Network Security, Enterprise and Data-Center Firewall | Fortinet

You are here

Web Application Firewall - FortiWeb

The FortiWeb Web Application Firewall provides specialized, layered application threat protection for medium and large enterprises, application service providers, and SaaS providers. FortiWeb Web Application Firewall protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against malicious sources, application layer DoS Attacks and Sophisticated Threats like SQL injection and Cross-site scripting.

FortiWeb platforms help you prevent identity theft, financial fraud and denial of service. It delivers the technology you need to monitor and enforce government regulations, industry best practices, and internal policies.


  • WAF throughput from 25 Mbps to 20 Gbps.
  • Included Vulnerability Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6.
  • Guarantees security of web applications and secures sensitive database content by blocking threats such as cross-site scripting, SQL injection, buffer overflows, file inclusion, denial of service, cookie poisoning, schema poisoning, and countless other attacks.
  • Aides in PCI DSS 6.6 compliance by protecting against OWASP Top 10 web application vulnerabilities.
  • Centralized Management and Administrative Domains (ADOMs) provide the abilities to manage multiple FortiWeb gateways from a single console and provide administration rights to designated domain owners to manage their own applications separately from others on the same FortiWeb device.
  • IP Reputation Service helps protect against automated web attacks by identifying access from botnets and malicious sources.
  • Third-party scanner integration for Virtual Patching of applications.
  • REST API for integration into management and reporting systems.
  • Bot dashboard analyzes traffic from malicious robots, crawlers, scanners and search engines.
  • Automatically and dynamically profiles user activity to create a baseline of allowed activity.
  • Network and application layer DoS/DDoS protection.
  • SSL encryption co-processing accelerates transaction times, offloads encryption functions, reduces web server processing requirements.
  • Integration into FortiSandbox for advanced persistent threat (ATP) protection.
  • Layer 7 load balancing and content-based routing increases application speeds, improves server resource utilization and stabilizes applications.
  • Web Application Firewall FWB-3000E front view
    Web App Firewall Appliances FortiWeb
    Entry-level, Mid-range & High-end WAF for enterprise and MSPs
  • Virtual Web App Firewall FortiWeb
    Virtual WAF with 2x/4x/8x CPU support

Product Demos


The system is highly cost-effective in terms of functionality and efficiency and provides unmatched security, said Mr. Wooho Kyeong, Manager of IT Team at AMC. "We were impressed by the wide range of security features and we found, in particular, that the FortiGuard? Distribution Network was particularly effective in dealing with viruses and spam. Our regional hospitals now have the degree of stability and availability in their computer networks that is needed in the important medical work that they do."

Wooho Kyeong
Manager of IT Team