Skip to content Skip to navigation Skip to footer

Web Application Firewall (WAF): FortiWeb

Cybersecurity Insiders 2021 Application Security Report
Web Application Firewall (WAF): FortiWeb
banner background banner dots


FortiWeb, Fortinet’s Web Application Firewall, protects your business-critical web applications from attacks that target known and unknown vulnerabilities.

The attack surface of your web applications evolves rapidly, changing every time you deploy new features, update existing ones, or expose new web APIs. You need a solution that can keep up.  FortiWeb is that solution.

FortiWeb 型號與規格

FortiWeb 有眾多不同型號和各種不同形式,無論您是想要入門級的硬體設備還是可適應最新雲端環境的複雜 VM,都可以滿足。

View by:

2.5 Mbps
4x GE RJ45
250 Mbps
4x GE RJ45、4x GE SFP
480 Mbps
4x GE RJ45 (2x bypass)、4x GE SFP
1.3 Gbps
2x 10 GE SFP+、2x GE RJ45、4x GE RJ45 bypass、4x GE SFP
2.5 Gbps
2x 10 GE SFP+、4x GE RJ45 bypass、4x GE SFP
5 Gbps
4x 10 GE SFP+、8x GE RJ45 bypass、4x GE SFP
20 Gbps
8x GE RJ45 bypass、4x GE SFP、2x 10G SFP+ bypass、2x 10G SFP+
Vmware、Microsoft Hyper-V、Citrix XenServer、Open Source Xen、KVM、亞馬遜網路服務 (AWS) 與 Microsoft Azure。有關支援的版本,請查閱 FortiWeb VM 安裝指南

2.5 Mbps
100 Mbps
250 Mbps
1 Gbps
實際的效能值可能因網路流量與系統組態而異。使用 Dell PowerEdge R710 伺服器(2x Intel Xeon E5504 2.0 GHz 4 MB 快取)執行 VMware ESXi 5.5,4 vCPU 與 8 vCPU FortiWeb 虛擬設備指派 4 GB 的 vRAM,2 vCPU FortiWeb 虛擬設備指派 4 GB 的 vRAM,以查看其效能指標。
對於亞馬遜網路服務 (AWS) 與 Microsoft Azure,均支援 BYOL(自帶授權)和按需計費(即用即付)。請參閱 AWS 與 Azure 服務商場清單瞭解更多資訊。
FortiWebCloud 是一款方便、易於部署且始終保持最新狀態的 WAF。對於那些需要快速部署一個 WAF 並將維護維持在最低限度的機構組織而言,FortiWebCloud 可以在不用對硬體與軟體進行管理的情況下自動縮放以滿足流量的需求。FortiWebCloud 可提供 5 到 500 Mbps 的可堆疊頻寬層,並允許您從 1 到 50 個站點中,透過可堆疊訂閱選擇您所需要的站點數量。

如果您已經是 FortiWebCloud 的客戶,請按一下此處存取服務。 

FortiWeb Cloud WAF-as-a-Service (FWCWaaS)

FortiWeb Cloud WAF-as-a-Service is a Security-as-a-Service (SaaS) cloud-based web application firewall (WAF) that protects public cloud hosted web applications from the OWASP Top 10, zero-day threats, and other application layer attacks.

Fortinet FortiWeb Cloud WAF-as-a-Service

Fortinet FortiWeb Cloud WAF-as-a-Service

Setting Up Fortinet's FortiWeb Cloud WAF-as-a-Service for AWS
How to Subscribe & Setup Fortinet’s FortiWeb Cloud WAF-as-a-Service for Azure
How to Subscribe & Setup FortiWeb Cloud WAF-as-a-Service for Google Cloud

Requiring no hardware or software, Fortinet delivers FortiWeb Cloud WAF-as-a-Service using WAF gateways in the same AWS, Azure and Google Cloud regions where the applications reside. Scrubbing traffic in region addresses performance and regulatory concerns while keeping traffic cost to minimum.

With a built-in setup wizard and predefined policies, FortiWeb Cloud WAF-as-a-Service delivers essential security within minutes, removing the usual complexity required when setting up a WAF. More advanced users can easily enable additional security modules if needed, free of charge. Learn more about FortiWeb Cloud WAF-as-a-Service.

Advanced threat protection for web applications

FortiWeb Cloud WAF-as-a-Service safeguards applications from vulnerability exploits, bots, malware uploads, DDoS attacks, advanced persistent threats (APTs), both unknown and zero-day attacks, and more. The solution also takes advantage of services from Fortinet’s award-winning FortiGuard Labs, providing signatures, sandboxing and IP reputation to ensure organizations have the latest protection and updates on threats.

Low total cost of ownership (TCO) 

As a cloud-native SaaS solution deployed in the same AWS, Azure or Google Cloud region as an organizations’ applications, FortiWeb Cloud WAF-as-a-Service does not require maintenance of hardware or software, and can significantly reduce outbound data transfer costs. Enjoy the benefits of low-latency and intra-region AWS bandwidth rates for traffic between applications and the WAF.

