This is a false positive. If the signature was more complex, that would not occur.
Use of Solution
I have been using it for four years.
I have not encountered any stability issues, but it always consumes a lot of memory.
Customer Service and Technical Support
Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.
ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.
It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.
Pricing, Setup Cost and Licensing
Price and licensing is fine; it is one of the cheapest solutions and does its job.
Other Solutions Considered
We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.
It has a good quality/price relationship. The web vulnerability scan module is useless.
Disclosure: I am a real user, and this review is based on my own experience and opinions.