellent. It can scale quickly and is very adaptable.
How are customer service and support?
Technical support is very good. I would give them a nine out of ten. Sometimes it could be faster, but generally, their support is reliable.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
When we evaluated solutions, we compared Fortinet FortiWeb Cloud WAF-as-a-Service to AWS WAF and found it just as good, if not better, in terms of the features offered.
How was the initial setup?
The initial setup was very simple. We had a quick project turnaround time and implemented it across around twenty APIs in the space of a week.
What's my experience with pricing, setup cost, and licensing?
The price is not the cheapest, but it offers great value for money. I would rate it as an eight out of ten for pricing.
Which other solutions did I evaluate?
I compared Fortinet FortiWeb Cloud WAF-as-a-Service with AWS WAF during our evaluation.
What other advice do I have?
I rate Fortinet FortiWeb Cloud WAF-as-a-Service a nine out of ten. I can definitely recommend it to other users. The overall product rating is a nine.
Wellington Malagutti
Machine learning mitigates attacks with a straightforward setup and helpful support
Reviewed on Jan 30, 2025
Review provided by PeerSpot
What is our primary use case?
I have used Fortinet FortiWeb for the ID protection of a large government website with substantial web traffic. We have implemented the solution on-premises.
What is most valuable?
Fortinet FortiWeb offers a variety of protections, including machine learning that helps protect web applications. It effectively mitigates web attacks, provides virtual protections, and handles large traffic with minimal processing effort. The appliance exhibits good performance and offers features that are beneficial for web security.
What needs improvement?
The usability of the interface could be improved as it is not user-friendly.
For how long have I used the solution?
I have had experience with Fortinet solutions for about five years.
What do I think about the stability of the solution?
The product is very stable.
What do I think about the scalability of the solution?
The scalability of Fortinet FortiWeb is good. It handles large traffic with minimal impact on CPU usage and maintains various protections and filters efficiently.
How are customer service and support?
The technical support is really good. The technicians have extensive knowledge about their product, and the proximity of Fortinet with customers ensures quick issue resolution.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used Cloudflare and Imperva solutions recently for personal projects and small companies. Cloudflare is extremely user-friendly and simple to operate, while Fortinet requires a little more work.
How was the initial setup?
Fortinet FortiWeb is simple to set up and not overly complex.
What was our ROI?
The product helps to mitigate web attacks effectively, providing a return with minimal investment.
Which other solutions did I evaluate?
Other solutions evaluated include Cloudflare and Imperva.
What other advice do I have?
I recommend Fortinet FortiWeb. The appliance offers very good performance and a reasonable price. In terms of overall rating, I give the solution a nine out of ten.