I use the solution in my company to make web applications more secure because we have a special portal or web interface that we have to make secure for cybersecurity and different accesses. We found that FortiWeb Web Application Firewall (WAF) works fine for such use cases.

The tool's most valuable feature is the web access it offers. We control every access, like who goes in and what they do.

The tool's price and performance are areas of concern where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

My company has three customers using the tool. One of the customers has 1,00,000 users.

My company manages the technical support with around four people, so it is not a complex process for us to handle. In general, the tool's support team is friendly.

The product's initial setup phase was easy.

The solution's deployment needs a bit of time because we have to discuss it with the deployment team, which consists of software. The project keeps growing and changing daily, so if the people involved in the deployment make new software, we have to change something. It is an easy process and can be managed in around two weeks by one person.

The tool is really expensive. In our company, we could do a lot more, but the price is always a point covering areas like why we need one, whether it is important to discuss, why it is so expensive and so on.

Speaking about the licensing model, people need to opt for a subscription-based model. My company likes to have a subscription for at least three or five years because, otherwise, you have to renew the license. Managing the licensing part for one person can also be very complex.

The solution helps protect our company's web applications against common threats up to 99 percent. We feel very safe with the tool.

Speaking about how the tool has effectively mitigated web security threats for an application, I would say that it is an application behind the web portal, so there are about a hundred or thousand people who can access a website. If it is a sensitive application, and we have to watch every access to it to make it really safe, that is the reason why we need WAF on the application.

My company doesn't use AI with the tool.

I recommend the product to others. I would say that others need to have it if they have a shopping website or something similar. I know it is hard to sell because we find it quite hard whenever my company tries to do so.

The solution offers 100 percent integration with other Fortinet security products.

The ease of policy configuration in the tool is okay.

I rate the tool a nine to ten out of ten.

Fortinet FortiWeb's use case is associated with WAF or web application firewall. Before a platform faces the internet, Fortinet FortiWeb inspects the traffic.

Fortinet FortiWeb is much cheaper compared to other solutions like the ones from F5 Networks, which have more capabilities. I think Fortinet FortiWeb is not as capable as F5 Networks, but it is cheaper. The key point for Fortinet FortiWeb is that when I give it to the customers, I see it is cheaper than F5 Networks.

All the players in the market are already using AI. In the AI area, I don't find any specific feature for Fortinet FortiWeb that is special compared to the other products in the market.

Fortinet FortiWeb's ML features are good, but they do not make the tool any special because all the products in the market, like F5 Networks, already use AI features. The AI feature does not make Fortinet FortiWeb any special.

The tool's WAF or web application firewall area has certain aspects that can be improved. I cannot find what features superficially can be improved in the WAF area of the tool.

Fortinet FortiWeb can be applicable for small or big networks. In my opinion, Fortinet FortiWeb can manage or improve its log management capabilities. As far as I know, FortiGate has a limit, which means it can be used for logging for seven days, and maybe it is because Fortinet wants to speed up the selling of another product called FortiAnalyzer. FortiAnalyzer is a device dedicated to logging analytic solutions. Fortinet may limit the capability of logging in Fortinet devices so that customers buy FortiAnalyzer for log analytics.

I have been using Fortinet FortiWeb for three years. My company is a reseller of the solution.

I don't know about the tool's scalability.

I rate the technical support a nine out of ten.

I also use FortiAuthenticator.

The product's initial setup phase can be somewhat complex depending on what software needs to be protected by Fortinet FortiWeb. If the web application is simple, the configuration can be made simple. If there is any specific need to protect the area in the web application, it is more tricky to configure Fortinet FortiWeb. It depends on what kind of web application needs to be protected by Fortinet FortiWeb. Overall, the tool's configuration is neither easy nor difficult.

If one is cheap and ten is expensive, I rate the tool an eight.

The product's document says that Forinet FortiWeb can detect zero-day attacks, but it needs more devices like FortiSandbox for help. Fortinet FortiWeb needs to be integrated with FortiSandbox. I think it is Fortinet's strategy to upsell other tools because Fortinet doesn't want to put the solution in one box or one device. If you want another feature, Fortinet wants you to buy another box.

I rate the tool an eight out of ten.

