FortiWeb web application firewall (WAF) protects business-critical web applications from attacks that target known and unknown vulnerabilities. Advanced ML-powered features improve security and reduce administrative overhead. Capabilities include anomaly detection, API discovery and protection, bot mitigation, and advanced threat analytics to identify the most critical threats across all protected applications.
Overview
FortiWeb Models and Specifications
FortiWeb is available in many different form factors to meet your needs ranging from entry-level hardware appliances to sophisticated VM options that be incorporated into latest cloud environments.
View by:
FortiWeb appliances use multi-core processor technology combined with hardware-based SSL tools to deliver blazing fast protected WAF throughput.
Throughput |
50 Mbps |
| Ports | 4x GE RJ45 |
Throughput |
250 Mbps |
| Ports | 4x GE RJ45, 4x GE SFP |
Throughput |
750 Mbps |
| Ports | 4x GE RJ45 (2x bypass), 4x GE SFP |
Throughput |
1.3 Gbps |
| Ports | 2x 10 GE SFP+, 2x GE RJ45, 4x GE RJ45 bypass, 4x GE SFP |
Throughput |
5 Gbps |
| Ports | 4x GE RJ45 (4 bypass), 4 SFP GE RJ45, 4 x 10 GE SFP+ |
Throughput |
10 Gbps |
| Ports | 8x GE (8 bypass), 10x 10G SFP+ (2 bypass) |
Throughput |
70 Gbps |
| Ports | 8x GE (8 bypass), 10x 10G SFP+ (2 bypass), 2x 40G QSFP (2 bypass) |
The virtual versions of FortiWeb can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms.
Throughput |
25 Mbps |
| vCPU | 1 |
Throughput |
100 Mbps |
| vCPU | 2 |
Throughput |
500 Mbps |
| vCPU | 4 |
Throughput |
3 Gbps |
| vCPU | 8 |
Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.
FortiWeb is available in all major public cloud providers, including Amazon Web Services (AWS), Microsoft Azure, Oracle, and Google. Amazon Web Services (AWS) and Microsoft Azure are supported for both BYOL (bring your own license) and On-demand (pay-as-you go). Please see the cloud Marketplace listings for more information:
FortiWeb container appliances secure your workloads and data in containerized environments.
Throughput |
25 Mbps |
Throughput |
100 Mbps |
Throughput |
500 Mbps |
Throughput |
3 Gbps |
Throughputs and other metrics are maximum values permitted for each version. Actual performance values may vary depending on the network traffic and system configuration.
FortiWeb Cloud WAF-as-a-Service is a SaaS cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero day threats and other application layer attacks.
Requiring no hardware or software, FortiWeb Cloud WAF as a Service employs gateways running in most AWS regions to scrub your application traffic within the same region your applications reside. Scrubbing traffic in region addresses performance and regulatory concerns and keeping traffic cost to minimum.
Requiring no hardware or software, FortiWeb Cloud WAF as a Service employs gateways running in most AWS regions to scrub your application traffic within the same region your applications reside. Scrubbing traffic in region addresses performance and regulatory concerns and keeping traffic cost to minimum.
With a built in simple setup wizard and predefined policies, FortiWeb Cloud delivers the security you need within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge.
For more information, visit here.
FortiWeb Cloud WAF-as-a-Service (FWCWaaS)
FortiWeb Cloud WAF-as-a-Service is a Security-as-a-Service (SaaS) cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero-day threats, and other application layer attacks.
|
Fortinet FortiWeb Cloud WAF-as-a-Service
Fortinet FortiWeb Cloud WAF-as-a-Service
Watch NowRequiring no hardware or software, Fortinet delivers FortiWeb Cloud WAF-as-a-Service using WAF gateways in the same AWS, Azure and Google Cloud regions where the applications reside. Scrubbing traffic in region addresses performance and regulatory concerns while keeping traffic cost to minimum.
With a built-in setup wizard and predefined policies, FortiWeb Cloud WAF-as-a-Service delivers essential security within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge. Learn more about FortiWeb Cloud WAF-as-a-Service.
