Fortinet FortiWeb Overview

Fortinet FortiWeb is the #1 ranked solution in our list of top Web Application Firewalls. It is most often compared to Fortinet FortiADC: Fortinet FortiWeb vs Fortinet FortiADC

What is Fortinet FortiWeb?

FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using multi-layered and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats.

Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: January 2021

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Pricing Advice

What users are saying about Fortinet FortiWeb pricing:
  • "The solution gives us the best price to performance ratio."
  • "It is an expensive suite and it is an expensive solution, but it is a manageable one for an enterprise."
  • "There are no costs in addition to the standard licensing fees."
  • "All our Fortinet pricing is bundled together for different products, like FortiGate, FortiAnalyzer, and FortiWeb. FortiWeb, by itself, is probably around $2,500 to $3,500."
  • "Its subscription prices are cheaper, and it is not very expensive. From a price perspective, Fortinet is a very well-known security vendor. Subscriptions are very simple. They have a couple of licenses on an appliance, and that's it. The cost is not that big. One license is 40K, which they give with all the products. Another one includes the subscriptions for threat prevention, IPS, sandboxing, etc, which is more than enough."

Fortinet FortiWeb Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
FrtiWeb677
System Engineer at a tech services company with 11-50 employees
Real User
Jul 11, 2019
Good pricing, and provides for faster and more secure application deployment

What is our primary use case?

I primarily use this solution for the protection of our applications. We chose Fortinet because you can check an application and deploy it in real time. We use the WAF solution from Fortinet to protect against new exploits discovered. Within Fortinet, there is a way to secure such bugs and exploits in the application we're running.

Pros and Cons

  • "The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability."
  • "We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point."

What other advice do I have?

The interface has been a pain in the past but now with the later version, 2.2, the user behavior analysis has improved. Before when you want to deploy an application, for example, you needed to have a login page and make sure to search for the user behavior and all the interactions. That way, you could generate flexible usage for that application. Now that's automated, so apart from that, there's no huge report or feature that we would like to improve. I would rate this product a ten out of ten.
BrianFortington
GRC Security Consultant at Ionize
Consultant
Top 10
Oct 11, 2020
This flexible suite solves compliance problems but that comes at a cost

What is our primary use case?

Normally I deal with on-premises installations. The firewalls are always on-prem for government departments. In a recent case, I was looking at a cloud solution because it was what the client preferred. So it was the Fortinet rules applied to an AWS solution. I was looking at the architecture around becoming an IRAP (Information Security Registered Assessors Program) certified program and I was looking at the AWS firewalls around how it would be able to comply with the ISM (International Safety Management) standards.

Pros and Cons

  • "If I need something from tech support, I can get it answered within the hour."
  • "Both the internal firewall management and the cloud can be managed by a single console."
  • "It costs too much."
  • "It is not entirely user-friendly."

What other advice do I have?

My advice to people would be to evaluate the marketplace against your requirements and choose appropriately. Fortinet does operate at the enterprise level. It is listed on the Australian standard and it does carry Australia's approval for common criteria. So it does address the requirements needed for security for the assessments. Not every product can. On a scale from one to ten (where one is the worst and ten is the best), I would rate this Fortinet solution as a seven-out-of-ten because of user administrative controls, usability, and price.
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
457,209 professionals have used our research since 2012.
E Beernink
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
Real User
Top 20
Jul 15, 2019
Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet

What is our primary use case?

We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.

Pros and Cons

  • "It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
  • "The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures."

What other advice do I have?

Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb. In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution. I would rate this solution eight out of 10.
reviewer1429443
Technical Presales Engineer at a comms service provider with 11-50 employees
Real User
Top 10
Oct 19, 2020
Stable with a simple deployment and lots of extra features

What is our primary use case?

We primarily use the solution for configuration and structuring policy.

Pros and Cons

  • "The solution has a very simple deployment."
  • "It may be better if it were easier to create roles."

What other advice do I have?