The solution's integration with other products is easy. Its most valuable feature is the antivirus engine. The tool helps us comply with GDPR and KVKK standards.

FortiWeb WAF's tuning causes trouble. It's complicated. The solution needs to improve the signature feature as well.

I have been working with the product for five years.

I rate the solution's pricing a ten out of ten.

My company has 50 users.

The solution's support is very good.

I use Palo Alto and Symantec products simultaneously. We chose FortiWeb WAF because of its pricing and easy implementation.

The solution's deployment is easy and takes ten days to complete. We have two resources involved in its maintenance.

The solution is cost-effective since it is cheaper than other alternatives. Also, the false positive rates are low.

I rate the tool's pricing an eight out of ten.

I rate the overall product a nine out of ten.

We use the solution for branch optimization. Initially, it was all in MPLS, but they converted to the broadband network. Implementing it reduced the cost, and its redundancy was also better.

It improves latency by optimizing traffic routing. When a better link is available, it reroutes traffic through it. Additionally, MPLS helps reduce costs. Critical data can be prioritized on MPLS, while other data uses broadband connectivity, leading to better resource utilization. This setup supports load sharing, allowing multiple links to work simultaneously for improved performance.

From the web application perspective, it offers comprehensive features, including URL filtering and DNS protection. Additionally, FortiWeb provides SD-WAN capabilities, such as load sharing based on latency or packet drops. Its extensive feature set allows customers to choose and customize according to their needs and preferences.

FortiWeb could have an inbound load balancing pack. Currently, they don't have it, but they have the print product for that. It'll be better if they have it on the same product.

I have been using FortiWeb Web Application Firewall (WAF) for three years.

It is primarily for the enterprise environment segment. Even if one of the three links goes down, another link will appear to resolve the issue. FortiWeb primarily relies on its high availability features.

We had a quick response from support since we have partnered with them.

The initial setup was easy because we had training. Also, the FortiGate team provides good support. It took around around five to six days to complete. It is only a plug-and-play environment.

The price is cheap compared to other products in the market. It costs 15-20% less than CheckPoint.

It is more than a basic firewall. It includes various features for enhanced security, such as protection against threats and vulnerabilities specific to web applications. Depending on their roles and responsibilities, some people who work on EDS may also interact with FortiWeb WAF.

FortiWeb offers a comprehensive product suite for SOC integration, including automation and SIEM capabilities. It also offers a complete integration package, including physical components that ensure a consistent experience for internal and external teams.

It includes an analyzer that provides comprehensive visibility. It is designed to optimize costs while sending detailed analytics and other relevant data.

I recommend the solution for security.

I rate the solution a nine out of ten.

The solution helps us to block certain applications and websites.

The use of FortiWeb Web Application Firewall, combined with Office 365 and Azure ID, has streamlined our VPN use and network security. With single sign-on, users only need to remember one process instead of two or three, which has improved our business security.

FortiWeb Web Application Firewall helps us to block certain categories of browsing, such as weapons, and other inappropriate content on the client side. We have also blocked social media sites like TikTok and Facebook to enhance user productivity and maintain application security.

We haven't faced any significant issues with FortiWeb Web Application Firewall. But they can lower the pricing, since it is a concern, especially in South Africa and the technical support, could be more responsive at times.

I have been using FortiWeb Web Application Firewall of the past two years.

We have encountered some issues with the stability and would rate it an eight out of ten.

I would rate the scalability an eight out of ten.

The customer services is good but sometimes they are unresponsive.

Before FortiWeb and Fortinet, we used to work with Sophos. We switched to Fortinet mainly due to better support and the availability of distributors in our country. In South Africa, Sophos lacked sufficient support and the resolution times for queries were often prolonged. With more vendors and better support, Fortinet has proven to be a more reliable choice.

The deployment process of FortiWeb Web Application Firewall was easy. It took half an hour to be deployed.

FortiWeb Web Application Firewall has definitely helped with notifications of potential threats and vulnerabilities. It has impacted our operational costs by reducing them by 20%. This is mainly due to savings on bandwidth and infrastructure costs, as well as improved efficiency in handling potential threats.

I would rate the pricing a four out of ten.

FortiWeb should include log retention for 90 or 180 days built into the product, without requiring an additional license. Having to buy extra licenses for longer log retention is problematic and adds to the cost.

