We just raised a $30M Series A: Read our story
Muhammed-Shafi
Presales Solutions Architect at Hilal Computers
Real User
Top 5
It is stable but needs good service and training

Pros and Cons

  • "It is a stable product."
  • "Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them. They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported."

What is most valuable?

It is a stable product. 

What needs improvement?

Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them.

They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported.

For how long have I used the solution?

We have been using Fortinet FortiWeb for four years. 

What do I think about the stability of the solution?

Its stability is fine wherever we have implemented it.

How are customer service and technical support?

Its support is a bit difficult to get. They need to improve the service. 

How was the initial setup?

It is straightforward, but we still need good training.

What's my experience with pricing, setup cost, and licensing?

It is fine now. We had to earlier negotiate the price.

What other advice do I have?

We are a solution provider and system integrator company. We work for DCC countries. We deal with Fortinet, Meraki, Sophos, Check Point, Barracuda, and Juniper SRX solutions.

Fortinet FortiWeb is comparable to Barracuda. We don't have many customers for Fortinet WAF, and we couldn't get that much good feedback. We mostly use Barracuda WAF. We use it even in the cloud environment. 

Fortinet is fine on the firewall side. We haven't sold many Barracuda firewalls, but for WAF, we mostly use Barracuda. We prefer Barracuda because they provide good training, and they always follow up. Customers also prefer Barracuda or any other WAF service. Customers receive good support from Barracuda. Fortinet WAF is rare. 

I would recommend this product only based on customer requirements. At the end of the day, how you install, configure, and meet customer requirements are more valuable. I never place a product ahead of a customer. Fortinet WAF might not be suitable for certain customers. Similarly, Barracuda WAF might not be suitable for certain customers. I always get customer requirements and then supply the product according to their requirements.

I would rate Fortinet Fortiweb a five out of ten. It is neither good nor bad.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
reviewer1217868
Information security at a financial services firm with 1-10 employees
Real User
Top 10
Provides us with security to access critical applications and it's easy to understand how to manage

Pros and Cons

  • "The GUI is user-friendly and it's easy to understand how to manage it."
  • "Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it."

What is our primary use case?

Our primary use case is to protect an integral application against vulnerabilities. It's a WAF. It protects against vulnerabilities. We have run tests against it. We also use it for two-factor authentication before authorizing anybody to access the critical application.

How has it helped my organization?

We required security to access critical applications. We otherwise would not have been able to use the end notifications. We wanted to use the application and it's critical to us, Fortiweb enabled us to have that ability. 

What is most valuable?

We are able to have an application layer different from the application itself that is protected by the FortiWeb Portal authentication feature. 

What needs improvement?

Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it. 

What do I think about the stability of the solution?

It's very stable. I've never had any issues. 

What do I think about the scalability of the solution?

The scalability is quite good. It's a virtual machine so we know the exact resource so if we would have to increase it would be easily scalable. 

We have around 15 users in our company. The users are end-users and technicians. 

How are customer service and technical support?

Fortinet support is very good. 

How was the initial setup?

The initial setup was quite straightforward. The GUI is user-friendly and it's easy to understand how to manage it. We used an expert to finalize the last 10% of the configuration because we wanted specific settings regarding the security. We knew what we wanted to block and we needed an expert for the specific rules. Otherwise, 90% of the setup was done in-house. 

The deployment only took two to three days. We only needed one employee to install it. 

What's my experience with pricing, setup cost, and licensing?

The costs are standard. We pay around $1,600 yearly. 

Which other solutions did I evaluate?

We also looked at Software CTM. It was impossible to use compared to FortiWeb. 

What other advice do I have?

Be sure that the security is correctly configured and all the attack patterns are covered. Make sure to do an independent assessment of the security. 

I would rate it a nine out of ten. We are very satisfied with it. 

