We just raised a $30M Series A: Read our story

Fortinet FortiWeb OverviewUNIXBusinessApplication

Fortinet FortiWeb is the #1 ranked solution in our list of top Web Application Firewalls. It is most often compared to Fortinet FortiADC: Fortinet FortiWeb vs Fortinet FortiADC

What is Fortinet FortiWeb?

FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using multi-layered and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats.

Fortinet FortiWeb Buyer's Guide

Download the Fortinet FortiWeb Buyer's Guide including reviews and more. Updated: October 2021

Fortinet FortiWeb Customers

Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG

Fortinet FortiWeb Video

Archived Fortinet FortiWeb Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Yousef Altaj
Tech Manager at Global tec
Reseller
Top 20
Problematic licensing requires upgrades at scale with additional expense for advanced features

Pros and Cons

  • "FortiWeb offers machine learning in the latest product. This fixed many problems. There are no false negatives."
  • "Fortinet FortiWeb is not scalable. You'll need more budget to change the hardware."

What is our primary use case?

We are partners with Fortinet. We specialize in power customers. We use many products like FortiGate, FortiWeb, FortiAnalyzer, FortiSIEM, and FortiSandbox.

All the FortiGate products are new, even the Fortinet switches we are selling to our customers. We also install and configure the network for our customers.

How has it helped my organization?

With this product, you can secure all the Fortinet products together. I'm an entrepreneur. Most people fail in the publication of a firewall.

What is most valuable?

FortiWeb offers machine learning in the latest product. Before that, there was an auto-learning feature. This fixed many problems. There are no false negatives now. 

Fortinet FortiWeb now has artificial intelligence and machine learning.

What needs improvement?

What I would like to see improved in Fortinet FortiWeb will probably be included in the next release. The legal feature needs better step-by-step use of the form. 

We use the FortiGate guidebook for step-by-step instructions. But the FortiWeb guidebook is only is a demonstration kit which is not enough for a new installation.

What do I think about the stability of the solution?

FortiWeb is a stable solution.

What do I think about the scalability of the solution?

Fortinet FortiWeb is not scalable. There is a model and a license if you want to use it. You'll need more budget to change the hardware. FortiWeb is not scalable on the same plan.

How was the initial setup?

The initial setup is not simple for all the products. Some Fortinet products vary, but overall it is straightforward.

What other advice do I have?

In the version of Fortinet FortiWeb that we have, it does not include the scanner. We cannot access every feature. If you have all the popular products, you can use the system perfectly to connect everything. 

Fortinet can improve the security firebase in support for HTTPS and the CPU with additional configurations. On a scale from 1 to 10, I would rate Fortinet FortiWeb a two.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
E Beernink
Netwerk and Security Specialist at a healthcare company with 501-1,000 employees
Real User
Offers great insights into what utility hackers are trying to exploit and blocks a lot from the internet

Pros and Cons

  • "It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
  • "The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures."

What is our primary use case?

We have our webmail, a private drop off solution, a video clip for our users to upload, and share company videos, all with FortiWeb.

What is most valuable?

It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet.

What needs improvement?

The solution is rather complicated. If you know what to do, it's not bad, but it's complicated for a first time user to configure the solution. What I'd like to improve are the custom signatures. If you want a good security solution, you have to get in kicking high for things that are getting blocked and you have to whitelist some signatures to make things work. It's a time-consuming thing to do. It would be nice to whitelist private IP ranges and see which signatures are hit and whitelist them automatically - which I think is possible to do. 

It would also be nice to have some extra security in the solution. I just upgraded to 6.0 and there were some security additions, but it would be nice to have some more and be able to configure them in the right way. Specifically, an updated security policy would be nice.

For how long have I used the solution?

I've been using the solution for 2.5 years.

What do I think about the stability of the solution?

It's really stable. There was only one issue in the past two and a half years and with the help of the technical support from Fortinet, it was quickly fixed.

What do I think about the scalability of the solution?

We do have a small team but I think it's scalable. You can upgrade to a higher level, you can take it to a higher visibility mode. I think it's a very scalable solution. We have around 1,000 users using this solution.

How are customer service and technical support?

The technical support is very good.

How was the initial setup?

The initial setup was rather straightforward because we had some help setting up the unit in the first place. The initial setup, if you're using a VM, is really easy to roll out, if you know the Fortinet command line. It's not easy to configure an IP address and get it started. Then there was a rather steep learning curve in what you exactly have to do to have a really secure solution. It's rather easy to make it a reverse proxy and do nothing, but to get it monitoring in the right way, it takes some time. You have to think about it.

Deployment was a one-time setup. I think it took us about two days including one solution for configuring. For now, there is a new solution we need behind FortiWeb, and I think it takes about four to eight hours to set up. We require just one staff member for maintenance.

What's my experience with pricing, setup cost, and licensing?

You can set up licensing on a monthly or yearly basis. I'm not sure about pricing.

What other advice do I have?

Every external solution acceptable for work will use FortiWeb. We do have three or four FortiWeb solutions now and if there is anything we need to share through the internet, it's going to be through FortiWeb.

In terms of advice, I'd say take a good look at the support side of the help documents. There a very good document cycle on the Fortinet website. There's a lot of information. Get to know the solution.

I would rate this solution eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Fortinet FortiWeb. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
MB
System Engineer at a tech services company with 11-50 employees
Real User
Good pricing, and provides for faster and more secure application deployment

Pros and Cons

  • "The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability."
  • "We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point."

What is our primary use case?

I primarily use this solution for the protection of our applications. We chose Fortinet because you can check an application and deploy it in real time. We use the WAF solution from Fortinet to protect against new exploits discovered. Within Fortinet, there is a way to secure such bugs and exploits in the application we're running.

What is most valuable?

