Fortinet FortiWeb Review

Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet


What is our primary use case?

We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.

What is most valuable?

It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.

What needs improvement?

The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do. 

It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.

For how long have I used the solution?

I've been using the solution for 2.5 years.

What do I think about the stability of the solution?

It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.

What do I think about the scalability of the solution?

We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.

How are customer service and technical support?

The technical support is very good.

How was the initial setup?

The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.

Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.

What's my experience with pricing, setup cost, and licensing?

You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.

What other advice do I have?

Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.

In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.

I would rate this solution eight out of 10.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiWeb reviews from users
...who work at a Financial Services Firm
...who compared it with F5 Advanced WAF
Add a Comment
Guest