We have an issue when the underlying web protected generates a logout and we want the authentication portal to recognize that the application has been logged out. When the underlying application generates a logout, the portal does not recognize the logout. I would like a way for the FortiWeb portal to easily recognize the portal. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,267 professionals have used our research since 2012.
Dino R
System Administrator at a insurance company with 1,001-5,000 employees
Real User
Top 10
Provides good feedback for development and is easy to scale up

Pros and Cons

  • "It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs."
  • "The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."

What is our primary use case?

Generally, we are using it to protect our internet-facing web applications. So if there are any security vulnerabilities in our applications, the solution can provide protection.

How has it helped my organization?

It offers some feedback and suggestions that guide our system development while helping our vendors to update their applications and fix any issues or bugs.

What is most valuable?

They have a sort of table that defines the functions of certain applications, ex. which function has the slowest or fastest response. This enables our in-house development team or vendors to review our application and fix the functions if necessary. 

What needs improvement?

The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product.

For how long have I used the solution?

I have been using FortiWeb for three years.

What do I think about the stability of the solution?

I think it's quite reliable so long as it's configured. 

What do I think about the scalability of the solution?

As long as we accurately scale our requirements from the start, I think the solution is quite scalable and quite easy to scale up later on.

How are customer service and technical support?

They are quite helpful. But I think because our department is quite stable and configured correctly, we are rarely using the support. Everything works perfectly.

How was the initial setup?

I think it's quite complex because we need to know how the application works.  

What about the implementation team?

We are using local support to configure the solutions for us. We also purchase local maintenance and support on top of the routine product support and updates. Because it is a
very specialized product, we need a very skillful person with expertise in the product to configure the solution for us.

What's my experience with pricing, setup cost, and licensing?

In a high availability cluster configuration, where the primary FortiGate is working and the secondary is a backup, Fortinet requires us to buy two licenses instead of one whether we are actually using it or not. With other products, you only purchase one license because we only use one license per instance.

What other advice do I have?

You need to accurately calculate the requirements of your infrastructure before implementing FortiWeb or any other web application firewall. Accuracy is very critical when scaling the product or the model that will be deployed on your infrastructure. 

I would rate FortiWeb an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
VK
Senior Cyber Security Engineer at a tech services company with 201-500 employees
Real User
Top 5
A competitively priced and stable solution

Pros and Cons

  • "The deployment was very easy."
  • "The documentation for the machine learning could be better."

What is our primary use case?

The version we are using is not old, but neither is it up to date. 

We implement FortiWeb to block incoming attacks to our network and web applications.

We use complex authentication rules and forms, in addition to the solution, for protection. We also do caching with static websites and compression. 

What is most valuable?

I would say that machine learning is the most valuable upgrade from 5.8, both before and after 5.9.

What needs improvement?

The documentation for the machine learning could be better. They do not provide proper documentation explaining how the solution works or how to configure it. A good, valid KB article would be helpful. 

It is difficult to configure the machine learning and get it up and running. We put in a week of learning mode and then place it in our production. The machine and data learning is a pain point. I work with different clients. The machine-learning algorithm doesn't learn all the URL patterns. 

It would be nice to see certain software changes in order to add some kind of betterment with machine learning.

What do I think about the stability of the solution?

As a hardware device, the solution is very stable. This is true when compared with other web application firewalls. 

What do I think about the scalability of the solution?

Hardware is not very shareable, as increasing capacity would require the use of a different one. But there is good scalability when it comes to WAF, SaaS and cloud solutions. The CPU cores and RAM memory capacity can always stand improvement.

How are customer service and technical support?

From the time a ticket is created, technical support takes a while to respond, especially when compared with Cisco. In this area it is not so great. 

How was the initial setup?

The deployment was very easy. Since it concerns hardware, one only need plug in the firewall and bring it up by connecting the device. It is pretty easy and not time consuming. The deployment takes, perhaps, one hour. But, the configuration and machine learning are important. 

What's my experience with pricing, setup cost, and licensing?

