What is our primary use case?
I primarily use this solution for the protection of our applications. We chose Fortinet because you can check an application and deploy it in real time. We use the WAF solution from Fortinet to protect against new exploits discovered. Within Fortinet, there is a way to secure such bugs and exploits in the application we're running.
What is most valuable?
The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability. This part of the intelligence and behavioral analysis makes it very easy to tell if the user just used a few wrong characters in the field or not. It also checks to see if different characters are being entered very quickly, and can tell whether the user is actually typing something.
Another feature is the possibility to balance the traffic and there's lots of integration with your sandbox.
What needs improvement?
We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point. But, from what I understand, we haven't looked at the market to see how this can be done yet.
For how long have I used the solution?
I've been using the solution for two years.
What do I think about the stability of the solution?
In terms of stability, we haven't had a crash or malfunction.
What do I think about the scalability of the solution?
We've used the solution for two years and it's been okay.
We are operating at approximately sixty percent capacity. The solution is used all the time, but you can measure this because there are different boxes that you can buy for different levels. In our case, we keep some at thirty to forty percent available. In order to be able to watch an application and protect a larger amount of traffic, we keep it at this level. So we're good on this scalability or performance side.
How are customer service and technical support?
We haven't had any technical issues, because it was designed as specified in the documentation. I know we have local support, so if there is an issue we can call and escalate the call to get the support if there is a problem. We are within the warranty service period, so from this side, we are comfortable with this solution.
If you previously used a different solution, which one did you use and why did you switch?
We did use another solution, but, compared with the competition, we got the best ratio of performance to price when we chose Fortinet. We could use F5, for example, but the price is not as good.
How was the initial setup?
The setup for one application is sort of complex but based on the automatic profiling, they're learning. You are provided with a set of policies that meet best practices and security recommendations, so you are good to go in a very short time.
What about the implementation team?
We did the implementation ourselves. It was not required to have some higher level of expertise order to implement. There were no functions that were not documented, so we didn't need any outside party involved with this process.
What's my experience with pricing, setup cost, and licensing?
The solution gives us the best price to performance ratio.
What other advice do I have?
The interface has been a pain in the past but now with the later version, 2.2, the user behavior analysis has improved. Before when you want to deploy an application, for example, you needed to have a login page and make sure to search for the user behavior and all the interactions. That way, you could generate flexible usage for that application. Now that's automated, so apart from that, there's no huge report or feature that we would like to improve.
I would rate this product a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.