The most valuable feature in this solution is the ability to disseminate between the user entering some wrong value to the field, and a suspicious actor trying to exploit some known vulnerability. This part of the intelligence and behavioral analysis makes it very easy to tell if the user just used a few wrong characters in the field or not. It also checks to see if different characters are being entered very quickly, and can tell whether the user is actually typing something.

Another feature is the possibility to balance the traffic and there's lots of integration with your sandbox.

What needs improvement?

We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point. But, from what I understand, we haven't looked at the market to see how this can be done yet.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

In terms of stability, we haven't had a crash or malfunction.

What do I think about the scalability of the solution?

We've used the solution for two years and it's been okay.

We are operating at approximately sixty percent capacity. The solution is used all the time, but you can measure this because there are different boxes that you can buy for different levels. In our case, we keep some at thirty to forty percent available. In order to be able to watch an application and protect a larger amount of traffic, we keep it at this level. So we're good on this scalability or performance side.

How are customer service and technical support?

We haven't had any technical issues, because it was designed as specified in the documentation. I know we have local support, so if there is an issue we can call and escalate the call to get the support if there is a problem. We are within the warranty service period, so from this side, we are comfortable with this solution.

Which solution did I use previously and why did I switch?

We did use another solution, but, compared with the competition, we got the best ratio of performance to price when we chose Fortinet. We could use F5, for example, but the price is not as good.

How was the initial setup?

The setup for one application is sort of complex but based on the automatic profiling, they're learning. You are provided with a set of policies that meet best practices and security recommendations, so you are good to go in a very short time.

What about the implementation team?

We did the implementation ourselves. It was not required to have some higher level of expertise order to implement. There were no functions that were not documented, so we didn't need any outside party involved with this process.

What's my experience with pricing, setup cost, and licensing?

The solution gives us the best price to performance ratio.

What other advice do I have?

The interface has been a pain in the past but now with the later version, 2.2, the user behavior analysis has improved. Before when you want to deploy an application, for example, you needed to have a login page and make sure to search for the user behavior and all the interactions. That way, you could generate flexible usage for that application. Now that's automated, so apart from that, there's no huge report or feature that we would like to improve.

I would rate this product a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DI
SE at a tech vendor with 11-50 employees
Real User
Top 20
The firewall/waf features, GUI for administration, and licensing support all need improvements

Pros and Cons

  • "What we like about Fortinet FortiWeb is it has all the features. We use all of them, so we have to turn on all the options."
  • "Fortinet FortiWeb needs to improve the way it's configured. Common services like publishing exchange should be done in one click only."

What is our primary use case?

Publishing Web application, Exchange, Lotus Domino. Some microservices. 

How has it helped my organization?

Fortiweb improved way people work and access internal resources based on http/https communication. 

What is most valuable?

It depends on the project and what the customer is looking for. 

What needs improvement?

First of all, upgrade path should be introduced for scaling up or down VM deployment. Second, they need to include better wizards for publishing common applications like MS Exchange. 

.

For how long have I used the solution?

I have been using Fortinet products for 15 years or more.

What do I think about the stability of the solution?

Fortinet FortiWeb has been extensively used by us previously, but we are going to decrease the usage now because of cost. 

What do I think about the scalability of the solution?

Fortinet FortiWeb is scalable but you have to do forklift upgrades. 

How are customer service and technical support?

Fortinet has had some rough times. When they started expanding a bit, they completely screwed up their support system. The support had no clue what they were doing except just asking dumb questions. Now is bit different since Fortinet consolidated their support but still you need to pass L1 support quickly. 

How was the initial setup?

Even from the early days, Fortigate/Fortiweb was easy to set up. It had an ugly interface but it has been improved every year. 


What about the implementation team?

I deliver different security solution to customers. 

What's my experience with pricing, setup cost, and licensing?

The license cost depends on the size of the box or the size of the solution. It can go from few K Euros to a few hundred thousand Euros a year depending on your size.

What other advice do I have?

If you are looking to be partner with Fortinet, you have to buy licenses. Not even VMs are free to partners.  

Fortiweb in essence, needs to become part of Fortigate. Fortinet is not suitable for SMB customers since you have to deploy several boxes in order to get thing right. Also, speed of deployment is important and that isn't fast with many boxes. 

On a scale from one to ten, I would rate this product a solid seven. It's a good product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RafigFeizullayev
Head of Security systems department at Zerde Business Solutions
Reseller
Good performance, easy setup and good UTM features like self-encryption

Pros and Cons

  • "All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet, FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features."
  • "New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems."

What is our primary use case?

All of our customers use it because they need a proxy solution. Fortinet provides us the best solution to do this. I don't believe that Check Point or Palo Alto can do what Fortinet does. 

How has it helped my organization?

There's a high school with many branches in our country. I configured it for them and they are very happy with Fortinet. Fortinet's performance is very good. 

What is most valuable?

All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet: FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features.

What needs improvement?

New releases and old releases have some bugs, some features do not work as good as we want but every new release the Fortinet team fixes up problems. I don't have anything to say about what to do to improve this product. It's a great solution for us.

What do I think about the scalability of the solution?

Scalability is very good. Our customers that use Fortinet have two thousand local users.

How are customer service and technical support?

Any problems that our customers have, they first call me and I support them. If I can't solve a problem I create a ticket. This happens very rarely. Their technical support is very good because they always help me.

How was the initial setup?

The initial setup is very simple to configure. Our customers are very happy with that.

The time it takes to deploy depends on how deep our project is. Sometimes it can take a week and sometimes a month. Minimum a week though.

What about the implementation team?

All Fortinet products that we sell, I deploy by myself.

What's my experience with pricing, setup cost, and licensing?

The licensing policy is very good. Our customers are very happy with that.

Which other solutions did I evaluate?

When our customers ask about Palo Alto we can sell them a Palo Alto but we try to explain that Fortinet is a great solution. 

What other advice do I have?