The license can be renewed on an annual or tri-annual basis. The price is competitive. 

What other advice do I have?

The solution protects a web server with more than 1,000 users making use of the solution. 

The solution is good. It has a preferable price, stability and security, all which recommend it to other users. My only issue is with the machine learning. 

I rate Fortinet FortiWeb as an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Flag as inappropriate
Khalil AbdulrahmanAlasbahi
Customer Service & Support Manager at Natco Information technology
Real User
Top 5Leaderboard
Simple to set up with good technical support and the ability to scale

Pros and Cons

  • "We find that it is quite stable and reliable."
  • "The solution could offer more integration opportunities."

What is our primary use case?

We are primarily using the solution for our security applications as well as email and internet protection.

What is most valuable?

The product is very easy to use.

We find that it is quite stable and reliable. 

The solution can scale quite well.

The installation process is very simple. 

The technical support on offer is helpful.

What needs improvement?

The solution could offer more integration opportunities. 

For how long have I used the solution?

We started using the solution about five or so years ago. It's been a while at this point. 

What do I think about the stability of the solution?

The stability has been good over the years. It does not crash or freeze. There are no bugs or glitches. The performance is reliable. 

What do I think about the scalability of the solution?

The product does scale well. If a company needs to expand it, it can do so.

Some of our clients have over a hundred users. Others only have 50. the size of the setups varies. 

How are customer service and technical support?

We've had a good experience with technical support. They are helpful and responsive. We're quite satisfied with the level of service they provide. 

Which solution did I use previously and why did I switch?

We also currently use Cisco for some security and protection.

How was the initial setup?

We found the initial setup to be easy. It's straightforward. It's not complex or difficult at all. A company shouldn't have any issues with the setup at all.

The installation and deployment process is fast. It doesn't take more than a day.

We have two engineers on staff that can handle deployment and maintenance. 

What about the implementation team?

We have a team in-house that can manage it. We don't need the assistance of outside integrators or consultants. 

What's my experience with pricing, setup cost, and licensing?

We have a yearly subscription that we renew annually.

What other advice do I have?

We're using the latest version of the solution. I cannot speak to the exact version number, as I don't have it on hand. 

We're a company that helps implement this product for clients. 

At this time, I'd rate the product at an eight out of ten. We've largely been very satisfied with its capabilities. 

I'd recommend the product to other users and companies. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
AI
Network & Telecom Manager at a retailer with 1,001-5,000 employees
Real User
Top 5
Easy to use, and the all-in-license covers all of the features

Pros and Cons

  • "The most valuable feature is ease of use."
  • "I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device."

What is our primary use case?

I am using FortiWeb as a web application firewall and as a load balancer for HTTP applications. 

What is most valuable?

The most valuable feature is ease of use.

It has an all-in-one license, unlike F5 where you need separate licenses for the antivirus, IP reputation, denial of service attacks, etc. With FortiWeb, the all-in-one license is one of the most beneficial features.

What needs improvement?

I would like to see the Application Delivery Control (ADC) and Web Application Firewall (WAF) combined in one device. For example, if I have one device that costs $2,600 USD then it can have two licenses, where it can operate as a load balancer as well as a WAF.

For how long have I used the solution?

We have been using FortiWeb for three years.

What do I think about the stability of the solution?

This is a good solution, stability-wise.

What do I think about the scalability of the solution?

FortiWeb is a scalable product and we have about 3,000 users.

That said, we need to purchase a model with more capacity because this is a small one, and our business has expanded in the past three years.

How are customer service and technical support?

We have been in contact with technical support and we are satisfied with them.

Which solution did I use previously and why did I switch?

We did not use another similar solution before choosing FortiWeb.

How was the initial setup?

The initial setup is straightforward.

Any FortiWeb deployment needs about two weeks because when it is first implemented, in phase one, machine learning takes place. It is needed because every application needs some customization. FortiWeb needs approximately two weeks to build this profile. After that, an expert will do some fine-tuning on the profile and the appliance will start to work.