I would recommend FortiWeb to other users.

Overall, I would rate FortiWeb an eight out of ten.

We use the solution in our headquarters. We have some agents outside our company.

The solution is transparent and smooth. So far, the tool has integrated well with our existing security infrastructure.

The price is a little higher than the competitors.

I have been using the solution for more than five years.

The technical support team is okay.

We have a consultant who gives us advice about the implementation.

Overall, I rate the product a nine out of ten.

The most valuable feature of FortiWeb Web Application Firewall (WAF) that has proven to be the most effective in protecting web applications stems from the fact that the product recently launched a SaaS model, making it a cost-effective solution, which is a major reason why we selected it in our company.

I don't see any issues with the tool apart from the pricing aspect of the product. The price of the product is an area where improvements are required.

I have been using FortiWeb Web Application Firewall (WAF) for a year. My company is a reseller of the solution.

It is a stable solution.

It is a scalable solution since it offers a SaaS model, which is why we can increase the bandwidth and number of applications in our company.

There are around 1,000 people in a company where our organization has provided FortiWeb Web Application Firewall (WAF).

Considering the IT side of the company, there are no plans to increase the usage of the product in the future.

The solution's technical support is good. Compared to the previous year, Fortinet has taken a lot of steps to improve its support services. The response time of the support services offered by Fortinet is good, especially since the solution launched elite support for users. I rate the technical support an eight out of ten.

I have not used the products offered by Fortinet's competitors, but I know that most of the time, such tools can be available at a cheap price.

My company has a team that is ready to help our customers implement the product.

There is a person in my company who knows about the technical team that takes care of the implementation part. I am a part of the marketing team, so the tool's implementation phase is something I don't know about.

In terms of ROI, the product helps secure applications and due to the security, there is less downtime when it comes to applications. From a security point, the tool uses cross-site scripting.

The licensing cost of the product is pretty high compared to other OEMs in the market.

As a marketing executive, I don't get to see any machine learning capabilities in the product.

My company only deals with solutions from Fortinet.

I recommend the product for pharma companies.

For administration and management of the product, there are two or three people in my company working in the core IT team.

From a marketing perspective, the product has been promoted enough in my region. My company has been promoting the product for the past 12 years.

The product offers information on the internet, and it can provide sufficient knowledge to employees who support the tool.

In terms of interface, the product is easy to use and is mostly connected to its own protocols,like FortiLink.

I rate the solution an eight out of ten.

I use the solution in my company, as we mostly load some web applications at our data center and use it to ensure that the web pages are properly secured.

Actually, most of the features of the tool are really good, but I would like to emphasize the importance of its machine learning features, as it can be implemented smoothly in Fortinet FortiWeb, and it is very helpful for our company.

Though the reporting is a nice aspect associated with the tool, I feel that it has certain shortcomings and can be made better. The reporting part can provide more information and be more specific.

Fortinet FortiWeb's admin guide could offer more, like, examples or features on how to implement the tool. It can provide information on how a user can make use of it in different usages, and that can help a lot. The admin guide is satisfactory, and it meets our company's needs.

Actually, my company would like it if the product could implement scanning attachments for exchange for assets or exchange needs. The aforementioned area consists of the feature that my company wants to apply, but it is not supported in Fortinet yet. My company needs the product to support us in the aforementioned area, and it can help us a lot by providing a layer of security that can check files and attachments in emails and other stuff, which would be great.

I have been using Fortinet FortiWeb for three years. I am an end user of the solution.

Stability-wise, I rate the solution an eight out of ten.

In terms of stability, it is a good solution that is easy to use and has many features and resources. The support offered by the product is good, especially since the support team responds on time, keeps you informed, and even follows up. Generally, it is a good solution to have and use.

My company has not experienced any downtime while using the product.

In our company, we have not implemented the product on a large scale.

Around 2,000 people per month use the product in our company.

Every single day, the tool is used to host web applications.

If our company needs to implement more hosted web servers, we will use Fortinet FortiWeb, but if not, then it will remain at the current number. Increasing the use of the tool is not my decision, and I just accommodate the needs of the organization.

The solution's technical support is good. When my company faced some problems with the product, I found the solution's support team to be very supportive and helpful. I rate the technical support a nine out of ten.

