FortiWeb web application firewall (WAF) protects business-critical web applications from attacks that target known and unknown vulnerabilities
FortiWeb defends web applications and APIs against OWASP Top-10 threats, DDOS attacks, and malicious bot attacks. Advanced ML-powered features improve security and reduce administrative overhead. Capabilities include anomaly detection, API discovery and protection, bot mitigation, and advanced threat analytics to identify the most critical threats across all protected applications.
FortiWeb VM is part of the new FortiFlex program, providing you the flexibility to right-size your services and spend.
Block known and zero-day threats to applications without blocking legitimate users and without the excessive management overhead that traditional application learning requires. Using machine learning to model each application, FortiWeb identifies malicious anomalies to block threats without generating the false positives that drive administrative overhead.
Stop malicious bot activity without blocking bots that support legitimate business needs, such as search engines, or health and performance monitoring tools. Reduce reliance on outdated techniques that degrade the user experience, and leverage advanced techniques such as bot deception, biometric detection, and machine learning to accurately identify and manage bot traffic. FortiWeb Bot Mitigation provides the visibility and control you need without slowing down your users with unnecessary captchas or challenges.
Protect the APIs that enable business-to-business communications and support mobile applications. FortiWeb API Discovery and Protection uses machine learning algorithms to automatically discover APIs by continuously evaluating application traffic. FortiWeb can also integrate out-of-the-box policies together with an automatically generated positive security model policy based on your organization’s schema specification (OpenAPI, XML, JSON), to protect against API exploits. Protect your APIs and seamlessly integrate API security into your CI/CD pipeline.
Web applications and APIs have become the tools of choice for building business-critical applications, and those applications must keep up with needs of the business. FortiWeb offers the performance, manageability, and broad protection capabilities required to protect modern web applications.
Web Application Protection
Protects against all OWASP Top-10 threats, DDOS attacks, bot attacks, and more.
ML-Based Threat Detection
Uses ML to protect against zero-day attacks and minimize false positives, along with other defenses.
Security Fabric Integration
Integrates with FortiGate NGFWs and FortiSandbox to defend against advanced persistent threats (APTs)
Advanced Analytics
Streamlines workflows with recommended playbooks and threat-hunting capabilities
False Positive Mitigation
Minimizes day-to-day management of policies and exception lists so only unwanted traffic is blocked
Hardware-Based Acceleration
Offers industry-leading protected WAF throughputs and rapid traffic encryption/decryption
FortiWeb employs multiple FortiGuard security services to protect web applications from attack. These annual subscriptions can be purchased a la carte or as part of a bundle with your FortiWeb solution.
Protects against the latest polymorphic attacks, viruses, malware (including ransomware), and other threats.
Performs AI-powered real-time inspection of files for protection against unknown threats, zero-days, and sophisticated file-based attacks.
Blocks unauthorized attempts to communicate with compromised remote servers for both receiving malicious commands and extracting information.
FortiWeb is available in many different form factors to meet your needs ranging from entry-level hardware appliances to sophisticated VM options that be incorporated into latest cloud environments.
View by:
FortiWeb appliances use multi-core processor technology combined with hardware-based SSL tools to deliver blazing fast protected WAF throughput.
Throughput |
50 Mbps |
| Ports | 4x GE RJ45 |
Throughput |
250 Mbps |
| Ports | 4x GE RJ45, 4x GE SFP |
Throughput |
750 Mbps |
| Ports | 4x GE RJ45 (2x bypass), 4x GE SFP |
Throughput |
1.3 Gbps |
| Ports | 2x 10 GE SFP+, 2x GE RJ45, 4x GE RJ45 bypass, 4x GE SFP |
Throughput |
5 Gbps |
| Ports | 4x GE RJ45 (4 bypass), 4 SFP GE RJ45, 4 x 10 GE SFP+ |
Throughput |
10 Gbps |
| Ports | 8x GE (8 bypass), 10x 10G SFP+ (2 bypass) |
Throughput |
70 Gbps |
| Ports | 8x GE (8 bypass), 10x 10G SFP+ (2 bypass), 2x 40G QSFP (2 bypass) |
The virtual versions of FortiWeb can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms.
Throughput |
25 Mbps |
| vCPU | 1 |
Throughput |
100 Mbps |
| vCPU | 2 |
Throughput |
500 Mbps |
| vCPU | 4 |
Throughput |
3 Gbps |
| vCPU | 8 |
Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.
FortiWeb container appliances secure your workloads and data in containerized environments.