What about the implementation team?

During the deployment, we used a system integrator, but after that, we can manage it by ourselves. Our network team has seven people including one technician, one manager, and five administrators.

What's my experience with pricing, setup cost, and licensing?

There are no licensing costs.

What other advice do I have?

In summary, this is a good product and I can recommend it for others.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
LL
Network Engineer at a tech services company with 201-500 employees
Reseller
Top 20
User-friendly GUI, easy to configure, and technical support responds quickly

Pros and Cons

  • "The GUI is user-friendly."
  • "The integration with other products should be improved."

What is our primary use case?

We are a product reseller and this is one of the solutions that we provide for our customers. At this point, we have only implemented it for one customer.

What is most valuable?

The GUI is user-friendly.

It is easy to configure compared to solutions by other vendors, such as F5.

What needs improvement?

The integration with other products should be improved.

This product does not come with bare metal protection, so we need more network features. We don't want to be as dependent on a separate next-generation firewall.

The pricing could be made more competitive.

What do I think about the stability of the solution?

So far, the stability has been okay.

What do I think about the scalability of the solution?

We have not had a problem with scalability but we have only deployed it for one project.

How are customer service and technical support?

The technical support is very good and they are fast to respond.

Which solution did I use previously and why did I switch?

I have also worked with similar solutions by F5 and Barracuda. FortiWeb is easier to configure because the F5 product requires more technical knowledge. The Barracuda solution has the advantage that DDoS support is built-in and there is no need to integrate with other products.

How was the initial setup?

The initial setup is straightforward, although integration is more difficult. For example, if you want to have DDoS attack support then you need to integrate with the firewall. With the solution from Barracuda, the DDoS capability is already included.

What's my experience with pricing, setup cost, and licensing?

FortiWeb is more expensive than some competing products.

Which other solutions did I evaluate?

We have a lot of requests for Barracuda solutions from our customers. One of the reasons for this is that the pricing is cheaper by quite a lot.

What other advice do I have?

While I have not done comprehensive testing with FortiWeb, I have no complaints so far.

My advice for anybody who is considering this product is that if they are not very advanced in terms of technical training, this product is a good choice because it is very simple to implement.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Arash Azari Samani
Data Center Network Expert at TOSAN
Real User
Top 20
User-friendly and makes it easy to find vulnerabilities

Pros and Cons

  • "This product is very user-friendly."
  • "FortiWeb needs to have support for the newest technology being used in web applications."

What is our primary use case?

We are using FortiWeb for publishing web services and some web applications.

What is most valuable?

The interface makes it easy to identify vulnerabilities.

The best features for us are the signature services. The devices uses signatures for identifying vulnerabilities in web applications.

This product is very user-friendly.

The security is very good.

What needs improvement?

FortiWeb needs to have support for the newest technology being used in web applications. For example, some companies have developed new features using the latest technology, but we are still waiting for Fortinet to support them.

For how long have I used the solution?

I have been using FortiWeb for between four and five years.

What do I think about the stability of the solution?

The stability is very good and we're fortunate that we haven't had any issues.

What do I think about the scalability of the solution?

We have had no issues with scalability.

How are customer service and technical support?

We are in Iran and working under sanctions, which means that we cannot buy new American products and cannot get support. Companies usually buy devices that are second hand, or from a third-party, neither of which have support.

That said, my impression is that the support is good for companies who are eligible to use it.

How was the initial setup?

The initial setup was not complex. Like all Fortinet devices, it is user-friendly.

What's my experience with pricing, setup cost, and licensing?

Due to the situation in Iran with the sanctions, the price of this solution is very expensive.

Which other solutions did I evaluate?

The only other two web application firewall products that are available in my country are F5 and Imperva.

What other advice do I have?

This is a good product and I strongly recommend it, especially for companies in the banking industry.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.