On a scale of one to ten, where one is difficult and ten is easy, I rate the product's initial setup phase as eight or nine.

The product's initial setup phase was straightforward, and since our company didn't have any problems with it, we didn't encounter many problems with the tool. Maybe our company encountered some problems with the product's setup because we used to use it to set up the servers or stuff, which took time, but now Fortinet FortiWeb handles everything smoothly and easily.

The solution is deployed on an on-premises version.

The solution can be deployed in a week.

If my company did not have Fortinet FortiWeb, then I believe that we would have had to host some of the services in an external data center with extra fees and there we would have had to pay for the web services, but we don't need that anymore because now, we have an on-prem web service that can promote us to be able to host as much as we need of web services.

On a scale of one to ten, where one is zero percent and ten is a hundred percent, I rate the ROI as an eight.

If one is very cheap and ten is very expensive, I rate the product price as three or four. The tool is cost-effective and offers value for money. I didn't mean it was very expensive. The price is fixed, but some features need an extra license.

My company was considering F5, but you actually went for Fortinet FortiWeb after considering the cost aspect.

My company doesn't specifically host e-commerce platforms since we offer mainly government services.

The security part has been satisfactory till now, and we haven't faced any problems yet.

FortiGate FortiWeb's features that have been most effective in mitigating web-based threats are possible because of the signatures. My company doesn't need to enforce a lot of policies or stuff. Fortinet FortiWeb has a lot of internal databases that can help you, and you can use whatever platform you are hosting your web applications through whichever software you use. it can build up a web protection profile that matches your needs, making it a very helpful tool.

Speaking about how machine learning features enhance our security posture, I would say that some aspects of the website are not normally clear for our company, and machine learning helps in such areas. It just traces the normal usage of the web applications along with the websites or links most users visit while also checking which URLs are mostly used, after which the tool differentiates between the normal usage and any abnormalities, based on which it builds the model that can be used to improve the security. Sometimes, a person cannot do things manually and is not sure about all the aspects of our web applications because many are not developers. Machine learning comes into the picture because one may not know all the stuff associated with the product.

A team of four or five people is enough to deploy the tool. Maintaining the tool is actually not a very big task and not many people are required for it.

The integration capabilities of the product with other security tools have benefited our company's security strategy as it sits smoothly in our network. The tool doesn't cause any problems with the integration part.

I would recommend that users use the tool's high availability. With the tool, one box is not enough, so there is a need to have a cluster of two boxes. Users need to measure their needs regarding the logging process and everything else, including processing. Even before starting to use it, we have to set up everything, or you would be confused about how to use the tool in the future, and it would be difficult to figure out how much retention log retention we would need in our company. It is important to set up everything related to the users' needs so that they don't need to change a lot of settings in the future.

I rate the tool an eight out of ten.

We use the solution for web filtering purposes. We use it to allow or block any application.

The most valuable features of the solution are SD-WAN, filtration, web filter, application filter, and IPS. The solution's console is very user-friendly and very easy to manage. The solution has good stability and a user-friendly interface.

It would be good if the solution integrated with other solutions, like SAP.

I have been using FortiWeb Web Application Firewall (WAF) for nine to ten years.

FortiWeb Web Application Firewall is a very stable solution.

I rate the solution’s stability ten out of ten.

Every location with 200 to 300 people has installed the FortiWeb Web Application Firewall.

I rate the solution a nine out of ten for scalability.

Our experience with the solution's technical support has been good. We promptly get support from the technical support team.

The solution’s initial setup is easy and can be done in a few hours.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine or ten out of ten.

I would recommend FortiWeb Web Application Firewall to other users because it is a good product.

Overall, I rate the solution a nine out of ten.

We use FortiWeb to protect our web applications, including web servers, websites, and mobile apps – especially mobile payment apps. As an integrator, we also sell FortiWeb to our clients.

It is mainly for banking and NCS sector clients, but we also have others like universities and industrial companies.

After configuring security profiles and policies in FortiWeb, it does its best to block all web attacks, including SQL injections and other types of attacks. While I don't have the interface in front of me to provide exact details, FortiWeb is highly effective in this regard.