Advanced threat protection for web applications
FortiWeb Cloud WAF-as-a-Service safeguards applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), both unknown and zero-day attacks, and more. The solution also takes advantage of services from Fortinet’s award-winning FortiGuard Labs, providing signatures, sandboxing and IP reputation to ensure organizations have the latest protection and updates on threats.
Low total cost of ownership (TCO)
As a cloud-native SaaS solution deployed in the same AWS, Azure or Google Cloud region as an organizations’ applications, FortiWeb Cloud WAF-as-a-Service does not require maintenance of hardware or software, and can significantly reduce outbound data transfer costs. Enjoy the benefits of low-latency and intra-region AWS bandwidth rates for traffic between applications and the WAF.
Simplified compliance requirements
Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS, Azure or Google Cloud region as an organizations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.
Flexible purchasing options
Whether customers prefer pre-provisioned capacity or to pay by the volume of processed data, FortiWeb Cloud WAF-as-a-Service supports the most suitable option for customers’ business priorities and budgetary considerations.
Google Cloud Marketplace
See the Google Cloud Marketplace listing for details
AWS Marketplace
See the AWS Marketplace listing for details
Azure Marketplace
See the Azure Marketplace listing for details
Oracle Cloud Infrastructure Marketplace
See the Oracle Cloud Infrastructure Marketplace listing for details
Test Drive and Free Trial
Test drive a live demo and try FortiWeb Cloud WAF-as-a-Service for free for 14 days.
FortiGuard Security Services for FortiWeb
FortiWeb employs multiple FortiGuard security services to protect web applications from attack. These annual subscriptions can be purchased a la carte or as part of a bundle with your FortiWeb solution.
Web Application Security
FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats.
IP Reputation & Anti-botnet Security
The FortiGuard IP Reputation Service aggregates malicious source IP data from the Fortinet distributed network of threat sensors, CERTs, MITRE, cooperative competitors, and other global sources that collaborate to provide up-to-date threat intelligence about hostile sources. Near real-time intelligence from distributed network gateways combined with world-class research from FortiGuard Labs helps organizations stay safer and proactively block attacks.
Antivirus
FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.
FortiSandbox Cloud
FortiSandbox Cloud Service is an advanced threat detection solution that performs dynamic analysis to identify previously unknown malware. Actionable intelligence generated by FortiSandbox Cloud is fed back into preventive controls within your network—disarming the threat.
Credential Stuffing Defense
Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.
Service Bundles
Standard
Protection that provides the core services for protecting your web-based applications that includes Web Application Security, IP Reputation & Anti-botnet, and Antivirus.
Advanced
When you want the best in web application security protection, the Advanced bundle includes all the services in the Standard bundle, plus FortiCloud Sandbox and Credential Stuffing Defense.
View by:
Case Studies
Solution Guides
eBooks
Webinars and Videos
Common Criteria
Fortinet products have received NDPP, EAL2+, and EAL4+ based Common Criteria certifications. Common Criteria evaluations involve formal rigorous analysis and testing to examine security aspects of a product or system. Extensive testing activities involve a comprehensive and formally repeatable process, confirming that the security product functions as claimed by the manufacturer. Security weaknesses and potential vulnerabilities are specifically examined during an evaluation. More information on the latest Fortinet Common Criteria Certifications are available below:
- FortiWeb 5.6 CC NDcPP
ICSA Labs Certified: Antivirus, Corporate Firewall, IPsec, NIPS, SSL-TLS, and Web Application Firewall
FortiGate and FortiWeb products are evaluated against ICSA criteria in 6 popular Certification programs. ICSA Labs manages and sponsors security consortia that provides a forum for intelligence sharing among the leading vendors of security products. In addition, ICSA Labs publishes surveys, security industry studies, and buyer's guides for computer security products.
FortiWeb Ecosystem
FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:
Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
- Fortinet-HPE Alliance Brief
- HPE Aruba Solution Brief
- HPE Aruba Technical Guide
- Fortinet and HPE-GreenLake Solution Brief
- Fortinet and HPE Edgeline Converged Edge Systems and OT Link Solution Brief
- Fortinet and HPE IT OT Convergence Security Solution White Paper
- Fortinet and HPE Proliant for Microsoft Azure Solution Brief
- Fortinet and HPE Proliant for Microsoft Azure White Paper
- Fortinet-HPE SDN Solution Brief
- Fortinet, HPE, and Pensando Innovative Edge-to-Core Solution Brief
- Fortinet, HPE, and Scality Distributed Object Storage Environment Solution Brief
- Fortinet and HPE Zerto Ransomware Protection Solution Brief
IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- IBM Security Alliance Overview
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Fortinet - IBM Cloud Connector Solution Brief
- Fortinet FortiSOAR Connector for IBM QRadar
- IIoT World Webinar Recording
Qualys
Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.