Throughput |
25 Mbps |
Throughput |
100 Mbps |
Throughput |
500 Mbps |
Throughput |
3 Gbps |
Throughputs and other metrics are maximum values permitted for each version. Actual performance values may vary depending on the network traffic and system configuration.
Fortinet is dedicated to helping our customers succeed, and every year FortiCare services help thousands of organizations get the most from their investments in Fortinet's products and services. To achieve this, FortiCare follows the life-cycle approach and provides unique services to help our customers in their success journeys.
Technical Support Services
Various per-device options are available for efficient operations. FortiCare Elite option provides a 15-minute response time for critical products.
Advanced Support
Various per-account white glove services are available to reduce disruption and increase productivity with operational reviews by designated experts.
Professional Services
Our multi-vendor experts can design and deploy a complete best practice-based solution to help you meet your network or security objectives and adopt new capabilities.
RMA
Priority RMA options are available across the product family for expedited replacement of defective hardware to meet your availability objectives.
FortiWeb Datasheet
FortiWeb Cloud WAF as a Service Datasheet
FortiWeb Cloud WAF as a Service for GCP Datasheet
FortiWeb Cloud WAF as a Service for Azure Datasheet
FortiWeb Cloud WAF as a Service for AWS Datasheet
SANS recently reviewed Fortinet’s FortiWeb Cloud service, which offers a wide range of security capabilities and controls in a brokered model to protect applications from web application attacks, API attacks, malicious bots, and much more.
Discover how your peers are leveraging FortiWeb Cloud
FortiWeb Cloud WAF-as-a-Service by Fortinet, a Web Application Firewall Solution to protect organizations against a broad range of attacks.
Read the eBook to find a WAF to improve security of their organization’s web application needs.
Uncover The Best-Fit Solution For Your Needs
What security practitioners, DevOps, and DevSecOps need to know
Fortinet FortiWeb, in its various forms (hardware, virtual machine, or SaaS), simplifies application security and overcomes the above challenges. Using machine learning (ML) algorithms, it protects applications and APIs from inherent risks, exploitable vulnerabilities, and malicious bots
FortiWeb-Cloud WAF-as-a-Service (WaaS) delivers full-featured, cost-effective security for web applications with a minimum of configuration and management.
In this video, we will cover the different types of reference architectures based on FortiADC and FortiWeb Solutions.
In this video, we will focus on how FortiADC and FortiWeb solutions can integrated with Fortinet Security Fabric. We will be covering different types of Fortinet products that will enhance the application security platform.
FortiWeb WAF's threat analytics feature simplifies threat detection and response and speeds up your WAF alerts security investigation. Using machine learning, attacks are analyzed across all your web applications to identify common characteristics and patterns and group them into meaningful security incidents.
FortiWeb Cloud WAF-as-a-Service protects web applications and APIs from the OWASP Top 10, zero-day threats, and other application-layer attacks. FortiWeb Cloud also includes robust features such as API discovery and protection, bot mitigation, threat analytics, and advanced reporting.
Setting up Fortinet's FortiWeb Cloud WAF-as-a-Service for Azure
Setting Up Fortinet's FortiWeb Cloud WAF-as-a-Service for AWS
Alcide is a cloud-native security leader with the mission to empower DevOps and security teams to manage application and networking security through the intelligent automation of security policies applied uniformly, regardless of the workload and infrastructure.
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Cubro is a leading manufacturer and global supplier of IT Network TAPs, Advanced Network Packet Brokers and Bypass Switches. Together with Fortinet we enable total network visibility into your traffic, where we differentiate solutions for Telecommunications, ISP, Data Centre, Enterprise, and Government in virtualized or physical environments.
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
DFLabs IncMan SOAR leverages existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of incidents. Together with Fortinet, IncMan allows joint customers to respond to security incidents in a faster, more informed and efficient manner.
At ElevenPaths, Telefónica Cyber Security Unit, we believe in the idea of challenging the current state of security, an attribute that must always be present in technology. We’re always redefining the relationship between security and people, with the aim of creating innovative security products which can transform the concept of security, thus keeping us one step ahead of attackers, who are increasingly present in our digital life.
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded tens of millions of times each year and are broadly adopted by the Global 2000.
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
This full working demo lets you explore the many features of our FortiWeb Web Application Firewall (WAF). You’ll quickly see how FortiWeb easily displays system resource utilization and attack logs, and gives you everything you need in the easy-to-use attack console. Be sure to check out our comprehensive web protection profiles and in-depth reporting.
