Fortinet FortiWeb Overview

Fortinet FortiWeb is the #1 ranked solution in our list of top Web Application Firewalls. It is most often compared to Fortinet FortiADC: Fortinet FortiWeb vs Fortinet FortiADC

What is Fortinet FortiWeb?

FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using multi-layered and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats.

Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: May 2021

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Head of Security systems department at Zerde Business Solutions
Reseller
Good performance, easy setup and good UTM features like self-encryption

What is our primary use case?

All of our customers use it because they need a proxy solution. Fortinet provides us the best solution to do this. I don't believe that Check Point or Palo Alto can do what Fortinet does.

Pros and Cons

  • "All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet, FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features."
  • "New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems."

What other advice do I have?

I would rate it an eleven out of ten.
Senior Network Security Planning at Ooredoo Kuwait
Reseller
Top 5Leaderboard
Has a mechanism to detect all of your entries that aren't used and clean them up but they should have an antivirus option

What is our primary use case?

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS.

Pros and Cons

  • "When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up."
  • "I would like to have an antivirus option."

What other advice do I have?

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue.
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,151 professionals have used our research since 2012.
DD
Network Security Engineer at a tech services company with 11-50 employees
Real User
Top 10
Anti-defacement feature intelligently handles complete website backup

What is our primary use case?

We are a system integrator so we propose FortiWeb to our clients who are looking to protect their public web applications like e-banking platforms, teleservice, and so on.

Pros and Cons

  • "Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."
  • "FortiWeb does not exist in a cloud-based form. Its only available for deployment as a virtual appliance on AWS and Azure IaaS platforms. Because of the trend to WAF environments, it would be good to have it as a SaaS. Also, FortiWeb would be more competitive if it combined WAF and DDoS protection."

What other advice do I have?

I rate FortiWeb at eight out of 10 because it is good at what it does but I think it could do more, like combining DDoS protection.
CEO at a tech services company with 11-50 employees
Real User
Protects our customers' web infrastructure environment

How has it helped my organization?

Fortinet FortiWeb has improved my organization by protecting our customers' web infrastructure environment.

What is most valuable?

The most valuable feature is the web application firewall (WAF).

What needs improvement?

Their support needs improvement.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

I would rate their technical support as a nine out of 10.

Which solution did I use previously and why did I switch?

We previously used NetScaler.

How was the initial setup?

The initial setup was straightforward. …
DJ
Network System Administrator at a tech services company with 201-500 employees
Real User
Protected our web servers from outside attacks. Certificates were deleted when firmware was upgraded.

Pros and Cons

  • "We were able to protect our web servers from outside attacks."
  • "The false positives are annoying.​"
  • "I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.​"

What other advice do I have?

It is a really good product. It is worth using in your network.
FS
Technical Advisor at a tech services company with 51-200 employees
Real User
L-7 protection safeguards legacy servers/applications without changing application code

Pros and Cons

  • "Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself."
  • "SSL Offloading simplifies the public certificate handling and brings additional protection features."
  • "L-7 protection makes possible to protect legacy/not up-to-date servers/applications without changing the application code."
  • "Centralized management of multiple devices, and GUI improvement, could reduce the learning curve."
  • "The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions."
  • "Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."

What other advice do I have?

I rate it eight out of 10. I understand that a 10 is for products that not only execute smoothly but are also easy to use and manage, even when used on a multi-site corporation. Take at least the Fortinet online course, or make sure that your reseller has experienced professionals.
Viznet Bilişim Hizmetleri
Real User
Auto Learn makes policy additions or deletions for my customers very simple​

Pros and Cons

  • "Auto Learn feature: Makes policy additions or deletions for my customers very simple​"
  • "HA Architecture needs improvement. I would improve it by working on AP HA."

What other advice do I have?

Here's how I would break down my rating of this product: * Session Management: 10 out of 10 * Security: 10 out of 10 * Stability: 10 out of 10 * Health check feature: eight out of 10. If your goal is security, FortiWeb is your best choice.
Technology Consultant at a tech services company with 11-50 employees
Consultant
Detection engine provides a high rate of exposure of web attacks

Pros and Cons

  • "High-performance and detection engines, provide a high rate of exposure of web attacks."
  • "FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure."
  • "Integration and learning about attacks. I would improve these areas by making FortiWeb integrate with other network technologies and feedback from multiple platforms."

What other advice do I have?

FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure. I would advise requesting a PoC test with a learning policy.
Security Consultant at a tech services company with 11-50 employees
Consultant
Give us built-in security templates, strong threat intelligence, and is AV integrated

Pros and Cons

  • "Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.)."
  • "Built-in security templates, AV integrated, strong threat intelligence."

    What other advice do I have?

