- FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
- Proxy reverse mode
Improvements to My Organization
It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.
Room for Improvement
I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:
- Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
- If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
- If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
- Upgrading from 5.3.x to 5.5.x:
- Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
- Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
Use of Solution
I have used it for three years.
It really is a powerful WAF; more than one year running with no stability issues.
We did not have to scale our web servers; we just added new servers without any issue.
Customer Service and Technical Support
The support is good, but they need more experts, because sometimes they take too much time to provide solutions.
Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.
The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.
Pricing, Setup Cost and Licensing
I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.
Other Solutions Considered
For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.
I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aug 31 2016