My main use case is for security and routing.
Fortinet Managed Rules for AWS WAF - API Security
Fortinet Inc.External reviews
49 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Easy to setup, stable and scalable solution
What is our primary use case?
What is most valuable?
It is good for web tracking applications.
What needs improvement?
There is room for improvement in pricing, and actually, the price is a bit higher because on the same terms I purchased, the support subscription is so high.
For how long have I used the solution?
I've been using it for a long time. It has been more than three years now.
What do I think about the stability of the solution?
Stability is guaranteed stability. I'm okay with stability. I would rate the stability an eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten.
How are customer service and support?
I am okay with the support. The support's subscription is high.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
pfSense is open-source and free, while FortiWeb is subscription-based. Both are manageable, but FortiWeb's features scale up connections per second, depending on the payment plan.
How was the initial setup?
I would rate my experience with the initial setup a nine out of ten, where one is difficult, and ten is easy.
It took us two days to set up.
What about the implementation team?
I deployed it myself. I just got a reference from the old system, and I configured it.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing a seven out of ten, where one is cheap and ten is expensive.
What other advice do I have?
Overall, I would rate it a solid eight out of ten.
User-friendly, stable and efficiently secure VMs and applications
What is our primary use case?
I initially deployed it for my company, but now I administrate it for a client.
What is most valuable?
We use it to secure VMs and applications in Azure. It protects against DDoS attacks.
It's very user-friendly.
What needs improvement?
There is room for improvement in the support. The response time could be faster. Plus, they ask for a lot of information. It is not easy to get support.
In future releases, I would like to see added antivirus features that provide user-based activity indicators. For example, if a user downloads a large number of files or connects frequently, the WAF could flag this activity for investigation.
For how long have I used the solution?
I have been using it for three months now.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
It is a scalable product.
How are customer service and support?
For some initial issues. It's good, but not during the first year. FortiWeb could improve response time and first-level support clarity.
How would you rate customer service and support?
Positive
What about the implementation team?
The first implementation with an expert took two hours. My solo attempt took three weeks.
What other advice do I have?
Take time to test it thoroughly. Consider buying an existing solution if needed.
Overall, I would rate the solution an eight out of ten.
A security solution for securing the Internet facing servers but lacks several security features
What is our primary use case?
We use the solution for securing the Internet-facing servers where you can do the load balancing with the web appliance.
What needs improvement?
FortiWeb WAF lacks several security features compared to F5. F5 can incept the traffic to layer seven; FortiWeb can do it, too, but it is a tough process. We have to get support from Fortinet.
For how long have I used the solution?
I have been using FortiWeb as a partner for two years. We are using V7.2 of the solution.
What do I think about the stability of the solution?
Fortinet has many issues, like the zero-day attacks. Certain critical work vulnerabilities need to be immediately upgraded as an enterprise. You cannot initiate the upgrade anytime because it affects production. Usually, we schedule the upgrade. We do the configuration and scheduling of the updates. Fortinet is a 24/7 company that can release updates any time, regardless of the day of the week. FortiWeb WAF is a security solution that can be updated at any time, irrespective of the day of the week.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
On two recent occasions, I experienced delays in resolving technical issues with Fortiweb WAF, particularly when configuring explicit proxies on FortiGate firewalls. As a Fortinet partner, I was disappointed that our dedicated support channel was unavailable and that I could not obtain licenses or hardware assistance despite escalating to the country manager. Additionally, the technical support response times in the Middle East region have been inconsistent, with some areas providing excellent support while others have been unresponsive. This inconsistency has been particularly frustrating when dealing with urgent issues at remote sites. Overall, the support experience for Fortiweb WAF has been inconsistent and frustrating, particularly for Fortinet partners.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used Kemp before, but I also dislike the FortiWeb. I'm trying to move to F5 because F5 is very good.
How was the initial setup?