I would rate it an eleven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Oliver Rodrigues
Senior Network Security Planning at Ooredoo Kuwait
Reseller
Has a mechanism to detect all of your entries that aren't used and clean them up but they should have an antivirus option

Pros and Cons

  • "When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up."
  • "I would like to have an antivirus option."

What is our primary use case?

Our primary use case is as a firewall. We use a lot of Fortinet products. We have email security and FortiGate IPS. 

How has it helped my organization?

When we had Cisco we had around thirty thousand entries on our firewalls. Now we are down to three thousand. Fortinet has a mechanism to detect all of your entries which are not used, and it can clean it up.

What is most valuable?

The most valuable features are the access policies and how Fortinet gets the compilation done is really good.

What needs improvement?

I would like to have an antivirus option. 

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Stability is very good. 

What do I think about the scalability of the solution?

We haven't had any issues with scalability. You can scale up easily. 

How are customer service and technical support?

Their technical support is good. 

Which solution did I use previously and why did I switch?

We previously used Cisco. We switched because all they are is a brand name. It was a failure. We gave it a year to improve the product and it didn't so we switched. 

How was the initial setup?

The initial setup was straightforward. The deployment didn't take much time. The support guys were really good. The transition from Cisco to Fortinet was a bit challenging but they had tools to make it easier. 

We require three staff for the deployment and maintenance. 

What about the implementation team?

We are the resellers. 

What other advice do I have?

I would rate it a seven out of ten. A seven and not a ten because of the antivirus issue. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
DD
Network Security Engineer at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Anti-defacement feature intelligently handles complete website backup

Pros and Cons

  • "Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."
  • "FortiWeb does not exist in a cloud-based form. Its only available for deployment as a virtual appliance on AWS and Azure IaaS platforms. Because of the trend to WAF environments, it would be good to have it as a SaaS. Also, FortiWeb would be more competitive if it combined WAF and DDoS protection."

What is our primary use case?

We are a system integrator so we propose FortiWeb to our clients who are looking to protect their public web applications like e-banking platforms, teleservice, and so on.

How has it helped my organization?

A customer said to us that before FortiWeb they regularly had to back up their whole website folder to prevent defacement and ransomware. Now, with the FortiWeb Anti-defacement feature, this process is handled more intelligently, as FortiWeb does it for them.

What is most valuable?

Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.).

What needs improvement?

FortiWeb does not exist in a cloud-based form. Its only available for deployment as a virtual appliance on AWS and Azure IaaS platforms. Because of the trend to WAF environments, it would be good to have it as a SaaS. Also, FortiWeb would be more competitive if it combined WAF and DDoS protection.

For how long have I used the solution?

One to three years.

What other advice do I have?

I rate FortiWeb at eight out of 10 because it is good at what it does but I think it could do more, like combining DDoS protection.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Paula Wong
CEO at a tech services company with 11-50 employees
Real User
Protects our customers' web infrastructure environment

How has it helped my organization?

Fortinet FortiWeb has improved my organization by protecting our customers' web infrastructure environment.

What is most valuable?

The most valuable feature is the web application firewall (WAF).

What needs improvement?

Their support needs improvement.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

I would rate their technical support as a nine out of 10.

Which solution did I use previously and why did I switch?

We previously used NetScaler.

How was the initial setup?

The initial setup was straightforward. …

How has it helped my organization?

Fortinet FortiWeb has improved my organization by protecting our customers' web infrastructure environment.

What is most valuable?

The most valuable feature is the web application firewall (WAF).

What needs improvement?

Their support needs improvement.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

I would rate their technical support as a nine out of 10.

Which solution did I use previously and why did I switch?

We previously used NetScaler.

How was the initial setup?

The initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable.

Which other solutions did I evaluate?

Not applicable.

What other advice do I have?

Evaluate this product against other vendors out there.

We were previously a partner.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DJ
Network System Administrator at a tech services company with 201-500 employees
Real User
Protected our web servers from outside attacks. Certificates were deleted when firmware was upgraded.

Pros and Cons

  • "We were able to protect our web servers from outside attacks."
  • "The false positives are annoying.​"
  • "I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.​"

How has it helped my organization?

We were able to protect our web servers from outside attacks. It has really helped us with publishing servers which were published on Microsoft Forefront TMG.

What is most valuable?

All of its feature are valuable to us. If you ask me which is the most valuable, it is the load balancing, then I would say the security features. Publishing OWA is also a good feature.

What needs improvement?

We started with FortiWeb400C, then we did an upgrade to FortiWeb 400D. I had some small problems when I was upgrading firmware. After the upgrade, some of my certificates were deleted.

The false positives are also annoying.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We did not encounter with any stability issues.

What do I think about the scalability of the solution?

We did not encounter with any scalability issues.

How are customer service and technical support?

Fortinet technical support is really good. I would give them a nine out of 10.

Which solution did I use previously and why did I switch?

We did not use a WAF before. We used Microsoft TMG, but it is not a WAF.

How was the initial setup?

Initial setup is straightforward, and it is not too complex.

What's my experience with pricing, setup cost, and licensing?

It really pays off to buy licences for multiple years.

Which other solutions did I evaluate?

No.

What other advice do I have?

It is a really good product. It is worth using in your network.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partners.
FS
Technical Advisor at a tech services company with 51-200 employees
Real User
L-7 protection safeguards legacy servers/applications without changing application code

Pros and Cons

  • "Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself."
  • "SSL Offloading simplifies the public certificate handling and brings additional protection features."
  • "L-7 protection makes possible to protect legacy/not up-to-date servers/applications without changing the application code."
  • "Centralized management of multiple devices, and GUI improvement, could reduce the learning curve."
  • "The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions."
  • "Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."

How has it helped my organization?

Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself.

What is most valuable?

SSL Offloading, as it simplifies the public certificate handling and brings additional protection features. 

Also, L-7 protection, as it makes possible to protect legacy/not up-to-date servers/applications without changing the application code.

What needs improvement?

