Fortinet FortiWeb Review

Efficient, stable, and has good IP reputation features, but there are many false positive with the layer 7 attacks

What is our primary use case?

Fortinet FortiWeb is known for its web application firewalls. We are using it for preventing and detecting layer 7 attacks such as SQL injection.

We have several web applications in our organization and we use this solution to protect them against attacks.

What is most valuable?

It's stable and works efficiently against OWASP Top 10 attacks.

It's good at checking IP reputation and it's capable of detecting Layer 7 DDoS attacks.

Overall, it has many features.

What needs improvement?

The Layer 7 DDoS attacks need improvement, it could be better. When you compare it with the F5 solution, FortiWeb is weak in detecting the Layer 7 DDoS attacks. At times, it generates several false positives and there should be fewer.

In the next release, I would like to see better DDoS protection. It's an essential feature that should be included.

For how long have I used the solution?

I have been using Fortinet FortiWeb for more than five years.

We are using the 4000D model.

What do I think about the stability of the solution?

It's a stable solution and we run it 24/7. In the past five years, we have had four cases where there were some inconsistencies with the firmware. There are times where we experience crashes because of issues with the firmware.

What do I think about the scalability of the solution?

It's not easy to scale this solution. It has a determined throughput and if your throughput is more than it should be then you have to use another solution or purchase another FortiWeb model.

We have less than 10 people using this solution on a daily basis.

How are customer service and technical support?

We are not able to use international support because of US sanctions. We use a consultant to help us troubleshoot.

Which solution did I use previously and why did I switch?

Previously with another company, we used ModSecurity, which is an open-source solution. FortiWeb is better.

If I compare with F5 solutions, I would suggest F5.

How was the initial setup?

The initial setup was not easy but not exactly complex.

We maintain the system ourselves.

What about the implementation team?

We completed the initial setup ourselves and we had a consultant help us with some of the features. It was a hybrid implementation.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution, although there are no additional costs.

What other advice do I have?

In my opinion, F5 is the best solution in the world, whereas Fortinet FortiWeb would be second.

I have heard that Barracuda is a good solution, but I have not worked with it. In my experience, F5 is the better solution.

I would rate Fortinet FortiWeb a seven out of ten.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiWeb reviews from users
...who work at a Financial Services Firm
...who compared it with F5 Advanced WAF
Add a Comment