Fortinet FortiWeb Review

It has helped us prevent exploitation of vulnerabilities while we are working on code. Signatures are basic and prone to firing false positives.


Valuable Features

  • It supports OWASP top 10.
    As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:
  1. Create first the objects needed.
  2. Assemble the policy.
  • The GUI interface is intuitive. I have never needed to use the CLI
  • It has good reports.It is easy to manage.

Improvements to My Organization

The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

Room for Improvement

The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

This is a false positive. If the signature was more complex, that would not occur.

Use of Solution

I have been using it for four years.

Stability Issues

I have not encountered any stability issues, but it always consumes a lot of memory.

Customer Service and Technical Support

Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

Previous Solutions

ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

Initial Setup

It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

Pricing, Setup Cost and Licensing

Price and licensing is fine; it is one of the cheapest solutions and does its job.

Other Solutions Considered

We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

Other Advice

It has a good quality/price relationship. The web vulnerability scan module is useless.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email