Thales
Thales is a global high technology leader investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technology. Together with Fortinet, Thales provides advanced security certificate management by the Luna HSM for the encryption and decryption of secure application and session traffic.
WhiteHat
Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost, and accelerate the deployment of secure applications and websites.
Fuse Community
FortiWeb Ecosystem
FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:
Alcide
Alcide is a cloud-native security leader with the mission to empower DevOps and security teams to manage application and networking security through the intelligent automation of security policies applied uniformly, regardless of the workload and infrastructure.
Amazon Web Services
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Cubro
Cubro is a leading manufacturer and global supplier of IT Network TAPs, Advanced Network Packet Brokers and Bypass Switches. Together with Fortinet we enable total network visibility into your traffic, where we differentiate solutions for Telecommunications, ISP, Data Centre, Enterprise, and Government in virtualized or physical environments.
D3 Security
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
DFLabs
DFLabs IncMan SOAR leverages existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of incidents. Together with Fortinet, IncMan allows joint customers to respond to security incidents in a faster, more informed and efficient manner.
ElevenPaths
At ElevenPaths, Telefónica Cyber Security Unit, we believe in the idea of challenging the current state of security, an attribute that must always be present in technology. We’re always redefining the relationship between security and people, with the aim of creating innovative security products which can transform the concept of security, thus keeping us one step ahead of attackers, who are increasingly present in our digital life.
- Fortinet-ElevenPaths Metashield for ICAP solution brief
- Fortinet-ElevenPaths Vamps solution brief
- Press Release
Gigamon
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
Google Cloud Platform
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
HashiCorp
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded tens of millions of times each year and are broadly adopted by the Global 2000.
Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
- Fortinet-HPE Alliance Brief
- HPE Aruba Solution Brief
- HPE Aruba Technical Guide
- Fortinet and HPE-GreenLake Solution Brief
- Fortinet and HPE Edgeline Converged Edge Systems and OT Link Solution Brief
- Fortinet and HPE IT OT Convergence Security Solution White Paper
- Fortinet and HPE Proliant for Microsoft Azure Solution Brief
- Fortinet and HPE Proliant for Microsoft Azure White Paper
- Fortinet-HPE SDN Solution Brief
- Fortinet, HPE, and Pensando Innovative Edge-to-Core Solution Brief
- Fortinet, HPE, and Scality Distributed Object Storage Environment Solution Brief
- Fortinet and HPE Zerto Ransomware Protection Solution Brief
IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio enables organizations to effectively manage risk and defend against emerging threats.
- IBM Security Alliance Overview
- Fortinet – IBM Security AppScan Solution Brief
- Fortinet – IBM Security QRadar Solution Brief
- Fortinet FortiGate and IBM QRadar Deployment Guide
- FortiGate App For IBM QRadar Technical Solution Guide
- Fortinet - IBM Resilient Technical Deployment Guide
- Fortinet - IBM Cloud Connector Solution Brief
- Fortinet FortiSOAR Connector for IBM QRadar
- IIoT World Webinar Recording
Micro Focus
Micro Focus is a global software company with 40 years of experience in delivering and supporting enterprise software solutions that help customers innovate faster with lower risk. Our portfolio enables our 20,000 customers to build, operate and secure the applications and IT systems that meet the challenges of change. We are a global software company, committed to enabling customers to both embrace the latest technologies and maximize the value of their IT investments. Everything we do is based on a simple idea: the fastest way to get results from new technology investments is to build on what you have–in essence, bridging the old and the new.
- Fortinet-Micro Focus Fortify WebInspect Solution Brief
- Fortinet-Micro Focus ArcSight ESM Solution brief
- ArcSight Marketplace
Microsoft Azure
Microsoft is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.
