Skip to content Skip to navigation Skip to footer

Übersicht

FortiWeb, Fortinet’s Web Application Firewall, protects your business-critical web applications from attacks that target known and unknown vulnerabilities.

The attack surface of your web applications evolves rapidly, changing every time you deploy new features, update existing ones, or expose new web APIs. You need a solution that can keep up.  FortiWeb is that solution.

FortiWeb Models and Specifications

FortiWeb is available in many different form factors to meet your needs ranging from entry-level hardware appliances to sophisticated VM options that be incorporated into latest cloud environments.

Compare Products

Sortieren nach:

FortiWeb appliances use multi-core processor technology combined with hardware-based SSL tools to deliver blazing fast protected WAF throughput.
 

Durchsatz
50 Mbps
Ports
4x GE RJ45
Durchsatz
250 Mbps
Ports
4x GE RJ45, 4x GE SFP
Durchsatz
750 Mbps
Ports
4x GE RJ45 (2x bypass), 4x GE SFP
Durchsatz
1.3 Gbps
Ports
2x 10 GE SFP+, 2x GE RJ45, 4x GE RJ45 bypass, 4x GE SFP
Durchsatz
5 Gbps
Ports
4x GE RJ45 (4 bypass), 4 SFP GE RJ45, 4 x 10 GE SFP+
Durchsatz
10 Gbps
Ports
8x GE (8 bypass), 10x 10G SFP+ (2 bypass)
Durchsatz
70 Gbps
Ports
8x GE (8 bypass), 10x 10G SFP+ (2 bypass), 2x 40G QSFP (2 bypass)

The virtual versions of FortiWeb can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms.

Please see FortiWeb VM Installation Guide for versions supported.

Durchsatz
25 Mbps
vCPU
1
Durchsatz
100 Mbps
vCPU
2
Durchsatz
500 Mbps
vCPU
4
Durchsatz
3 Gbps
vCPU
8

Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.

FortiWeb is available in all major public cloud providers, including Amazon Web Services (AWS), Microsoft Azure, Oracle, and Google.  Amazon Web Services (AWS) and Microsoft Azure are supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the cloud Marketplace listings for more information:

FortiWeb container appliances secure your workloads and data in containerized environments.

Durchsatz
25 Mbps
Durchsatz
100 Mbps
Durchsatz
500 Mbps
Durchsatz
3 Gbps

Throughputs and other metrics are maximum values permitted for each version. Actual performance values may vary depending on the network traffic and system configuration.

FortiWeb Cloud WAF-as-a-Service is a SaaS cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero day threats and other application layer attacks. 

Requiring no hardware or software, FortiWeb Cloud WAF as a Service employs gateways running in most AWS regions to scrub your application traffic within the same region your applications reside.  Scrubbing traffic in region addresses performance and regulatory concerns and keeping traffic cost to minimum.

With a built in simple setup wizard and predefined policies, FortiWeb Cloud delivers the security you need within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge. 

For more information, visit here.

FortiWeb Cloud WAF-as-a-Service (FWCWaaS)

FortiWeb Cloud WAF-as-a-Service is a Security-as-a-Service (SaaS) cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero-day threats, and other application layer attacks.
 

Fortinet FortiWeb Cloud WAF-as-a-Service

Fortinet FortiWeb Cloud WAF-as-a-Service

Jetzt ansehen
Setting Up Fortinet's FortiWeb Cloud WAF-as-a-Service for AWS
How to Subscribe & Setup Fortinet’s FortiWeb Cloud WAF-as-a-Service for Azure
How to Subscribe & Setup FortiWeb Cloud WAF-as-a-Service for Google Cloud

Requiring no hardware or software, Fortinet delivers FortiWeb Cloud WAF-as-a-Service using WAF gateways in the same AWS, Azure and Google Cloud regions where the applications reside. Scrubbing traffic in region addresses performance and regulatory concerns while keeping traffic cost to minimum.

With a built-in setup wizard and predefined policies, FortiWeb Cloud WAF-as-a-Service delivers essential security within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge. Learn more about FortiWeb Cloud WAF-as-a-Service.

Advanced threat protection for web applications

FortiWeb Cloud WAF-as-a-Service safeguards applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), both unknown and zero-day attacks, and more. The solution also takes advantage of services from Fortinet’s award-winning FortiGuard Labs, providing signatures, sandboxing and IP reputation to ensure organizations have the latest protection and updates on threats.

Low total cost of ownership (TCO) 

As a cloud-native SaaS solution deployed in the same AWS, Azure or Google Cloud region as an organizations’ applications, FortiWeb Cloud WAF-as-a-Service does not require maintenance of hardware or software, and can significantly reduce outbound data transfer costs. Enjoy the benefits of low-latency and intra-region AWS bandwidth rates for traffic between applications and the WAF.

Simplified compliance requirements     

Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS, Azure or Google Cloud region as an organizations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.

Flexible purchasing options

Whether customers prefer pre-provisioned capacity or to pay by the volume of processed data, FortiWeb Cloud WAF-as-a-Service supports the most suitable option for customers’ business priorities and budgetary considerations.
 

Google Cloud Marketplace

See the Google Cloud Marketplace listing for details

AWS Marketplace

See the AWS Marketplace listing for details

Azure Marketplace

See the Azure Marketplace listing for details

Oracle Cloud Infrastructure Marketplace

See the Oracle Cloud Infrastructure Marketplace listing for details

Test Drive and Free Trial

Test drive a live demo and try FortiWeb Cloud WAF-as-a-Service for free for 14 days.

