What is our primary use case?
Our primary use case is to protect an integral application against vulnerabilities. It's a WAF. It protects against vulnerabilities. We have run tests against it. We also use it for two-factor authentication before authorizing anybody to access the critical application.
How has it helped my organization?
We required security to access critical applications. We otherwise would not have been able to use the end notifications. We wanted to use the application and it's critical to us, Fortiweb enabled us to have that ability.
What is most valuable?
We are able to have an application layer different from the application itself that is protected by the FortiWeb Portal authentication feature.
What needs improvement?
Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it.
What do I think about the stability of the solution?
It's very stable. I've never had any issues.
What do I think about the scalability of the solution?
The scalability is quite good. It's a virtual machine so we know the exact resource so if we would have to increase it would be easily scalable.
We have around 15 users in our company. The users are end-users and technicians.
How are customer service and technical support?
Fortinet support is very good.
How was the initial setup?
The initial setup was quite straightforward. The GUI is user-friendly and it's easy to understand how to manage it. We used an expert to finalize the last 10% of the configuration because we wanted specific settings regarding the security. We knew what we wanted to block and we needed an expert for the specific rules. Otherwise, 90% of the setup was done in-house.
The deployment only took two to three days. We only needed one employee to install it.
What's my experience with pricing, setup cost, and licensing?
The costs are standard. We pay around $1,600 yearly.
Which other solutions did I evaluate?
We also looked at Software CTM. It was impossible to use compared to FortiWeb.
What other advice do I have?
Be sure that the security is correctly configured and all the attack patterns are covered. Make sure to do an independent assessment of the security.
I would rate it a nine out of ten. We are very satisfied with it.
We have an issue when the underlying web protected generates a logout and we want the authentication portal to recognize that the application has been logged out. When the underlying application generates a logout, the portal does not recognize the logout. I would like a way for the FortiWeb portal to easily recognize the portal.
Which deployment model are you using for this solution?