The FortiWeb Web Application Firewall (WAF) is used when customers want to publish their sites and protect their internal public websites. Some customers ask to protect their AWS or Azure network, and during that time, we also suggest the web solution. In the network, we can use next-generation firewalls upstream or in flows wherever required, making it mandatory with the parameter-level layer security.

We focus on websites with FortiWeb Web Application Firewall (WAF). Features such as anomaly input validation, XML protection, and API protection are already present, but we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful.

The features of FortiWeb Web Application Firewall (WAF) that have proven most effective in protecting web applications include web filtering, DDoS protection, geo-location blocking, and blocking SQL injection attacks.

The AI machine learning capabilities included in FortiWeb Web Application Firewall (WAF) analyze patterns effectively. For example, if any user tries to input any text format in a web form mistakenly using SQL queries, the web solution detects the input, checking whether it's impacting or analyzing queries in the database. Everything is analyzed to ensure protection.

Their AI technology is good. Overall, Fortinet is only good.

The improvement needed is in their response time. In the past three to four years, whenever we called for support, they responded quickly, often within five to ten minutes, and addressed our issues immediately. Now it takes longer, and they talk about SLA and 48-hour response times. Even with critical issues, they say, 'Okay, that ticket is assigned; we need to wait for their update in four hours or two hours,' which is taking too long now.

If there are issues, we need to contact the development team since we don't have configurations we can do ourselves; most features or configurations are managed by the development team. The graphical user interface looks difficult to understand, as other products allow us to see all features in one place.

The AI in FortiWeb Web Application Firewall (WAF) is just a checkmark option. To use machine learning features, we only need to enable or disable it. However, we must check how useful it is in real-time environments to determine how it protects or identifies threats.

There are features like web filtering, DDoS protection, geo-location blocking, SQL injection blocking, anomaly input validation, XML protection, and API protection already present, however, we also need configuration settings that indicate the advantages or disadvantages of enabled features. If the GUI includes notifications and improved logging capabilities that allow us to see traffic and store logs for six months, that would be very helpful. Currently, we cannot see any logs for allow traffic or monitor daily traffic effectively, which requires external syslog servers or cloud subscriptions. If inbuilt larger logging capability is added, it would enhance usability, and features like clickable options to unblock or create exceptions would greatly assist customers in managing their websites.

I have been working with them for Five years.

The technical support by Fortinet is good. The back-end development team is available, and if any issue arises, they will help us immediately by providing solutions when contacted.

Positive

The pricing for FortiWeb Web Application Firewall (WAF) is reasonable. That said, it depends on how many websites we need to protect. The licensing is based on the number of websites or individually. If the customer has multiple websites, the price reduces automatically since it depends on the number only. If the customer wants to buy initially, there is a default license available.

When going for multiple websites, the price also reduces.

I am providing next-generation firewalls or FortiWeb Web Application Firewalls (WAF).

Both web application firewalls and next-generation firewalls are available, which we are doing daily.

I usually recommend the FortiWeb Web Application Firewall (WAF) for various types of companies, including retail, hospitals, manufacturing, construction, and banking.

It is the best option on the market.

I rate FortiWeb Web Application Firewall (WAF) eight out of ten.

I mentioned that the firewalls, such as the one from Fortinet, help protect my infrastructure from outside attacks. They perform a lot of network scanning and do not allow any unauthorized person to access my details and data. That's their application. A similar action is performed by the web application firewall, where web applications are restricted to certain users. This means that not anyone with malicious intent can access my web application content.

The good thing about Fortinet is that their enablement is very good in terms of training me and enabling resources on their technology. 

Secondly, if I look at their pricing, Fortinet's pricing is way more competitive than Cisco or Palo Alto. They have almost 45% share in the firewall market, as per IDC. Fortinet is a large-sized company where their channel program is very robust and very flexible. They also understand the different personas of the channel stakeholders. In that way, they are rapidly growing in the channel ecosystem space and have started getting a lot of business. They are replacing many big traditional players in that space.

There are some issues pertaining to the migration. If some of my customers want to migrate from F5 to Fortinet Firewall, or the Fortinet WAF solution, there are some migration issues since I cannot migrate all the elements quickly using Fortinet Firewall. There is some integration work required to do that.

I have been working with Fortinet for almost one year and eight or nine months.

Their support is truly exceptional when I compare it with similar large-sized companies. In that category, they are top-notch at this point in time.