FortiGuard Security Services for FortiWeb

FortiWeb employs multiple FortiGuard security services to protect web applications from attack. These annual subscriptions can be purchased a la carte or as part of a bundle with your FortiWeb solution.

Web Application Security

FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats.

IP Reputation & Anti-botnet Security

The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.

Antivirus

FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

FortiSandbox Cloud

FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.

Credential Stuffing Defense

Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

 

Service Bundles

Standard

Protection that provides the core services for protecting your web-based applications that includes Web Application Security, IP Reputation & Anti-botnet, and Antivirus.

Advanced

When you want the best in web application security protection, the Advanced bundle includes all the services in the Standard bundle, plus FortiCloud Sandbox and Credential Stuffing Defense.

 

Sortieren nach:

Common Criteria

Fortinet products have received NDPP, EAL2+, and EAL4+ based Common Criteria certifications. Common Criteria evaluations involve formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during an evaluation. More information on the latest Fortinet Common Criteria Certifications are available below:

  • FortiWeb 5.6 CC NDcPP

ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall

FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.

FortiWeb Ecosystem

FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:

Fuse Community


FortiWeb Ecosystem

FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:

This full working demo lets you explore the many features of our FortiWeb Web Application Firewall (WAF). You’ll quickly see how FortiWeb easily displays system resource utilization and attack logs, and gives you everything you need in the easy-to-use attack console. Be sure to check out our comprehensive web protection profiles and in-depth reporting. 

Complete the form below to access the demo.

FortiWeb: Anwendungsfälle für den Schutz von Web-Anwendungen und APIs

Web-Anwendungen und APIs sind heute für den Aufbau geschäftskritischer Anwendungen unverzichtbar. Doch diese Anwendungen müssen mit den Anforderungen des Unternehmens Schritt halten können. FortiWeb bietet die Leistung, Verwaltung und umfassende Sicherheitsfunktionen, die Sie für den Schutz moderner Web-Anwendungen brauchen. 

 

Funktionen und Vorteile

Bewährter Schutz für Web-Anwendungen und APIs

FortiWeb schützt vor allen OWASP Top 10 Threats, DDoS-Angriffen, bösartigen Bot-Attacken und vielen anderen Bedrohungen, damit Ihre unternehmenskritischen webbasierten Anwendungen und APIs sicher sind. 

Bedrohungserkennung per maschinellem Lernen (ML)

Zusätzlich zu regelmäßigen Signaturaktualisierungen und vielen anderen Schutzmechanismen verwendet FortiWeb auch das maschinelle Lernen (ML), um Ihr Unternehmen vor Zero-Day-Angriffen zu schützen und Fehlalarme auf ein Minimum zu reduzieren. 

Security Fabric-Integration

Die Integration mit FortiGate-Firewalls und FortiSandbox bietet Schutz vor Advanced Persistent Threats.

Erweiterte visuelle Analytics

Die visuellen Reporting-Tools der FortiWeb bieten Detailanalysen von Angriffsquellen und -typen sowie von anderen Elementen. Damit erhalten Sie Einblicke, die andere WAF-Lösungen nicht liefern können. 

Tools für weniger Falsch-Positiv-Alarme 

Intelligente Tools minimieren das tägliche Anpassen von Richtlinien. Ausnahmelisten sorgen dafür, dass nur unerwünschter Traffic blockiert wird.

Hardwarebasierte Beschleunigung

Die FortiWeb bietet branchenführende geschützte WAF-Durchsätze mit ultraschneller, sicherer Ver- und Entschlüsselung des Traffics.

WAF-Lösung von FortiWeb

Die WAFs von FortiWeb bieten erweiterte Funktionen, die Ihre Web-Anwendungen und APIs vor bekannten und Zero-Day Bedrohungen sichern. FortiWeb schützt Sie mit einem intelligenten, mehrstufigen Ansatz vor den OWASP Top 10 und vielen weiteren Bedrohungen. Da FortiWeb ML den Schutz jeder Anwendung individuell anpasst, erhalten Sie eine zuverlässige Sicherheit – ohne zeitaufwendige manuelle Einstellungen wie bei anderen Lösungen. Mithilfe von maschinellem Lernen (ML) erkennt FortiWeb ungewöhnliches Verhalten und – was am wichtigsten ist – unterscheidet zwischen bösartigen und harmlosen Anomalien. Die Lösung bietet auch robuste Funktionen zur Bot-Abwehr, damit Verbindungen zu gutartigen Bots (wie Suchmaschinen) weiterhin möglich sind und nur schädliche Bot-Aktivitäten blockiert werden.

FortiWeb bietet Implementierungsoptionen zum Schutz von Geschäftsanwendungen – unabhängig davon, wo die Anwendung gehostet wird. Zu den Optionen gehören Hardware-Appliances, virtuelle Maschinen und Container, die im Rechenzentrum, in Cloud-Umgebungen oder in der cloudnativen SaaS-Lösung FortiWeb Cloud WAF-as-a-Service bereitgestellt werden können.

 

FortiWeb – Videos

Fortiweb – Maschinelles Lernen
Fortinet FortiWeb Cloud WAF-as-a-Service
"Die Cloud wird immer mehr an Bedeutung gewinnen. Es ist sinnvoll, für die Microsoft- und die Amazon-Cloud-Plattform eine gemeinsame Fortinet-Plattform zu verwenden. Das bietet den nötigen Schutz und ist auch wirtschaftlicher, da nicht zwei verschiedene Systeme zu erlernen und zu pflegen sind."
Stuart Berman
Global Security Architect, Steelcase

 

Lesen Sie den Steelcase-Anwenderbericht.