  • Centralized management of multiple devices, and GUI improvement, could reduce the learning curve. 
  • The interface could have the interdependent elements arranged sequentially and wizards that go through most common deployment actions. 
  • Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability. (Actually, our traffic usually does not reach 50% of unit capacity).

How are customer service and technical support?

Good. Usually takes one day to get over all the assessment procedures to start to handle the issue.

Which solution did I use previously and why did I switch?

The previous vendor discontinued its product.

How was the initial setup?

A little bit complex, as understanding the GUI arrangement and terms took more time and effort than we expected.

What's my experience with pricing, setup cost, and licensing?

Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes.

Which other solutions did I evaluate?

We acquired a Fortinet-based project, so we didn’t evaluate other ones.

What other advice do I have?

I rate it eight out of 10. I understand that a 10 is for products that not only execute smoothly but are also easy to use and manage, even when used on a multi-site corporation.

Take at least the Fortinet online course, or make sure that your reseller has experienced professionals.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user821967
Viznet Bilişim Hizmetleri
Real User
Auto Learn makes policy additions or deletions for my customers very simple​

Pros and Cons

  • "Auto Learn feature: Makes policy additions or deletions for my customers very simple​"
  • "HA Architecture needs improvement. I would improve it by working on AP HA."

How has it helped my organization?

Security.

What is most valuable?

  • Web application security features, because they are more effective
  • Stability 
  • Auto Learn feature: Makes policy additions or deletions for my customers very simple

What needs improvement?

HA Architecture. I would improve it by working on AP HA.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with stability, with the true network topology.

How are customer service and technical support?

I am Fortinet expert, but L4 support is working very well.

Which solution did I use previously and why did I switch?

Previously used F5, NetScaler, Imperva. Other products feature LB WAFs, so a limited WAF feature. This product's primary feature is WAF. I chose this product because it prioritizes security.

How was the initial setup?

Very complex. More security features.

What's my experience with pricing, setup cost, and licensing?

Cheaper than others.

Which other solutions did I evaluate?

F5, NetScaler, Imperva and Squid.

What other advice do I have?

Here's how I would break down my rating of this product:

  • Session Management: 10 out of 10 
  • Security: 10 out of 10 
  • Stability: 10 out of 10
  • Health check feature: eight out of 10.

If your goal is security, FortiWeb is your best choice.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
FabiolaOliveros
Technology Consultant at a tech services company with 11-50 employees
Consultant
Detection engine provides a high rate of exposure of web attacks

Pros and Cons

  • "High-performance and detection engines, provide a high rate of exposure of web attacks."
  • "FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure."
  • "Integration and learning about attacks. I would improve these areas by making FortiWeb integrate with other network technologies and feedback from multiple platforms."

How has it helped my organization?

Mitigation of attacks and thefts in an online banking platform.

What is most valuable?

High-performance and detection engines, because of their high rate of exposure of web attacks.

What needs improvement?

Integration and learning about attacks. I would improve these areas by making FortiWeb integrate with other network technologies and feedback from multiple platforms.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

The equipment is dimensioned as a function of servers traffic. To scale on the platform it is necessary to acquire superior models.

How is customer service and technical support?

Excellent.

How was the initial setup?

It was simple and functional.

What's my experience with pricing, setup cost, and licensing?

FortiWeb can be purchased in VM mode for a lower price and the same features.

Which other solutions did I evaluate?

The WAF module of F5 was evaluated.

What other advice do I have?

FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure.

I would advise requesting a PoC test with a learning policy.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user818139
Security Consultant at a tech services company with 11-50 employees
Consultant
Give us built-in security templates, strong threat intelligence, and is AV integrated

Pros and Cons

  • "Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.)."
  • "Built-in security templates, AV integrated, strong threat intelligence."

    How has it helped my organization?

    With other vendors you need to go through a learning period. With FortiWeb you can just apply a high-security profile and move on. It's very easy to reduce false positives.

    What is most valuable?

    • Built-in security templates
    • AV integrated
    • Strong threat intelligence

    Also, if you serve files or you accept files with your server, Fortiweb has built-in antivirus. The Fortinet product family also provides good IP intelligence (botnet C&C, etc.).

    Requires very little effort to add device to topology or replace existing WAF device with FortiWeb.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    No issues with stability.

    What do I think about the scalability of the solution?

    No issues with scalability.

    How are customer service and technical support?

    Eight out of 10.

    Which solution did I use previously and why did I switch?

    F5, A10, KEMP.

    How was the initial setup?

    It's very easy.

    What other advice do I have?

    Be sure to look at industry reviews, they have good knowledge about threat intelligence.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Security Consultant at Accenture
    Real User
    It has provided stability to applications. The hardware is not sturdy.

    What is most valuable?

    Application delivery is strong.

    How has it helped my organization?

    It has provided stability to applications.

    What needs improvement?

    The hardware does not measure up. Fortinet does not have sturdy hardware.

    For how long have I used the solution?

    I have been using it for three years.

    Which solution did I use previously and why did I switch?

    My client was using it when we took over operation of the project.

    What's my experience with pricing, setup cost, and licensing?

    The price is not too low and it’s not too high.

    Which other solutions did I evaluate?

    I did not evaluate other options. This product was already implemented.

    What other advice do I have?

    Check the market before implementing it... because I didn’t get the chance to do so.

    What is most valuable?

    Application delivery is strong.

    How has it helped my organization?

    It has provided stability to applications.

    What needs improvement?

    The hardware does not measure up. Fortinet does not have sturdy hardware.

    For how long have I used the solution?

    I have been using it for three years.

    Which solution did I use previously and why did I switch?

    My client was using it when we took over operation of the project.

    What's my experience with pricing, setup cost, and licensing?

    The price is not too low and it’s not too high.

    Which other solutions did I evaluate?

    I did not evaluate other options. This product was already implemented.

    What other advice do I have?

    Check the market before implementing it... because I didn’t get the chance to do so.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user389823
    Head of Security at a tech company with 1,001-5,000 employees
    Vendor
    If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.