Neutral

I was with SquadCast earlier.

F5 is a leader. They have some technical supremacy. F5 is more in demand, however, other players like Radware are also available in the market.

I would rate the solution eight out of ten at least. 

FortiWeb is used for web application protection. It protects a web application against attacks targeting their web applications, such as cross-site scripting, SQL injection, and other common application-specific attacks.

FortiWeb allows the organization to operate efficiently without any downtime or serious security breach.

FortiWeb has a very extensive library of known attack signatures, which makes the product fit for any environment, regardless if the customer uses Windows-specific or non-Windows-specific applications. It also has a very low rate of false positives and incorporates other FortiGuard capabilities, such as detection of botnet traffic.

For users not familiar with Fortinet, it could be beneficial to provide more user-friendly analytics and reporting. The product could offer better capabilities and analytics to pinpoint threat landscapes more efficiently.

I have been working with FortiWeb for approximately four years, maybe more.

FortiWeb has proven to be very stable and does not introduce latency in the network.

The product can scale according to the organization's traffic and architecture. It is available as a virtual appliance and a hardware appliance.

Fortinet provides very good support, which I would rate as eight out of ten.

Positive

At the moment, we are only working with Fortinet and not with other web application firewalls.

Someone without prior experience with the product might find it challenging to deploy. However, Fortinet provides good online training to assist administrators.

The total cost of ownership should be calculated based on the actual protection it offers to the application. Deploying FortiWeb can save 20% to 30% of resources within the organization.

FortiWeb uses a subscription-based license, but there is also an option for a perpetual license. It's not the cheapest solution. That said, it is worth the investment.

I have experience with other web application products.

I'd rate the solution nine out of ten.

Our company provides data center and cloud services as infrastructure providers. When customers need infrastructure like VMs or server allocation, we provide them with the vendor and offer services to operate, manage, implement, and integrate these security components.

The most valuable feature is the tool's integration with load-balancing applications, similar to FortiADC. Its importance depends on customer requirements, such as whether they prioritize application load balancing or layer seven protection.

Regarding areas for improvement, the documentation needs work. We had issues with a customer because the documentation didn't clearly show which devices can connect with FortiWeb WAF, leading to misconfiguration and difficult meetings. We also need deeper technical support - finding who's responsible for technical aspects is challenging. Hungary has a good Fortinet office with strong sales and pre-sales employees.

I have been using the product for four to five years. 

I rate the tool's stability a nine out of ten. 

It's not good with normal perpetual licensing, but we can solve the problem using flex licensing. That's why I'd rate it nine out of ten. We're satisfied with it. Many of our customers, including small, medium, and enterprise businesses, use FortiWeb WAF.

I rate the tool's deployment ease as seven out of ten. We have spent about 600 working hours to implement it. 

The product provides very good prices to customers. The price is set well and offers great value for money.

I rate the overall solution an eight out of ten. I advise others looking to use FortiWeb WAF to create deeper policy rules.

I use the solution in my company to make web applications more secure because we have a special portal or web interface that we have to make secure for cybersecurity and different accesses. We found that FortiWeb Web Application Firewall (WAF) works fine for such use cases.

The tool's most valuable feature is the web access it offers. We control every access, like who goes in and what they do.

The tool's price and performance are areas of concern where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

My company has three customers using the tool. One of the customers has 1,00,000 users.

My company manages the technical support with around four people, so it is not a complex process for us to handle. In general, the tool's support team is friendly.

The product's initial setup phase was easy.

The solution's deployment needs a bit of time because we have to discuss it with the deployment team, which consists of software. The project keeps growing and changing daily, so if the people involved in the deployment make new software, we have to change something. It is an easy process and can be managed in around two weeks by one person.

The tool is really expensive. In our company, we could do a lot more, but the price is always a point covering areas like why we need one, whether it is important to discuss, why it is so expensive and so on.

Speaking about the licensing model, people need to opt for a subscription-based model. My company likes to have a subscription for at least three or five years because, otherwise, you have to renew the license. Managing the licensing part for one person can also be very complex.

The solution helps protect our company's web applications against common threats up to 99 percent. We feel very safe with the tool.

Speaking about how the tool has effectively mitigated web security threats for an application, I would say that it is an application behind the web portal, so there are about a hundred or thousand people who can access a website. If it is a sensitive application, and we have to watch every access to it to make it really safe, that is the reason why we need WAF on the application.

My company doesn't use AI with the tool.

