Overview

1/2

This listing is for AWS WAF Classic only. Fortinets WAF rulesets are based on the FortiWeb web application firewall security service signatures, and are updated on a regular basis to include the latest threat information from FortiGuard Labs. The Complete OWASP Top 10 Ruleset combines Fortinets other AWS WAF rulesets into one comprehensive package to protect web applications and to cover the entire list of OWASP Top 10 web application threats. Included are the SQLi/XSS, General and Known Exploits, and Malicious Bots rulesets.

For extended web application firewall features such as detailed trigger/event visibility, custom whitelisting and dedicated tools to fine tune and manage detections as well as detailed event visibility and AI-based behavioral attack detection you can try the FortiWeb Cloud Product: https://thinkwithwp.com/marketplace/pp/prodview-rbkvcwsvcpgsk?sr=0-1&ref_=beagle&applicationId=AWSMPContessa

For more information on AWS WAF Classic, you can find documentation here: https://docs.thinkwithwp.com/waf/latest/developerguide/classic-waf-chapter.html

Pricing information: Pricing consists of two dimensions:

$30 per month for each web ACL using the Fortinet Managed Rules, per region
$1.8 per million requests in each region

Pricing examples:

pricing example: 2x web acl in a single region (ie us-east-1)

Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month

pricing example: 2x web acl in two regions (ie us-east-1 & us-east-2)

Managed rule group charges = $60.00 (2x units for 2x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $78.00/month

pricing example: 3x web acl in two regions and one using a CloudFront (ie us-east-1, us-east-2, CloudFront)

Managed rule group charges = $90.00 (3x units for 3x web ACLs) Managed rule group request charges = $1.80/million * 10 million = $18.00 Total AWS Marketplace charges = $108.00/month

Highlights

Complete set of all rules offered by Fortinet
Can be configured to log, alert and/or block
Regular updates from FortiGuard Labs

Details

Sold by

Fortinet Inc.

Features and programs

Financing for AWS Marketplace purchases

AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.

View financing details

Pricing

Fortinet Managed Rules for AWS WAF Classic - Complete OWASP Top 10

Info

View purchase options

Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.

Usage costs (2)

Info

Dimension	Cost/unit
Charge per month in each available region (pro-rated by the hour)	$30.00
Charge per million requests in each available region	$1.80

Vendor refund policy

Non-Refundable

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery details

Software as a Service (SaaS)

SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

Resources

Vendor resources

Set-up Guide and FAQs

Fortinet Managed Rules for AWS Data Sheet

Fortinet Managed Rules for AWS WAF Video Tutorial

Support

Vendor support

Support offered by Fortinet. Contact Fortinet directly by email - awswaf@fortinet.com . Please see FAQ for more info.

Get support

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

Fortinet Managed Rules for AWS WAF - API Gateway

By Fortinet Inc.

The Fortinet Managed Rules for AWS API Gateway is a comprehensive package for the best web application protection to help protect against the OWASP Top 10 web application threats, including SQLi/XSS attacks, General and Known Exploits, and Malicious Bots.

View product

Fortinet Managed Rules for AWS WAF - Complete OWASP Top 10

By Fortinet Inc.

The Complete OWASP Top 10 Ruleset delivers comprehensive web application protection to protect against the OWASP Top 10 web application threats

View product

Trend Cloud One

By Trend Micro

Trend Cloud One™ - A comprehensive cloud security platform purpose-built for those building in AWS. Click subscribe to start your free trial and discover what automated, flexible, all-in-one cloud security can do for you! Remember, your 30-day free trial includes access to the entire Trend Cloud One platform + access to our always free tiers. To learn more about our always-free tiers, check out the additional support section!

View product

Amazon ECS Optimized Amazon Linux 2 AMI with Support by Bansir

By Bansir LLC

This item is a repackaged open source software, additional charges apply for support by Bansir for Amazon ECS Optimized Amazon Linux 2 AMI with Support by Bansir

View product

Customer reviews

Write a review

Ratings and reviews

Info

4 ratings

5 star

4 star

3 star

2 star

1 star

25%

50%

4 AWS reviews

2 external reviews

External reviews are sourced from G2 and are not included in the star rating for this product.

Welli A.

AWS WAF - API Gateway

Reviewed on Sep 05, 2023

Review provided by G2

What do you like best about the product?

This feature makes it very easy for developers like me. With this feature, I can create new projects quickly and easily!

What do you dislike about the product?

So far I'm using this feature well for problems I can still fix and I still like it

What problems is the product solving and how is that benefiting you?

So far I'm using this feature well for issues I can still fix and I still like it

Awesome Network visibility

Reviewed on Mar 09, 2023

Review provided by G2

What do you like best about the product?

Comprehensive Protection and Simplified Deployment and Management

What do you dislike about the product?

Not enough capabilities to detect things such as bots and anomolys.

What problems is the product solving and how is that benefiting you?

being able to be deployed locally is huge in terms of configuration and scalability. It protects for many intrusion attempts, web filtering and stops malware.

Easy to setup and use

Reviewed on May 20, 2020

Purchase verified by AWS

Got the rules up and running in no time.
Excellent value for money, not sure why other reviewers are complaining given how cheap these rules are

Lack of visibility limits usability

Reviewed on Mar 06, 2018

Purchase verified by AWS

I agree with other reviewers that the ability to understand why a request is counted or blocked is paramount.

In the current scenario we will be required to create custom rules to detect and allow any false positives, in order to have working solution. It would be much more useful to at least output the rule and condition that was triggers, along with the request. It would be good to be able to disable a specific rule if it was triggered.

I understand that we should not be able to list the actual rule details, but not having a list of the rule coverage also seems bad.

This box is just a bit too black for my liking. Knowing what protection is in place is a cornerstone of good security. I don't have that with this offering.

Same considerations as last reviewer

Reviewed on Mar 05, 2018

Purchase verified by AWS

Same considerations as last reviewer, however, you can do an "Override to Count" and see request samples, to find things to white list. However, you don't know which condition triggered the "block".

Very much a Black box.

For our testing with "Override to count" in Production, I only found it blocking valid transactions for us.