    What is most valuable?

    • SSL offloading
    • Unlimited number of protected servers
    • Load balancing

    How has it helped my organization?

    If a customer has a web portal that frequently experiences attacks, FortiWeb blocks all negative traffic.

    What needs improvement?

    It would be great if FortiWeb could provide web forms like Microsoft TMG. (For example, OWA Exchange portal or SharePoint portal.) Many of our customers are looking forward to this functionality.

    For how long have I used the solution?

    I don’t use it, but as a partner of Fortinet, I implement it at customers’ sites. Our customers have been using it for about two years.

    What do I think about the stability of the solution?

    One of our customers recently experienced a stability problem. The customer has two FortiWeb appliances in an HA cluster (A-P). Something happened and both FortiWeb units became MASTER. Only a reboot of one of the units helped them. We opened a ticket.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    Sometimes technical support is very slow, but sometimes they work very fast. So I will rate it 5/10.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution.

    How was the initial setup?

    Initial setup is not very complex. But if we have problems with configuration, we ask support.

    What's my experience with pricing, setup cost, and licensing?

    We always recommend the full bundle, but sometimes we offer a budget-conscious solution for the customer.

    Which other solutions did I evaluate?

    Before choosing this product, I did not evaluate other options.

    What other advice do I have?

    Look at the PRICE and the PERFORMANCE.

    Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Fortinet partner.
    it_user430797
    Network Engineer at a mining and metals company with 1,001-5,000 employees
    Vendor
    It can bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels. The user interface and update/support is not quite user-friendly.

    What is most valuable?

    The bandwidth limitation and restriction feature is most reliable and useful, working as expected and hasn’t had any crash or excessive load issues.

    Using the interface to set bandwidth limitations and restrictions at the individual IP, group IP, and total IP levels is really useful for allocating dedicated bandwidth for senior users, reducing it for public users, etc.

    How has it helped my organization?

    This product allows our organization to manage each user’s bandwidth limitation for internet service and overall.

    What needs improvement?

    The user interface and update/support is not quite user-friendly.

    Obviously nowadays these are just normal features, but we are looking for QoS, application visibility, web filtering and mostly threat detection/malware protection/IPS for security side/etc.

    For how long have I used the solution?

    We have been using it for five years.

    What do I think about the stability of the solution?

    We have not encountered any stability issues. Not at all. We have placed it in our data center, and the equipment’s hardware stability is quite good. The equipment works fine when there is a power outage and comes back. Never had a hardware issue.

    What do I think about the scalability of the solution?

    We knew the equipment’s scalability and feature range, so it is fair.

    How are customer service and technical support?

    There were a few issues with technical support when we tried to extend contract/support.

    Which solution did I use previously and why did I switch?

    We used Microsoft ISA software firewall, and we encountered hardware and software failures a lot. We decided to change to a hardware solution because of many power outages.

    How was the initial setup?

    Initial setup was straightforward and easy to manage.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is bit high but fair for a hardware unit. However, licensing and benefits for my country and region is not good.

    What other advice do I have?

    It is an easy-to-manage, great product for a small office.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user256842
    IT Admin at a comms service provider with 1,001-5,000 employees
    Vendor
    I set it up on my own. I'd like to see improvements in its internet and servers features.

    What is most valuable?

    Firewall policy

    What needs improvement?

    Internet Servers

    For how long have I used the solution?

    I have used it for a year and a half.

    What do I think about the stability of the solution?

    We had one stability issue when I ran it once with Wireshark; it froze.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    I cannot rate technical support because I have not used it yet.

    Which solution did I use previously and why did I switch?

    I switched from SonicWALL to Fortinet. I am happier now.

    How was the initial setup?

    Initial setup was not that difficult. It was different to my previous solution; I could do it on my own.

    Which other solutions did

    What is most valuable?

    • Firewall policy

    What needs improvement?

    • Internet
    • Servers

    For how long have I used the solution?

    I have used it for a year and a half.

    What do I think about the stability of the solution?

    We had one stability issue when I ran it once with Wireshark; it froze.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues.

    How are customer service and technical support?

    I cannot rate technical support because I have not used it yet.

    Which solution did I use previously and why did I switch?

    I switched from SonicWALL to Fortinet. I am happier now.

    How was the initial setup?

    Initial setup was not that difficult. It was different to my previous solution; I could do it on my own.

    Which other solutions did I evaluate?

    Before choosing this product, I did not evaluate other options.

    What other advice do I have?

    • Be aware of logs.
    • Does not compare with Check Point about finding policies.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Information Security Expert at a financial services firm with 501-1,000 employees
    Vendor
    It helps us protect our web and database servers from being penetrated from outside the office.

    What is most valuable?

    The most valuable features of the product are its IPS and VPN server.

    How has it helped my organization?

    The device is very handy and it helps us to protect our web and database servers from being penetrated from outside the office.

    What needs improvement?

    The antivirus and the IPS can be improved in the future.

    For how long have I used the solution?

    I have used it for about two years.

    What do I think about the stability of the solution?

    Fortunately, we have not yet encountered any stability issues!

    What do I think about the scalability of the solution?

    With the 600-C model, we had some scalability issues.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution.

    How was the initial setup?

    Initial setup was very straightforward and simple.

    What's my experience with pricing, setup cost, and licensing?

    These devices, especially the 1500-D model, are really worth purchasing and using.

    Which other solutions did I evaluate?

    Before choosing this product, we evaluated many products such as Cisco, Juniper, Cyberoam, and Sophos.

    What other advice do I have?

    In my opinion, the FortiGate appliances, and especially the D series, are really powerful ones and worth providing for your network.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Security Expert at a tech services company
    Consultant
    Next-gen firewall and built-in server load balancing. A BYOD feature is missing.

    What is most valuable?

    • UTM
    • Ease of use
    • Built-in server load balancing
    • VPN
    • Next-gen firewall features

    How has it helped my organization?