    Be sure to look at industry reviews, they have good knowledge about threat intelligence.
    Security Consultant at Accenture
    Real User
    It has provided stability to applications. The hardware is not sturdy.

    What is most valuable?

    Application delivery is strong.

    How has it helped my organization?

    It has provided stability to applications.

    What needs improvement?

    The hardware does not measure up. Fortinet does not have sturdy hardware.

    For how long have I used the solution?

    I have been using it for three years.

    Which solution did I use previously and why did I switch?

    My client was using it when we took over operation of the project.

    What's my experience with pricing, setup cost, and licensing?

    The price is not too low and it’s not too high.

    Which other solutions did I evaluate?

    I did not evaluate other options. This product was already implemented.

    What other advice do I have?

    Check the market before implementing it... because I didn’t get the chance to do so.
    Head of Security at a tech company with 1,001-5,000 employees
    Vendor
    If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.

    What other advice do I have?

    Look at the PRICE and the PERFORMANCE.
    Network Engineer at a mining and metals company with 1,001-5,000 employees
    Vendor
    It can bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels. The user interface and update/support is not quite user-friendly.

    What other advice do I have?

    It is an easy-to-manage, great product for a small office.
    IT Admin at a comms service provider with 1,001-5,000 employees
    Vendor
    I set it up on my own. I'd like to see improvements in its internet and servers features.

    What is most valuable?

    Firewall policy

    What needs improvement?

    Internet Servers

    For how long have I used the solution?

    I have used it for a year and a half.

    What do I think about the stability of the solution?

    We had one stability issue when I ran it once with Wireshark; it froze.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    I cannot rate technical support because I have not used it yet.

    Which solution did I use previously and why did I switch?

    I switched from SonicWALL to Fortinet. I am happier now.

    How was the initial setup?

    Initial setup was not that difficult. It was different to my previous solution; I could do it on my own.

    Which other solutions did

    Information Security Expert at a financial services firm with 501-1,000 employees
    Vendor
    It helps us protect our web and database servers from being penetrated from outside the office.

    What other advice do I have?

    In my opinion, the FortiGate appliances, and especially the D series, are really powerful ones and worth providing for your network.
    Security Expert at a tech services company
    Consultant
    Next-gen firewall and built-in server load balancing. A BYOD feature is missing.

    What other advice do I have?

    It is a good option, keeping in mind pricing and features.
    Network Administrator at a local government with 501-1,000 employees
    Real User
    It’s an all-in-one solution that gives more Wi-Fi control capability.

    What other advice do I have?

    Look at sizing. And if you are a 24/7/365 shop, get two for HA.
    IT Support Engineer at a consumer goods company with 51-200 employees
    Real User
    You can set QoS according to application priority.

    What other advice do I have?

    FortiNet shows me the health of the entire network. Evaluate how you would use FortiNet UTM. Look for the solution which fits your business infrastructure requirements such as VPNs, firewalls, application and web filtering, throughput, and most of all, which device which gives you the best performance.
    Senior Developer, Project Manager at FPT Software
    MSP
    It makes our web site system work nice and smooth. The UI is a little complicated for new users.

    What is most valuable?

    Firewall Load balancing

    How has it helped my organization?

    It makes our web site system work nice and smooth.

    What needs improvement?

    The UI is a little complicated for new users.

    For how long have I used the solution?

    I have been using it for over a year.

    What do I think about the stability of the solution?

    I have not yet encountered any stability issues.

    What do I think about the scalability of the solution?

    I have not yet encountered any scalability issues.

    How are customer service and technical support?

    I have even contacted technical support once.

    Which solution did I use previously and why did I switch?

    My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we…
    Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    At first, it helped us publish e-banking services, but we soon discovered it was an easy way to deploy other internal websites in an intranet style.

    What other advice do I have?

    I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.
    Information Security Leader at a government
    Vendor
    It has helped us prevent exploitation of vulnerabilities while we are working on code. Signatures are basic and prone to firing false positives.

    What other advice do I have?

    It has a good quality/price relationship. The web vulnerability scan module is useless.
    Senior Information Security Engineer with 1,001-5,000 employees
    Vendor
    With Layer 7 server load balancing, it makes decisions based on the content of messages. It also can offload slow connections from the upstream servers.

    What other advice do I have?

    It is a great product, but be careful with version upgrades.
    Director with 51-200 employees
    Vendor
    Other firewalls are just as good, but this product is at a much better price point.

    What other advice do I have?

    Evaluate the product first and compare it to what you are used to and what you want. It provides very good value for money, but if the budget were there, I would probably choose another vendor in certain circumstances.
    Senior Analyst at a financial services firm with 1,001-5,000 employees
    Real User
    20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements. Product support is a major concern.

    What other advice do I have?

    Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives. Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.