We performed a comparison between AWS WAF and Fortinet FortiWeb based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiWeb is the winner in this comparison. According to reviews, it is a more comprehensive solution than AWS WAF. Reviewers are happier with the pricing of AWS WAF, however.
"One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"Rule groups are valuable."
"The interface is good."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The stability of AWS WAF is valuable."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"One of the big advantages of using Fortinet FortiWeb is all the Fortinet family solutions use the same user interface and logic. This makes it easy to use, configure, manage, and understand if you have used one of their solutions before or are wanting to implement other Fortinet solutions in the future. Additionally, all Fortinet solutions can be managed with one application called FortiManager."
"This product is very user-friendly."
"The most valuable feature is the web application firewall (WAF)."
"The valuable feature of Fortinet FortiWeb vulnerability scanner"
"FortiWeb provides the level of security we need at an excellent price point. It's easy to deploy and operationally efficient."
"SSL Offloading simplifies the public certificate handling and brings additional protection features."
"Both the internal firewall management and the cloud can be managed by a single console."
"The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability."
"The solution could be more reliable."
"The solution's pricing could be improved."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"For now, there is no feature to protect against attack of the bad bots"
"The product should improve the DDoS-related features."
"We haven't faced any problems with the solution."
"They should work to define more threats, add more security, and make it more compliant with more security companies."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"The reporting could be optimized."
"Lacks functionalities that are available in other solutions."
"It may be better if it were easier to create roles."
"The solution could offer more integration opportunities."
"The upgrade process could be a bit smoother."
"It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great."
"In terms of performance, it needs to be more robust."
"Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. AWS WAF is rated 8.0, while Fortinet FortiWeb is rated 8.0. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Prisma Cloud by Palo Alto Networks, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, Azure Web Application Firewall, Imperva Web Application Firewall and Cloudflare Web Application Firewall. See our AWS WAF vs. Fortinet FortiWeb report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.