What is our primary use case?
We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries.
What is most valuable?
It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution.
It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube.
What needs improvement?
When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it.
For how long have I used the solution?
I have been using this solution for three months.
What do I think about the stability of the solution?
Based on what I know and see during the testing mode, it is stable. There has been no major incident. It has not stopped during this time.
What do I think about the scalability of the solution?
It is flexible and scalable. We have about 400 employees, and all of them are using this solution.
How are customer service and technical support?
We don't have any experience with international support. The local guys from our partner High Tech Solutions are so educated and professionals that we didn't have any need to use international support. They are doing well and are available all the time. They are always ready to help and support whether it is a working hour or not.
What about the implementation team?
We have one System Admin who works on the configuration and an InfoSec officer who looks into events, incidents, and logs and analyzes them. So, we have two people. We also have our head of the department, and we are responsible and accountable to him.
Which other solutions did I evaluate?
We have also tested other products such as Imperva and F5, and the most number of likes were for F5 and FortiWeb.
What other advice do I have?
We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product.
I would rate Fortinet FortiWeb a nine out of ten.
Which deployment model are you using for this solution?