I recommend the product to others. I would say that others need to have it if they have a shopping website or something similar. I know it is hard to sell because we find it quite hard whenever my company tries to do so.

The solution offers 100 percent integration with other Fortinet security products.

The ease of policy configuration in the tool is okay.

I rate the tool a nine to ten out of ten.

The solution's integration with other products is easy. Its most valuable feature is the antivirus engine.  The tool helps us comply with GDPR and KVKK standards. 

FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well. 

I have been working with the product for five years. 

I rate the solution's pricing a ten out of ten. 

My company has 50 users. 

The solution's support is very good. 

I use Palo Alto and Symantec products simultaneously. We chose FortiWeb WAF because of its pricing and easy implementation. 

The solution's deployment is easy and takes ten days to complete. We have two resources involved in its maintenance. 

The solution is cost-effective since it is cheaper than other alternatives. Also, the false positive rates are low. 

I rate the tool's pricing an eight out of ten. 

I rate the overall product a nine out of ten. 

We use the solution for branch optimization. Initially, it was all in MPLS, but they converted to the broadband network. Implementing it reduced the cost, and its redundancy was also better.

It improves latency by optimizing traffic routing. When a better link is available, it reroutes traffic through it. Additionally, MPLS helps reduce costs. Critical data can be prioritized on MPLS, while other data uses broadband connectivity, leading to better resource utilization. This setup supports load sharing, allowing multiple links to work simultaneously for improved performance.

From the web application perspective, it offers comprehensive features, including URL filtering and DNS protection. Additionally, FortiWeb provides SD-WAN capabilities, such as load sharing based on latency or packet drops. Its extensive feature set allows customers to choose and customize according to their needs and preferences.

FortiWeb could have an inbound load balancing pack. Currently, they don't have it, but they have the print product for that. It'll be better if they have it on the same product.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is primarily for the enterprise environment segment. Even if one of the three links goes down, another link will appear to resolve the issue. FortiWeb primarily relies on its high availability features.

We had a quick response from support since we have partnered with them. 

Positive

The initial setup was easy because we had training. Also, the FortiGate team provides good support. It took around around five to six days to complete. It is only a plug-and-play environment.

The price is cheap compared to other products in the market. It costs 15-20% less than CheckPoint.

It is more than a basic firewall. It includes various features for enhanced security, such as protection against threats and vulnerabilities specific to web applications. Depending on their roles and responsibilities, some people who work on EDS may also interact with FortiWeb WAF.

FortiWeb offers a comprehensive product suite for SOC integration, including automation and SIEM capabilities. It also offers a complete integration package, including physical components that ensure a consistent experience for internal and external teams.

It includes an analyzer that provides comprehensive visibility. It is designed to optimize costs while sending detailed analytics and other relevant data.

I recommend the solution for security.

I rate the solution a nine out of ten.

The solution helps us to block certain applications and websites.

The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security. 

FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security.             

We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.

I have been using FortiWeb Web Application Firewall of the past two years.

We have encountered some issues with the stability and would rate it an eight out of ten.

I would rate the scalability an eight out of ten.

The customer services is good but sometimes they are unresponsive.

Before FortiWeb and Fortinet, we used to work with Sophos. We switched to Fortinet mainly due to better support and the availability of distributors in our country. In South Africa, Sophos lacked sufficient support and the resolution times for queries were often prolonged. With more vendors and better support, Fortinet has proven to be a more reliable choice.

The deployment process of FortiWeb Web Application Firewall was easy. It took half an hour to be deployed.

FortiWeb Web Application Firewall has definitely helped with notifications of potential threats and vulnerabilities. It has impacted our operational costs by reducing them by 20%. This is mainly due to savings on bandwidth and infrastructure costs, as well as improved efficiency in handling potential threats.

I would rate the pricing a four out of ten.

FortiWeb should include log retention for 90 or 180 days built into the product, without requiring an additional license. Having to buy extra licenses for longer log retention is problematic and adds to the cost.

I would recommend FortiWeb to other users.

Overall, I would rate FortiWeb an eight out of ten. 

We use the solution in our headquarters. We have some agents outside our company.

The solution is transparent and smooth. So far, the tool has integrated well with our existing security infrastructure.

The price is a little higher than the competitors.

I have been using the solution for more than five years.

The technical support team is okay.

We have a consultant who gives us advice about the implementation.

Overall, I rate the product a nine out of ten.