Most of our clients use reverse proxy mode. In this mode, FortiWeb acts as a reverse proxy, preventing attackers from directly connecting to the server or web server. All traffic passes through FortiWeb, allowing us to inspect everything.

The xFF, or X-Forwarded-For feature, IP reputation, and protected hostname. We can block access using the IP address, so no one can connect to our web server or website using the real IP. They need to use the FQDN instead.

Even if an attacker detects the IP address, they can't connect directly to the server due to FortiWeb and the option to protect the hostname. All traffic passes through FortiWeb.

Machine learning capabilities in FortiWeb:

I don't use machine learning all the time. In the initial phase of FortiWeb deployment, we use the learning process to detect the traffic passing through FortiGate to our website.

Maybe the load balancing options could be enhanced. FortiWeb provides very good protection for web applications, web servers, and mobile apps, but the load-balancing capabilities and mechanisms are not as well-developed as those of other products like F5.

Currently, we need to purchase another solution, like FortiADC, for load balancing. It would be better if the load balancing features were more integrated and advanced within FortiWeb itself so it could handle both load balancing and web application firewall functions.

I have been using it for four years.

It's stable. We haven't had any issues, except for maybe some hardware problems with the hard disk. But the Fortinet team and their advanced support team were great. We received a new firewall in less than a week. It was just a logistical issue.

That's the best thing about working with Fortinet's support. If there's a hardware issue or failure, we can contact them directly, they open a ticket, and send a new device. Then they check if the issue was due to human error or a hardware problem.

I would rate the scalability a ten out of ten. We passed this test with one of our clients. They initially had the FortiWeb VM01, which is the fifth model of virtual machines. As the number of servers and applications behind FortiWeb grew, they needed to upgrade their license. We were able to easily upgrade the license and adjust the virtual machine specs like CPU and memory.

It's scalable without any issues. This applies to virtual machines but not necessarily to hardware appliances.

It is suitable for all types of businesses, including small, medium, or enterprise. The difference between SMBs and large enterprises is the type of license or model, such as hardware. For example, we have a bank client using FortiWeb-1000B, a cluster of two FortiWeb hardware appliances. Another client, a university in Tunisia, started with the minimum GB1 or GB0 license and upgraded to GB8.

We also have a smaller client with around 30 users and five applications, and they use FortiWeb without any issues. FortiWeb is especially needed for clients working with specific sectors like banks, mobile-payment apps and insurance companies, as they often need to comply with PCI DSS and other standards.

I've been working with the Fortinet team for over five years, so I know how to contact them directly and ask the right questions.

There's F5, and also Radware. FortiWeb performs the same functions as F5, Cloudflare (which is cloud-based), and other products.

But, some of these other products are more developed, especially in terms of load-balancing services. But they all do the same basic functions. F5 and FortiWeb have similar features. FortiWeb is not as expensive as F5 and other products.

The security features, like SSL offloading, are the same. There's no latency in accessing our web apps with or without the WAF. The difference lies in the security of our web and mobile apps. There's no latency, so it's the same.

The deployment is easy, maybe because I'm familiar with Fortinet products and their deployment, whether it's hardware or virtual machines. Most of our clients are also familiar with Fortinet products and find the FortiWeb interface to be user-friendly, as it's similar to other Fortinet products like FortiGate and FortiAnalyzer.

There might be some technical aspects to the interface, but overall it's easy to use. For example, network settings are under "Network," system settings are under "System," and so on. It's consistent across all Fortinet products.

Integration with other products:

Most of our clients use Fortinet products like FortiGate firewalls, but there's no problem deploying FortiWeb with other products like Cisco or others. On the firewall, we create a virtual IP to pass traffic to FortiWeb, and then configure the virtual server and other settings on FortiWeb. FortiWeb also gives us the option to allow synchronization with SIEMs like QRadar and ArcSight.

So it can integrate with third-party tools. We can use any SIEM solution, like FortiSIEM or LogRhythm. We just need to configure the Syslog option on FortiWeb to forward logs to our SIEM server.

I work as a FortiWeb integrator.

It's not cheap, but it's not expensive either. It depends on the features you need and whether you choose hardware or a virtual machine.

I would rate the pricing a five out of ten, where one is high, and ten is low

As an integrator, I recommend FortiWeb to our clients and all other clients.

Overall, I would rate it an eight out of ten.