FortiWeb, Fortinet’s Web Application Firewall, protects your business-critical web applications from attacks that target known and unknown vulnerabilities.
The attack surface of your web applications evolves rapidly, changing every time you deploy new features, update existing ones, or expose new web APIs. You need a solution that can keep up. FortiWeb is that solution.
View our on-demand webinar Evolve Your Approach to Securely Deploying Web Applications to learn more FortiWeb’s innovative approach to securing your web applications, including our new SaaS offering: FortiWeb Cloud WAF as a Service.
FortiWeb WAFs provide advanced features that defend your web applications and APIs from known and zero-day threats. Using an advanced multi-layered approach, FortiWeb protects against the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application, providing robust protection without requiring the time-consuming manual tuning required by other solutions. With ML, FortiWeb identifies anomalous behavior and, more importantly, distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity.
FortiWeb offers deployment options that can protect business applications, no matter where the application is hosted. Options include hardware appliances, virtual machines, and containers that can be deployed in the data center, in cloud environments, or in the cloud-native SaaS solution, FortiWeb Cloud WAF as a Service.
Read the Steelcase case study
Proven Web Application and API Protection
ML-based Threat Detection
Security Fabric Integration
Advanced Visual Analytics
False Positive Mitigation Tools
Hardware-based Acceleration
Web applications and APIs have become the tools of choice for building business-critical applications, and those applications must keep up with needs of the business. FortiWeb offers the performance, manageability, and broad protection capabilities required to protect these modern web applications.
Block known and zero-day threats to applications without blocking legitimate users and without the excessive management overhead that traditional application learning requires.
Protect the APIs that support mobile applications and enable B2B communication.
Block malicious bot activity without blocking bots that support legitimate business needs, such as search engines, or health and performance monitoring tools.
FortiWeb is available in many different form factors to meet your needs ranging from entry-level hardware appliances to sophisticated VM options that be incorporated into latest cloud environments.
FortiWeb appliances use multi-core processor technology combined with hardware-based SSL tools to deliver blazing fast protected WAF throughput.
Throughput |
25 Mbps |
| Ports | 4x GE RJ45 |
Throughput |
100 Mbps |
| Ports | 4x GE RJ45, 4x GE SFP |
Throughput |
250 Mbps |
| Ports | 4x GE RJ45 (2x bypass), 4x GE SFP |
Throughput |
1 Gbps |
| Ports | 2x GE SFP, 6x GE RJ45 (includes 4x bypass) |
Throughput |
1.3 Gbps |
| Ports | 2x 10 GE SFP+, 2x GE RJ45, 4x GE RJ45 bypass, 4x GE SFP |
Throughput |
2.5 Gbps |
| Ports | 2x 10 GE SFP+, 4x GE RJ45 bypass, 4x GE SFP |
Throughput |
5 Gbps |
| Ports | 4x 10 GE SFP+, 8x GE RJ45 bypass, 4x GE SFP |
Throughput |
20 Gbps |
| Ports | 8x GE RJ45 bypass, 4x GE SFP, 2x 10G SFP+ bypass, 2x 10G SFP+ |
The virtual versions of FortiWeb can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms.
Throughput |
25 Mbps |
| vCPU | 1 |
Throughput |
100 Mbps |
| vCPU | 2 |
Throughput |
500 Mbps |
| vCPU | 4 |
Throughput |
3 Gbps |
| vCPU | 8 |
Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.
FortiWeb container appliances secure your workloads and data in containerized environments.
Throughput |
25 Mbps |
Throughput |
100 Mbps |
Throughput |
500 Mbps |
Throughput |
3 Gbps |
Throughputs and other metrics are maximum values permitted for each version. Actual performance values may vary depending on the network traffic and system configuration.
FortiWeb Cloud WAF-as-a-Service is a Security-as-a-Service (SaaS) cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero-day threats, and other application layer attacks.
Requiring no hardware or software, Fortinet delivers FortiWeb Cloud WAF-as-a-Service using WAF gateways in the same AWS, Azure and GCP regions where the applications reside. Scrubbing traffic in region addresses performance and regulatory concerns while keeping traffic cost to minimum.
