We performed a comparison between AWS WAF and Fortinet FortiWeb based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiWeb is the winner in this comparison. According to reviews, it is a more comprehensive solution than AWS WAF. Reviewers are happier with the pricing of AWS WAF, however.
"We can host any DB or application on the solution."
"Stable and scalable web application firewall. Setting it up is straightforward."
"The customizable features are good."
"The security firewall plus the features that protect against database injections or scripting,"
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"The product’s availability, ease of configuration, and documentation are valuable."
"One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services."
"The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses."
"The solution is stable."
"This product is very user-friendly."
"The solution has a very simple deployment."
"SSL Offloading simplifies the public certificate handling and brings additional protection features."
"FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure."
"What we like about Fortinet FortiWeb is it has all the features. We use all of them, so we have to turn on all the options."
"The ease of configuration is valuable. We have Azure WAF, we have OCI WAF, and we also have Cloud Armor for GCP, but their configuration isn't very easy. It's pretty simple in FortiWeb, and we can enable or configure whatever we want."
"The GUI is user-friendly and it's easy to understand how to manage it."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"The solution should identify why it blocks particular websites."
"There is room for improvement in pricing."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"The price could be improved."
"We don't have much control over blocking, because the WAF is managed by AWS."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"It will be helpful if the product recommends rules that we can implement."
"Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."
"Most of the deployment is done by our development team because they have some parameters that match the configuration. However, when we initially did the deployment we used a consultant company."
"FortiGate could be improved on the security end because we've had some incidents with the customer. Otherwise, there is no problem."
"We would like to know more about the integration with the hardware or security products, such as Gemalto, because we need to move to that point."
"The solution could have more customization."
"It may be better if it were easier to create roles."
"It can be better with web application firewalls."
"Fortinet WAF came out recently, and there is not much feedback about customer experience. For each project, customers ask about the scenarios and references of the customers who have implemented this solution, which we don't have. They need to simplify the customer experience and provide more information so that we can propose Fortinet Fortiweb as a WAF solution to customers and convince them. They need to improve their service and training. We need good training to implement and use it properly and know more about it. We still don't know much about Fortinet WAF. We didn't get any proper training sessions. Other vendors like Cisco, Palo Alto, Check Point, and Barracuda provide such sessions. Whenever we receive a request from a customer for this solution, we just give the price. We don't propose this solution because we don't know much about it. We propose whatever we are familiar with and what is supported."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. AWS WAF is rated 8.0, while Fortinet FortiWeb is rated 8.0. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Cloudflare Web Application Firewall, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, Azure Web Application Firewall, Imperva Web Application Firewall and Cloudflare Web Application Firewall. See our AWS WAF vs. Fortinet FortiWeb report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.