Nutanix
Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix enterprise cloud platform leverages web-scale engineering and consumer-grade design to natively converge compute, virtualization and storage into a resilient, software-defined solution that delivers any application at any scale.
Oracle
Oracle offers a comprehensive and fully integrated stack of cloud applications and platform services.
Qualys
Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions with over 8,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.
Red Hat Ansible
The Fortinet–Red Hat partnership enables innovative and high-performance security solutions that can be easily managed and scaled with automation to reduce complexity. Integrations between multiple Fortinet and Red Hat solutions, including Ansible, Openstack and Openshift, provide options to secure applications, workloads, networks, and clouds that can adapt to evolving business needs.
Restorepoint
Restorepoint’s solutions help organisations and service providers reduce cost, manage unforeseen risks, and to accelerate change management across their multi-vendor network infrastructures. Using our cost-effective products, customers can quickly automate Network Outage Protection, Compliance Auditing, and Privileged Access Management and to simplify Bulk Change Management.
Splunk
Splunk Inc. is the market-leading platform that powers Operational Intelligence.
Thales
Thales is a global high technology leader investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technology. Together with Fortinet, Thales provides advanced security certificate management by the Luna HSM for the encryption and decryption of secure application and session traffic.
WhiteHat
Combining advanced technology with the expertise of its global Threat Research Center (TRC) team, WhiteHat delivers application security solutions that reduce risk, reduce cost, and accelerate the deployment of secure applications and websites.
View by:
This full working demo lets you explore the many features of our FortiWeb Web Application Firewall (WAF). You’ll quickly see how FortiWeb easily displays system resource utilization and attack logs, and gives you everything you need in the easy-to-use attack console. Be sure to check out our comprehensive web protection profiles and in-depth reporting.
Complete the form below to access the demo.
FortiWeb: Web Application and API Protection Use Cases
Web applications and APIs have become the tools of choice for building business-critical applications, and those applications must keep up with needs of the business. FortiWeb offers the performance, manageability, and broad protection capabilities required to protect these modern web applications.
Web Application Security
Block known and zero-day threats to applications without blocking legitimate users and without the excessive management overhead that traditional application learning requires.
Bot Defense
Block malicious bot activity without blocking bots that support legitimate business needs, such as search engines, or health and performance monitoring tools.
API Discovery and Protection
Protect the APIs that enable B2B communications and support your mobile applications.
SOC Operations
Use Threat Analytics to consolidate raw event data into a clear picture of the most significant threats.
Regulatory Compliance
Address regulatory compliance requirements related to public-facing applications, including PCI-DSS requirements.
Features and Benefits
Proven Web Application and API Protection
FortiWeb protects against all OWASP Top-10 threats, DDoS attacks, malicious bot attacks, and more to defend mission-critical web applications and APIs.
ML-based Threat Detection
In addition to regular signature updates and many other layers of defenses, FortiWeb uses ML to protect against zero-day attacks and minimize false positives.
Security Fabric Integration
Integration with FortiGate firewalls and FortiSandbox deliver protection from advanced persistent threats
Advanced Visual Analytics
FortiWeb’s visual reporting tools provide detailed analyses of attack sources, types and other elements that provide insights not available with other WAF solutions
False Positive Mitigation Tools
Advanced tools that minimize the day-to-day management of policies and exception lists to ensure only unwanted traffic is blocked
Hardware-based Acceleration
FortiWeb delivers industry-leading protected WAF throughputs and blazing fast secure traffic encryption/decryption
FortiWeb's WAF Solution
FortiWeb WAFs provide advanced features that defend your web applications and APIs from known and zero-day threats. Using an advanced multi-layered approach, FortiWeb protects against the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application, providing robust protection without requiring the time-consuming manual tuning required by other solutions. With ML, FortiWeb identifies anomalous behavior and, more importantly, distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity.
FortiWeb offers deployment options that can protect business applications, no matter where the application is hosted. Options include hardware appliances, virtual machines, and containers that can be deployed in the data center, in cloud environments, or in the cloud-native SaaS solution, FortiWeb Cloud WAF as a Service.
FortiWeb Videos
Read the Steelcase case study