    It provides good security visibility.

    What needs improvement?

    A BYOD feature is missing; this could be a good add-on.

    For how long have I used the solution?

    I have used it for about 18 months.

    What do I think about the stability of the solution?

    I did not really encounter any stability issues; it performs well.

    What do I think about the scalability of the solution?

    I have not encountered any scalability issues in 18 months.

    How are customer service and technical support?

    Technical support is average; it could improve.

    Which solution did I use previously and why did I switch?

    We previously used Cisco PIX and ASA. We switched because there is no next-gen firewall in the Cisco portfolio.

    How was the initial setup?

    Initial setup was straightforward.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is competitive. Licensing could get expensive as we add feature sets.

    Which other solutions did I evaluate?

    Before choosing this product, we evaluated Palo Alto, SonicWALL and Juniper.

    What other advice do I have?

    It is a good option, keeping in mind pricing and features.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Network Administrator at a local government with 501-1,000 employees
    Real User
    It’s an all-in-one solution that gives more Wi-Fi control capability.

    What is most valuable?

    • Routing
    • Web filtering
    • Wi-Fi control

    How has it helped my organization?

    It’s an all-in-one solution that lowers the cost of having multiple solutions. It gave us more Wi-Fi control capability.

    What needs improvement?

    - Logging

    For how long have I used the solution?

    We have been using this model for one year. We previously implemented earlier models for six years.

    What do I think about the stability of the solution?

    We have encountered very few stability problems. In six years, we had one device that need to be shipped back to Fortinet. We had HA set up at that location, so there was no down time.

    We did not have a problem upgrading their firmware updates.

    What do I think about the scalability of the solution?

    Yes and no; you have to size it right before buying. The hardware on some models is not expandable, but you can easily turn software add-ons on and off.

    How are customer service and technical support?

    I’ll give them an 8/10 for technical support.

    Which solution did I use previously and why did I switch?

    We had a Cisco router and a Barracuda. We switched from that to a FortiGatefirewall and the Cisco Router. Finally, when the Cisco router was going bad, we replaced it with a FortiGate 100 for firewall and routing capability.

    How was the initial setup?

    Initial setup complexity depends on the network. The admin console is easy to use.

    What's my experience with pricing, setup cost, and licensing?

    They have options for their licensing. Look at what you are going to use it for and purchase that way.

    Which other solutions did I evaluate?

    Before choosing this product, we did not evaluate other options. We had one of the smaller firewalls, and we upgraded to one of their bigger ones.

    What other advice do I have?

    Look at sizing. And if you are a 24/7/365 shop, get two for HA.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    IT Support Engineer at a consumer goods company with 51-200 employees
    Real User
    You can set QoS according to application priority.

    Valuable Features

    • Security profiles with application control & web filtering. You can filter which applications are allowed or blocked inside your network, according to the port they are using. Web filtering - which can be applied to Skype for example, prevent botnets, and P2P - also is very helpful when you want to control what is allowed inside the network.
    • QoS. You can set QoS according to application priority.
    • Antivirus from end to end
    • Remote and site-to-site VPN

    Improvements to My Organization

    We have minimized our expenses for internet security/antivirus in host-side products such as FortiClient installation, which has antimalware/web security/antivirus and protects the host from vulnerabilities while connected to the server.

    Room for Improvement

    I would like to see support for throughput up to 10 gbps and WAN support. Depending on your device’s design, I’d like to see throughput support up to 2 mbps for SSL, 3 mbps for IPS, and 1.5 mbps for applications. This might already be offered with newer versions.

    I haven't used the latest release of device. From my current device perspective, reporting is good, but I want to see, in the future releases if they haven't done yet, is the total traffic alert (highest peak) that could receive on mobile or email. This is very helpful if you could set in required interval to monitor the total traffic that could feel the traffic in your hands.

    Use of Solution

    I have used it for five years.

    Stability Issues

    No issues encountered.

    Scalability Issues

    No issues encountered.

    Customer Service and Technical Support

    I rate the level of technical support 9/10.

    Initial Setup

    It was straightforward for minimal configuration and requirements, CLI for complex configuration.

    Pricing, Setup Cost and Licensing

    Pricing and licensing is good and it depends on what the business solution requires.

    Other Advice

    FortiNet shows me the health of the entire network. Evaluate how you would use FortiNet UTM. Look for the solution which fits your business infrastructure requirements such as VPNs, firewalls, application and web filtering, throughput, and most of all, which device which gives you the best performance.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Senior Developer, Project Manager at FPT Software
    MSP
    It makes our web site system work nice and smooth. The UI is a little complicated for new users.

    What is most valuable?

    Firewall Load balancing

    How has it helped my organization?

    It makes our web site system work nice and smooth.

    What needs improvement?

    The UI is a little complicated for new users.

    For how long have I used the solution?

    I have been using it for over a year.

    What do I think about the stability of the solution?

    I have not yet encountered any stability issues.

    What do I think about the scalability of the solution?

    I have not yet encountered any scalability issues.

    How are customer service and technical support?

    I have even contacted technical support once.

    Which solution did I use previously and why did I switch?

    My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we…

    What is most valuable?

    How has it helped my organization?

    It makes our web site system work nice and smooth.

    What needs improvement?

    The UI is a little complicated for new users.

    For how long have I used the solution?

    I have been using it for over a year.

    What do I think about the stability of the solution?

    I have not yet encountered any stability issues.

    What do I think about the scalability of the solution?

    I have not yet encountered any scalability issues.

    How are customer service and technical support?

    I have even contacted technical support once.

    Which solution did I use previously and why did I switch?

    My web site used MS NLB service for load balancing and IPS firewall at first, but when our site's connection grew bigger, we discovered that we needed another solution. We chose FortiWeb after a little research into the market.

    How was the initial setup?