FortiWeb comes with an IP address. You need to log into the web console, and you can do it with the CLI using the console cable. You have to go in; it will initially give you a setup wizard and configure the hostname, interfaces, etc. The setup is relatively easy, but when it comes to advanced deployments. Kemp is a relatively affordable and capable solution. Fortiweb WAF offered all the features, making Kemp less appealing for enterprise-level applications. Kemp is suitable for smaller or regional websites, but it may not be as robust for global deployments.
Additionally, I could not locate the virtual domain feature in Fortiweb WAF. This feature would allow me to assign different domain names to a single website based on the user's location. Fortiweb WAF presented EDS as a workaround, but the process was overly complex and inconvenient.
Firstly, expect load balancing and a web application firewall for the same product Fortinet is offering. Start by booting up the device and use FortiWeb to connect the file by application firewall. There's a default IP address without any password. You log in, and then it shows your initial setup wizard. The wizard helps you set up the host names, Fortinet account, FortiCloud account, etc. After that, you start setting up your physical servers; then you give a virtual server, which will be a point. In a network with a firewall and port forwarding, the FortiWeb WAF device can act as a load balancer and a security gateway. It can receive traffic from the firewall, decrypt SSL/TLS traffic, inspect traffic for layer seven vulnerabilities, and then forward traffic to the appropriate internal server based on load-balancing algorithms and application-specific information provided by the servers. The FortiWeb WAF can monitor server health and performance and automatically switch traffic away from unhealthy servers.
Deployment depends on how much complexity you want to add to the product. If the customer requirement is easy, you may deploy it in one day. For example, I was working on a project with around 16 servers. Each server has a different data source; one server gives the back end, whereas the other provides the front end. That was a complex deployment. It will take around four to five days to deploy if you want to go deeper into it.
What was our ROI?
We have achieved 70% ROI.
What's my experience with pricing, setup cost, and licensing?
FortiWeb is expensive. F5 is also very expensive, but it is value for money.
What other advice do I have?
The solution’s maintenance and UI are easy, but some features are hidden. Their quality assurance needs to work. We used to have the upgrades and patches every month or 15 days, but now they are coming every week too. We have vulnerability.
The product needs to get more mature.
Overall, I rate the solution a six out of ten.
Has a user-friendly dashboard, but its technical support services need improvement
What is our primary use case?
We use FortiWeb for protecting web applications.
What is most valuable?
The product has a very user-friendly dashboard.
What needs improvement?
The software's support services could be better compared to Sophos.
What do I think about the scalability of the solution?
The product's scalability could be better compared to Sophos.
How are customer service and support?
It is challenging to communicate with the FortiWeb's support team.
Which solution did I use previously and why did I switch?
We use Sophos as well.
How was the initial setup?
FortiWeb's configuration process is more difficult than Sophos. I rate the process a one out of ten.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. I rate the pricing a ten out of ten.
What other advice do I have?
I rate FortiWeb a five out of ten.
An easy-to-deploy solution with machine learning features that reduce false positives
What is most valuable?
The product has some unique features. The machine learning feature reduces the false positives. The tool detects zero-day attacks. It has an in-built antivirus, which most WAF tools do not have.
What needs improvement?
Advanced configurations require high skill. FortiWeb team should work on making it easier. The documentation is poor. The tool must provide advanced and robust DDoS protection.
For how long have I used the solution?
I have been using the solution for almost six years.
How are customer service and support?
The technical support is fine. The support team gives delayed responses if there is a complex issue.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have worked with F5 Advanced WAF. It is a robust product and is suitable for complex environments. It is flexible. However, it depends on other solutions for inbuilt security and packet inspection.
How was the initial setup?
The initial setup is easy. It requires less intervention.
What's my experience with pricing, setup cost, and licensing?
I recommend the product to others. Overall, I rate the solution an eight out of ten.
An useer-friendly solution with easy configuration
What is most valuable?
The tool's HTTP traffic, website fixing, and blocking are fantastic. It is user-friendly with easy configuration.
What needs improvement?
FortiWeb Web Application Firewall needs to improve its performance.
What do I think about the scalability of the solution?
FortiWeb Web Application Firewall is scalable.
How are customer service and support?
The tool's tech support is good.
How was the initial setup?
The tool's installation is straightforward.
