In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:
- 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
- Easy integration with various Fortinet products such as FortiSandbox for APT detection.
- ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.
Improvements to My Organization
- Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
- Rule creation and fine tuning are easy, as compared to its competitors.
- Product has provided adequate assurance to organization’s PCI DSS program.
Room for Improvement
Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.
The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.
Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.
Use of Solution
It’s been almost one year since we started using this solution.
The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.
Customer Service and Technical Support
As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.
We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.
Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.
FortiWeb provides a wide variety of deployment options such as
- Reverse proxy
- Inline transparent
- True transparent proxy
- Offline sniffing
- WCCP (Web Cache Communication Protocol)
Pricing, Setup Cost and Licensing
Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.
Other Solutions Considered
We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.
Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.
Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aug 30 2016