Simplified compliance requirements     

Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS, Azure or Google Cloud region as an organizations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.

Flexible purchasing options

Whether customers prefer pre-provisioned capacity or to pay by the volume of processed data, FortiWeb Cloud WAF-as-a-Service supports the most suitable option for customers’ business priorities and budgetary considerations.

Google Cloud Marketplace

See the Google Cloud Marketplace listing for details

AWS Marketplace

See the AWS Marketplace listing for details

Azure Marketplace

See the Azure Marketplace listing for details

Oracle Cloud Infrastructure Marketplace

See the Oracle Cloud Infrastructure Marketplace listing for details

Test Drive and Free Trial

Test drive a live demo and try FortiWeb Cloud WAF-as-a-Service for free for 14 days.

適用於 FortiWeb 的 FortiGuard 安全服務

FortiWeb 採用多種 FortiGuard 安全服務來保護網站應用程式免受攻擊。這些年度訂閱可以單獨購買,也可以與您的 FortiWeb 解決方案一起購買。

Web Application Security

FortiGuard Web Application Security uses information based on the latest application vulnerabilities, bots, suspicious URL patterns and data-type patterns, and specialized heuristic detection engines, to ensure your web applications remain safe from application-layer threats.

IP 聲譽評等 & 預防殭屍網路安全服務

FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。


FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

FortiSandbox 雲端

FortiSandbox 雲端服務是一個進階威脅偵測解決方案,可執行動態分析以識別先前未知的惡意軟體。FortiSandbox 雲端產生的可執行情報會反饋到網路中的預防控制機制,進而消除威脅。

Credential Stuffing Defense

Fortinet’s Credential Stuffing Defense identifies login attempts using credentials that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.




為您的網站應用程式提供核心防護服務,包括網站應用程式安全、IP 聲譽評等 & 預防殭屍網路解決方案以及防毒服務。


如果您想要最好的網站應用程式安全保護,可以選擇進階套件組合,其中涵蓋了標準套件組合裡所有的服務,外加 FortiCloud 沙箱服務以及憑證填充攻擊防禦服務。


View by:

FortiWeb Ecosystem

FortiWeb provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiWeb Alliance Partners:

This full working demo lets you explore the many features of our FortiWeb Web Application Firewall (WAF). You’ll quickly see how FortiWeb easily displays system resource utilization and attack logs, and gives you everything you need in the easy-to-use attack console. Be sure to check out our comprehensive web protection profiles and in-depth reporting. 

Complete the form below to access the demo.

FortiWeb: Web Application and API Protection Use Cases

Web applications and APIs have become the tools of choice for building business-critical applications, and those applications must keep up with needs of the business. FortiWeb offers the performance, manageability, and broad protection capabilities required to protect these modern web applications. 


Features and Benefits

checkmark icon

Proven Web Application and API Protection

FortiWeb protects against all OWASP Top-10 threats, DDoS attacks, malicious bot attacks, and more to defend mission-critical web applications and APIs. 
icon artificial intelligent

ML-based Threat Detection

In addition to regular signature updates and many other layers of defenses, FortiWeb uses ML to protect against zero-day attacks and minimize false positives. 
Icon security fabric

Security Fabric Integration

Integration with FortiGate firewalls and FortiSandbox deliver protection from advanced persistent threats
analytics icon

Advanced Visual Analytics

FortiWeb’s visual reporting tools provide detailed analyses of attack sources, types and other elements that provide insights not available with other WAF solutions 
icon benefits tools

False Positive Mitigation Tools 

Advanced tools that minimize the day-to-day management of policies and exception lists to ensure only unwanted traffic is blocked
high performance icon

Hardware-based Acceleration

FortiWeb delivers industry-leading protected WAF throughputs and blazing fast secure traffic encryption/decryption

FortiWeb's WAF Solution

FortiWeb WAFs provide advanced features that defend your web applications and APIs from known and zero-day threats. Using an advanced multi-layered approach, FortiWeb protects against the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application, providing robust protection without requiring the time-consuming manual tuning required by other solutions. With ML, FortiWeb identifies anomalous behavior and, more importantly, distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity.

FortiWeb offers deployment options that can protect business applications, no matter where the application is hosted. Options include hardware appliances, virtual machines, and containers that can be deployed in the data center, in cloud environments, or in the cloud-native SaaS solution, FortiWeb Cloud WAF as a Service.


FortiWeb Videos

Fortiweb Machine Learning
Fortinet FortiWeb Cloud WAF-as-a-Service
"The cloud will continue to become more and more important. It makes sense to use a common Fortinet platform for both the Microsoft and Amazon cloud service platforms: doing so gives us the protection we require and economies of scale as we don’t have to learn and maintain two different systems."
Stuart Berman
Global Security Architect, Steelcase


Read the Steelcase case study