We're using the latest version of the solution. Usually, for our security programs, I'm using on-prem. For now, in my experience, the typical Indonesian customer is using on-prem, as they worry about using the cloud, as the data cannot be stored in HR and it's actually often stored in another country. It's my understanding that we'll continue to use the solution for a while to come. Overall, I would recommend the product. On a scale from one to ten, I'd rate it at an eight. If it had a better interface and/or better pricing, I might rate it a bit higher.
MohamedTaha
Cyber Security Division Manager at 3SC Security Solutions Services and Consultant
Real User
Top 5
Nov 29, 2020
Simple to use with a good user experience, and it provides complete security in a single product

What is our primary use case?

We are using this product to protect something similar to an online banking network.

Pros and Cons

  • "The most valuable feature is that this product represents a whole solution, including a WAF, and even anti-defacements."
  • "The initial setup in our data center was somewhat complex."

What other advice do I have?

FortiWeb is a security product that I can recommend. My advice for anybody who is implementing this type of solution is not to simply believe the words of the vendors. Test the product in your environment and then you can select the best one for your needs. A lot of vendors nowadays will tell you that they are the best, but the best thing to do is test each of the products inside your network. The roadmap that the vendor has for this product is good. They have a lot of extra features that they are developing for future releases. They have an amazing R&D team, they know the competition, and…
reviewer845136
IT Infrastructure Manager with 201-500 employees
Real User
Top 5
May 14, 2020
The learning mode of the appliance picks up on the pattern of SSL attacks

What is our primary use case?

We use it mostly to secure our web platform for things like Internet banking, email, and SMTP. It is for anything that is external coming into our internal network.

Pros and Cons

  • "I have recently been looking at the SSL certificate features and the learning mode of the appliance. This appliance learns from the pattern of SSL attacks."
  • "We would like the interface to be easier to use and more user-friendly. The interface needs to be enhanced."

What other advice do I have?

The type of product you get depends on what you want to protect, how you want to protect it, and how many people will be accessing FortiWeb. What we have now is working fine. I would rate FortiWeb as an eight (out of 10).
Giorgi Sakhokia
Information Security Officer at State Audit Office
Real User
Top 5
Dec 15, 2020
Flexible, easy to learn and configure, and has almost everything that a web application firewall needs

What is our primary use case?

We have been testing FortiWeb in our environment. We have it on virtual machines. We used it to block requests from some geographical locations or certain countries. It is very important for us because many attack attempts, logs, and events were generated from those geographical locations. Our country has some political difficulties in the region with other countries.

Pros and Cons

  • "It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
  • "When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."

What other advice do I have?

We like the product, but we haven't yet decided to purchase it because we don't have the budget for now. We will express our preferences towards FortiWeb to our top management, and it will be decided by them. We will suggest to them that it is a good product. I would rate Fortinet FortiWeb a nine out of ten.
reviewer1257849
Senior Information Security Consultant at a comms service provider with 501-1,000 employees
Consultant
Top 5Leaderboard
Oct 21, 2020
Integrates very well and easy to use, configure, and manage

What is our primary use case?

We have deployed a couple of projects for our customers to protect their online e-commerce systems. They have web-based applications for online ordering, for example, for online ordering from a hypermarket. It seems to be a very good solution. We have replaced the existing Barracuda devices of a customer. We deal with the latest version of Fortinet FortiWeb.

Pros and Cons

  • "The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features. It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product."
  • "They could improve their support a little bit for faster response time."

What other advice do I have?

Fortinet FortiWeb is rated as one of the top WAF devices in many of the independent research reports. Our customers find Fortinet FortiWeb much better than other solutions. We plan to continue using this solution if an opportunity is there. It depends on the customer's requirements. If a customer is going for an online e-commerce website, we would always recommend going with Fortinet FortiWeb. I would rate Fortinet FortiWeb an eight out of ten.
See 14 more Fortinet FortiWeb Reviews
Buyer's Guide
Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.