Description
FortiWeb AI-Powered Web Application Firewall for Web Apps & APIs
FortiWeb is a Web Application Firewall (WAF) that protects web applications and APIs from known exploits, zero-day attacks, bots, and automated abusewhile helping support compliance requirements. Its available as an appliance, VM, cloud, SaaS, or container, so it fits on-prem, hybrid, and public cloud environments.
What makes it different
-
Dual-layer protection: Traditional WAF controls (signatures, IP reputation, protocol validation) plus a second ML layer that detects malicious anomalies and reduces false positives.
-
API discovery & security: Uses ML to automatically discover APIs, build a positive security model, and enforce schema validation (supports OpenAPI, JSON, XML) with CI/CD-friendly updates.
-
Advanced bot mitigation: Helps stop credential stuffing, scraping, crawlers, and data harvesting using ML + behavioural techniques (tracking, deception, biometrics) and can apply CAPTCHA when needed.
-
Client-side protection (PCI DSS 4.0): Monitors and controls browser-side JavaScript to defend against Magecart/formjacking/online skimming, supporting newer PCI DSS client-side requirements.
-
Security Fabric + virtual patching: Integrates with Fortinet Security Fabric (e.g., FortiGate/FortiSandbox) and works with leading third-party scanners to enable virtual patching while app teams remediate.
Quick appliance performance snapshot
-
FortiWeb 100F: up to 100 Mbps
-
FortiWeb 400F: up to 500 Mbps
-
FortiWeb 600F: up to 1 Gbps
-
Higher models scale into multi-Gbps throughput for larger environments.
view data sheet: FortiWeb Data Sheet