    Initial setup was straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is a little high.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user406593
    Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    At first, it helped us publish e-banking services, but we soon discovered it was an easy way to deploy other internal websites in an intranet style.

    What is most valuable?

    • FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we give a simple way to access the service to our customers using URL rewrite and redirect.
    • Rewrite
    • Redirect
    • Proxy reverse mode

    How has it helped my organization?

    It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.

    What needs improvement?

    I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x:

    • Upgrading from 5.2.x to 5.3.x. Fortinet provides a script, but it doesn't work (they do not say anything about it). In some cases:
      • If you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.
      • If you use LDAP authentication, the new field "realm" appears empty, the configuration doesn't work, and you have to manually change it.
    • Upgrading from 5.3.x to 5.5.x:
      • Some changes are introduced, then it requires fully formatting the device and configuring it manually (copy/paste pieces of configuration).
      • Once again, if you are using the subnet 192.168.1.x in any interface, it assigns this network for management, which means it can't apply the configuration.

    For how long have I used the solution?

    I have used it for three years.

    What do I think about the stability of the solution?

    It really is a powerful WAF; more than one year running with no stability issues.

    What do I think about the scalability of the solution?

    We did not have to scale our web servers; we just added new servers without any issue.

    How are customer service and technical support?

    The support is good, but they need more experts, because sometimes they take too much time to provide solutions.

    Which solution did I use previously and why did I switch?

    Fortinet was the first brand we thought about, because we had been using FortiGate for a few years, and we thought they had some common architecture.

    How was the initial setup?

    The initial setup was very easy. We use the proxy reverse schema; I think it is the best for almost all situations. The last firmware 5.5.x permits customers to deploy in different configurations in the same box.

    What's my experience with pricing, setup cost, and licensing?

    I think FortiWeb is the best WAF in terms of cost/benefit. Licensing is similar to other Fortinet products; 100% clear with no surprises.

    Which other solutions did I evaluate?

    For new projects this year, we evaluated Imperva and Barracuda. The latter can be a good option for entry-level deployments, but is hard to surpass Fortinet products.

    What other advice do I have?

    I advise being careful with the upgrade procedures. Also, it is a good idea to use Fortinet for a 60-day trial. That way, you can do a lot of testing on your own before deploying it. Using the VM (virtual machine) you can save a lot of time, can do proofs of concept and avoid opening tickets asking basics questions.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Information Security Leader at a government
    Vendor
    It has helped us prevent exploitation of vulnerabilities while we are working on code. Signatures are basic and prone to firing false positives.

    What is most valuable?

    • It supports OWASP top 10.
      As you can see, the attack types are mapped to OWASP top 10. The policy creation always follows the procedure:
    1. Create first the objects needed.
    2. Assemble the policy.
    • The GUI interface is intuitive. I have never needed to use the CLI
    • It has good reports.It is easy to manage.

    How has it helped my organization?

    The portal has a lot of vulnerabilities, which are not easy to solve quickly. The device has helped us to prevent exploitation of them while we are working on the code.

    What needs improvement?

    The signatures are very basic and prone to firing false positives. For example, FortiWeb detects this string as an attack because it detects "perl" in it:

    User-Agent: Mozilla/5.0 (compatible; PaperLiBot/2.1; https://support.paper.li/entries/20023257-what-is-paper-li)

    This is a false positive. If the signature was more complex, that would not occur.

    For how long have I used the solution?

    I have been using it for four years.

    What do I think about the stability of the solution?

    I have not encountered any stability issues, but it always consumes a lot of memory.

    How are customer service and technical support?

    Technical support is 7/10. We had a pair of cases without solution; one URL-rewriting related and another one Lync Enterprise-related. In both cases, we had to search for alternate solutions.

    Which solution did I use previously and why did I switch?

    ISA Server was working as a reverse proxy, but it lacks web attack prevention. Also, because the platform is dedicated and the OS is hardened.

    How was the initial setup?

    It has an auto-learn module that makes it easy to establish the first policy, after which you can customize it. It is straightforward to configure the FortiWeb. We have encountered that it is especially difficult to work with URL rewriting, because of regular expressions.

    What's my experience with pricing, setup cost, and licensing?

    Price and licensing is fine; it is one of the cheapest solutions and does its job.

    Which other solutions did I evaluate?

    We also evaluated F5 and Imperva. Fortinet won because of its price. It has done its work for the last four years; the only problem that I have seen is the high false-positives rate which prevents us from focusing on the real attacks.

    What other advice do I have?

    It has a good quality/price relationship. The web vulnerability scan module is useless.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Senior Information Security Engineer with 1,001-5,000 employees
    Vendor
    With Layer 7 server load balancing, it makes decisions based on the content of messages. It also can offload slow connections from the upstream servers.

    What is most valuable?

    • Web services signature: Helped us on secure key exchange, authentication and integrity of the transmissions.
    • Virtual patching: We publish many web services through FortiWeb. We are able to quickly resolve vulnerabilities.
    • Layer 7 server load balancing: The device made smart decisions based on the content of messages. Also, with compression and encryption, it can offload slow connections from the upstream servers. That greatly improved performance.
    • Zero-day protection
    • Advance correlation
    • URL rewriting and content rewriting

    How has it helped my organization?

    Before FortiWeb deployment, we were using a combination of commercial and open-source products. It was a hassle for the administrators, due to which some areas were unintentionally overlooked and caused many problems. With FortiWeb, we got a one-box solution for internet and internet security, which reduced the time required of the administrators and improved visibility at the larger scale.

    What needs improvement?

    Usually patches and version upgrades are really buggy, so we usually wait about one month for a stable release to upgrade. They need to improve the new version/patch delivery mechanism. For example, if a patch fixes one functionality for web services but also causes some other functionality failure.

    For how long have I used the solution?

    I have been using it since 2014.

    What do I think about the stability of the solution?

    In the first few months, we had some issues but with a custom patch, we are good.

    What do I think about the scalability of the solution?