What's my experience with pricing, setup cost, and licensing?
FortiWeb Web Application Firewall is not expensive.
What other advice do I have?
I rate the solution an eight out of ten.
Helps us to view all of our logs on one platform
What is our primary use case?
I have a multi-cloud environment. I have a production workload in Nigeria, with some data centers in Continental Europe and in the East US in multiple regions.
We have two different public clouds, AWS and Azure. Because of how Fortinet works, we connect to our customers via a remote access VPN.
What is most valuable?
The fact that I can log into the platform and see everybody, see logs, authentication failure, and see everything on one platform, is the most valuable feature.
Emails can be configured, and text messages can be sent via the mobile app.
It is a cheap solution.
What needs improvement?
The user interface can be improved. Also, there are authentication failures that need improvement in the next release.
For how long have I used the solution?
How are customer service and support?
The technical support team is bad.
How would you rate customer service and support?
Neutral
What other advice do I have?
I would rate the overall solution a eight out of ten due to the support and user interface issues.
A cost-effective solution for web security but lacks stability
What is our primary use case?
We use the solution for the office in Oracle.
What is most valuable?
Fortinet FortiWeb is priced well.
What needs improvement?
The product’s stability could be improved.
For how long have I used the solution?
I have been using Fortinet FortiWeb for one year. We are using the latest version of the solution.
What do I think about the stability of the solution?
The product’s stability is normal. I rate it six out of ten.
What do I think about the scalability of the solution?
The solution is scalable.
How was the initial setup?
The initial setup depends on technical knowledge.
What's my experience with pricing, setup cost, and licensing?
The solution is cheaper compared with other solutions. It has a yearly license.
What other advice do I have?
Overall, I rate the solution a seven out of ten.
AWS WAF - API Gateway
What do you like best about the product?
This feature makes it very easy for developers like me. With this feature, I can create new projects quickly and easily!
What do you dislike about the product?
So far I'm using this feature well for problems I can still fix and I still like it
What problems is the product solving and how is that benefiting you?
So far I'm using this feature well for issues I can still fix and I still like it
34
What do you like best about the product?
Fortinet Managed Rules for AWS WAF - API Gateway offers robust pre-configured security rules, real-time threat intelligence, and seamless AWS integration, providing a comprehensive and easy-to-manage solution for safeguarding your API Gateway deployments.
What do you dislike about the product?
but I do not have access to specific user feedback or examples regarding Fortinet Managed Rules for AWS WAF - API Gateway. If you have specific questions or concerns about the service, I recommend reaching out to Fortinet directly or consulting online resources and reviews to gather information on user experiences, likes, and dislikes related to this product.
What problems is the product solving and how is that benefiting you?
Fortinet Managed Rules for AWS WAF - API Gateway aims to address several common security challenges associated with protecting web applications and APIs. Here's how it can benefit organizations:
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
Protection Against Web Application Attacks: Fortinet Managed Rules help mitigate threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. This protection ensures the integrity and availability of web applications and APIs.
Automated Threat Intelligence: Fortinet incorporates real-time threat intelligence into their rules, allowing organizations to stay updated on emerging threats without manual intervention. This proactive approach helps defend against new attack vectors and vulnerabilities.
Ease of Implementation: By providing pre-configured security rules, Fortinet simplifies the process of setting up and managing security for AWS API Gateway. This can save time and resources compared to manual rule creation.
Centralized Management: Organizations can manage security policies across multiple API Gateway instances using Fortinet's centralized management console. This streamlines the administration of security rules and ensures consistency.
Customization: While offering pre-configured rules, Fortinet Managed Rules also allow customization. Organizations can tailor security policies to their specific application requirements, ensuring a balance between security and functionality.
Scalability: Fortinet's solution can scale with the organization's infrastructure, accommodating increased API traffic and maintaining effective security measures as the business grows.
Compliance Support: For organizations subject to regulatory requirements, Fortinet Managed Rules can help establish and maintain the necessary security controls to meet compliance standards, thus avoiding potential legal and financial penalties.
showing 31 - 40