With a built-in setup wizard and predefined policies, FortiWeb Cloud WAF-as-a-Service delivers essential security within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge. Learn more about FortiWeb Cloud WAF-as-a-Service.
FortiWeb Cloud WAF-as-a-Service safeguards applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), both unknown and zero-day attacks, and more. The solution also takes advantage of services from Fortinet’s award-winning FortiGuard Labs, providing signatures, sandboxing and IP reputation to ensure organizations have the latest protection and updates on threats.
As a cloud-native SaaS solution deployed in the same AWS, Azure or GCP region as an organizations’ applications, FortiWeb Cloud WAF-as-a-Service does not require maintenance of hardware or software, and can significantly reduce outbound data transfer costs. Enjoy the benefits of low-latency and intra-region AWS bandwidth rates for traffic between applications and the WAF.
Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS, Azure or GCP region as an organizations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.
Whether customers prefer pre-provisioned capacity or to pay by the volume of processed data, FortiWeb Cloud WAF-as-a-Service supports the most suitable option for customers’ business priorities and budgetary considerations.
Purchase via the GCP Marketplace
Purchase via the AWS Marketplace
Purchase via the Azure Markeplace
Test drive a live demo and try FortiWeb Cloud WAF-as-a-Service for free for 14 days.
FortiWeb employs multiple FortiGuard security services to protect web applications from attack. These annual subscriptions can be purchased a la carte or as part of a bundle with your FortiWeb solution.
FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats.
The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.
Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.
Standard
Protection that provides the core services for protecting your web-based applications that includes Web Application Security, IP Reputation & Anti-botnet, and Antivirus.
Advanced
When you want the best in web application security protection, the Advanced bundle includes all the services in the Standard bundle, plus FortiCloud Sandbox and Credential Stuffing Defense.
Fortinet products have received NDPP, EAL2+, and EAL4+ based Common Criteria certifications. Common Criteria evaluations involve formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during an evaluation. More information on the latest Fortinet Common Criteria Certifications are available below:
FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.
FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.
Thales is a global high technology leader investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technology. Together with Fortinet, Thales provides advanced security certificate management by the Luna HSM for the encryption and decryption of secure application and session traffic.
Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost, and accelerate the deployment of secure applications and websites.
FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:
Alcide is a cloud-native security leader with the mission to empower DevOps and security teams to manage application and networking security through the intelligent automation of security policies applied uniformly, regardless of the workload and infrastructure.
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
DFLabs IncMan SOAR leverages existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of incidents. Together with Fortinet, IncMan allows joint customers to respond to security incidents in a faster, more informed and efficient manner.
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
LinkShadow Cybersecurity Analytics Platform is a world-leading UEBA and Threat-Hunting Solution Provider. Together with Fortinet, LinkShadow can empower the Security team with cutting-edge Threat Anticipation with Proactive Incident Response, while simultaneously gaining rapid insight into the effectiveness of the existing security investments.
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.
Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix enterprise cloud platform leverages web-scale engineering and consumer-grade design to natively converge compute, virtualization and storage into a resilient, software-defined solution that delivers any application at any scale.
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.
Restorepoint’s solutions help organisations and service providers reduce cost, manage unforeseen risks, and to accelerate change management across their multi-vendor network infrastructures. Using our cost-effective products, customers can quickly automate Network Outage Protection, Compliance Auditing, and Privileged Access Management and to simplify Bulk Change Management.
Splunk Inc. is the market-leading platform that powers Operational Intelligence.
Thales is a global high technology leader investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technology. Together with Fortinet, Thales provides advanced security certificate management by the Luna HSM for the encryption and decryption of secure application and session traffic.
Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost, and accelerate the deployment of secure applications and websites.
Log into our SaaS portal and explore the many features of our FortiWeb Cloud WAF as a Service. Enjoy comprehensive Web Application Security without the need to manage and maintain appliances or virtual instances.
Access the demoThis full working demo lets you explore the many features of our FortiWeb Web Application Firewall (WAF). You’ll quickly see how FortiWeb easily displays system resource utilization and attack logs, and gives you everything you need in the easy-to-use attack console. Be sure to check out our comprehensive web protection profiles and in-depth reporting.
Complete the form below to access the demo.