    No scalability problems so far.

    How are customer service and technical support?

    I rate technical support 8.5/10.

    Which solution did I use previously and why did I switch?

    We were using combination of solutions, due to our organisation's policies. Due to lack of visibility, administrative issues and response times, we shifted.

    How was the initial setup?

    We had a complex environment, with multiple offices across the globe with all the data in and out from our HQ.

    What's my experience with pricing, setup cost, and licensing?

    At the time of deployment, and still now, the price was considerable less than other solutions and varies according to license type.

    Which other solutions did I evaluate?

    We also evaluated Cisco and McAfee.

    What other advice do I have?

    It is a great product, but be careful with version upgrades.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Director with 51-200 employees
    Vendor
    Other firewalls are just as good, but this product is at a much better price point.

    What is most valuable?

    We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.

    How has it helped my organization?

    I would not say it has improved how we function because I think that other leading vendors firewalls are as good. However, I do think that FortiGate can do it at a much better price point than, for example, Cisco ASA or Palo Alto.

    What needs improvement?

    The CLI could be improved by removing all default syntax from the config. The debugging of crypto VPN is not as informative as other vendors’ firewalls. The GUI is also not as good as some vendors, but overall as a package and considering price, it still provides value for money.

    For how long have I used the solution?

    I first used the Fortinet solutions in 2005 when it was version 2 & 3; since then, it has matured a lot and is much better. I would definitely recommend it, primarily on value for money. For the newer versions, I have been using 1000C and 300D, with FortiGate VM01 firewalls running a mix of software versions 5.4 and 5.2 for almost two years.

    What do I think about the stability of the solution?

    I did not encounter any stability issues.

    What do I think about the scalability of the solution?

    FortiManager is required for scalable managing of multiple devices, but we do not have enough to need that. I think that the logging could be better but for that, FortiAnalyzer is recommended, which we do not have.

    How are customer service and technical support?

    We have not needed to use Fortinet TAC.

    Which solution did I use previously and why did I switch?

    This solution replaced some old Juniper ISG firewalls that were EoL; nobody in the company had Juniper SRX experience and the choice was made for Fortinet before I started at the company.

    How was the initial setup?

    Initial setup for what we need to use it is very straightforward. There are certain features (such as TACACS) where you need to use CLI, but most things can be done with the GUI.

    What's my experience with pricing, setup cost, and licensing?

    Very competitive; Fortinet would always be an option for a perimeter firewall for me if I were needing new kit. I would always include it in any quotes and options, although depending on the requirements, I might decide to choose something else.

    Which other solutions did I evaluate?

    I have used firewalls that I find easier to manage, configure and troubleshoot. However, the Fortinet firewalls are pretty good, and in terms of value for money, they are outstanding.

    Pros: Cost for performance, very feature rich, GUI is pretty good.

    Cons: Debugging is not as good as I find Cisco ASA. CLI is overly complicated by all syntax showing in the configuration. The GUI is not as nice as CheckPoint or Palo Alto.

    What other advice do I have?

    Evaluate the product first and compare it to what you are used to and what you want. It provides very good value for money, but if the budget were there, I would probably choose another vendor in certain circumstances.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Senior Analyst at a financial services firm with 1,001-5,000 employees
    Real User
    20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements. Product support is a major concern.

    What is most valuable?

    In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements:

    • 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future requirements.
    • Easy integration with various Fortinet products such as FortiSandbox for APT detection.
    • ASIC (Application Specific Integrated Circuit) provides quick SSL offloading and doesn’t choke the user requests.

    How has it helped my organization?

    • Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting.
    • Rule creation and fine tuning are easy, as compared to its competitors.
    • Product has provided adequate assurance to organization’s PCI DSS program.

    What needs improvement?

    Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services.

    The automatic policy learning feature also needs some improvement, as using this feature leads to more false positives.

    Integration with other cloud-based DDoS protection services such as CloudFlare, Arbor, Akamai, etc., is also a limitation.

    For how long have I used the solution?

    It’s been almost one year since we started using this solution.

    What do I think about the scalability of the solution?

    The FortiWeb 4000E appliance comes with 20 Gbps throughput, 2X2 TB HDD and unlimited licensing. (Yes, you got it correct.) This adds value to the organization and meets its current and future requirements.

    How are customer service and technical support?

    As I wrote in my previous comments, FortiWeb needs to invest and improve its tech support services due to limited skills in market. Critical- and high-severity issues usually take more time for resolution.

    Which solution did I use previously and why did I switch?

    We were using Imperva as our WAF solution, which is also a market leader (as per Gartner Magic Quadrant) and provides lots of flexibility and cloud integration options. However, due to high cost, the organization decided to switch to Fortinet Fortiweb.

    How was the initial setup?

    Selecting the appropriate deployment topology is a major task. Initial configuration settings are little difficult to implement but overall management is easy.

    FortiWeb provides a wide variety of deployment options such as

    • Reverse proxy
    • Inline transparent
    • True transparent proxy
    • Offline sniffing
    • WCCP (Web Cache Communication Protocol)

    What's my experience with pricing, setup cost, and licensing?

    Pricing and licensing are USP of this solution; deploying an appliance provides in-house control and flexibility. A dedicated 4000E appliance is appropriate for large enterprises, while Fortinet also provides a VM-based solution, which is perfect for small and medium enterprises.

    Which other solutions did I evaluate?

    We did PoCs for other WAF products such as Citrix, F5 and Barracuda before finalizing on FortiWeb for our enterprise, which satisfied enterprise requirements.

    What other advice do I have?

    Thorough review of architecture is required. It’s recommended to get it deployed by authorized FortiWeb vendors. Attention to the rules is a must. Otherwise, it might lead to lots of false positives.

    Fortinet WAF can also be integrated with SIEM, which could be beneficial for centralized monitoring.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Fortinet FortiWeb Report and get advice and tips from experienced pros sharing their opinions.