Fortinet FortiWeb Review

The learning mode of the appliance picks up on the pattern of SSL attacks


What is our primary use case?

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

How has it helped my organization?

We were having a lot of probe attacks coming through from our external networks. Now, the traffic has to come through our firewall, then FortiWeb. Basically, FortiWeb acts like a second firewall for all our applications.

What is most valuable?

We have been using all the features and everything is nice. 

I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks. 

What needs improvement?

We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced. 

We had trouble understanding it at first, but we got used to using it after six months. Then, it was simple to use.

For how long have I used the solution?

We have been using it for five years (since 2015). 

What do I think about the stability of the solution?

We haven't had any issues with it so far. 

What do I think about the scalability of the solution?

The scalability is okay. There hasn't been a need to upgrade. We have found something that can adapt to our environment and that we can use for a long period of time.

We plan to use the product for the next two years. There are no major upgrades planned anytime soon.

There are four users for the product (with two being from the security team).

How are customer service and technical support?

We have needed minimal support for the solution. The support has been okay.

Which solution did I use previously and why did I switch?

We did not have a solution that we previously used.

How was the initial setup?

It is complex to set up in learning mode. It takes a lot of time to learn the pattern of the web application before we put in the rule. The rule itself is a bit complex. We had to go by trial and error because there is nothing standard on the device.

The deployment took almost six hours to get up and running.

What about the implementation team?

We used a reseller. They helped us implement the device. 

The reseller also does deployment and maintenance. For this, it takes about two of their staff and one or two of our staff internally. The staff will generally have experience in networking and firewalls with a background in security and port mapping.

What's my experience with pricing, setup cost, and licensing?

All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500.

Which other solutions did I evaluate?

Since we were using FortiGate firewall, we decided to look at FortiWeb. We also looked into several solutions, like Check Point and Palo Alto.

What other advice do I have?

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb.

What we have now is working fine.

I would rate FortiWeb as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiWeb reviews from users
...who work at a Financial Services Firm
...who compared it with F5 Advanced WAF
Add a Comment
Guest