The FortiWeb Web Application Firewall provides specialized, layered application threat protection for medium and large enterprises, application service providers, and SaaS providers. FortiWeb Web Application Firewall protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against malicious sources, application layer DoS Attacks and Sophisticated Threats like SQL injection and Cross-site scripting,
FortiWeb platforms help you prevent identity theft, financial fraud and denial of service. It delivers the technology you need to monitor and enforce government regulations, industry best practices, and internal policies.
OPENSSL/HEARTBLEED INFORMATION: FortiWeb is fully protected against the OpenSSL Information Disclosure Vulnerability (Heartbleed). It also can completely protect any application that is behind the web application firewall from the Heartbleed exploit if the FortiWeb is configured inline in either Reverse or Transparent proxy modes. For more information on these modes and how FortiWeb can protect your infrastructure from Heartbleed, please contact us or your Fortinet reseller partner.
- WAF throughput from 100 Mbps to 4 Gbps.
- The only WAF product that provides a Vulnerability Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6.
- Guarantees security of web applications and secures sensitive database content by blocking threats such as cross-site scripting, SQL injection, buffer overflows, file inclusion, denial of service, cookie poisoning, schema poisoning, and countless other attacks.
- Aides in PCI DSS 6.6 compliance by protecting against OWASP Top 10 web application vulnerabilities.
- Centralized Management and Administrative Domains (ADOMs) provide the abilities to manage multiple FortiWeb gateways from a single console and provide administration rights to designated domain owners to manage their own applications separately from others on the same FortiWeb device.
- IP Reputation Service helps protect against automated web attacks by identifying access from botnets and malicious sources.
- Bot dashboard analyzes traffic from malicious robots, crawlers, scanners and search engines.
- Automatically and dynamically profiles user activity to create a baseline of allowed activity.
- Network and application layer DoS/DDoS protection.
- SSL encryption co-processing accelerates transaction times, offloads encryption functions, reduces web server processing requirements.
- Layer 7 load balancing and content-based routing increases application speeds, improves server resource utilization and stabilizes applications.
|Product Name||Total Network Interfaces||Total Storage Capacity||Throughput|
|FortiWeb-400D||6 x 10/100/1000 RJ45 Ports, 2 x 10/100/1000 RJ45 Bypass Ports, 2 x GbE SX Bypass Ports||4TB (2TB x 2)||4 Gbps|
|FortiWeb-3000D-FSX||6 x 10/100/1000 RJ45 Ports, 2 x GbE SX Bypass Ports||4TB (2TB x 2)||1.5 Gbps|
|ForitiWeb-3000D||8 x GE RJ45 ports (include 2 x bypass ports)||4TB (2TB x 2)||1.5 Gbps|
|FortiWeb-1000D||2 x GE SFP slots, 6 x GE RJ45 ports (includes 3 x bypass ports)||4TB (2TB x 2)||750 Mbps|
|FortiWeb-400C||4 x Ge RJ45 ports||1 TB||100 Mbps|
Emerging Threats Create New Challenges
The continued evolution of the threat landscape has enabled individuals and groups to launch orchestrated attacks on organizations’ infrastructure for criminal or political gain. Attackers now use a wealth of methods to infect hosts and control compromised systems through organized botnets for automated phishing, spamming, and DDoS attacks. DoS attacks are morphing from traditional network layer attacks to sophisticated layer seven attacks targeting application resources rather than bandwidth, flying under the radar of traditional DoS mitigation tools. Organizations now need new tools to protect against these emerging threats and the more traditional hacking methods such as SQL Injection and Cross-site-scripting.
Unmatched Protection for Web Applications
The FortiWeb family of web application firewalls provides specialized, layered application threat protection for medium and large enterprises, application service providers, and SaaS providers. FortiWeb web application firewall protects your web-based applications and Internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against malicious sources and sophisticated threats like SQL injection and Cross-site scripting, FortiWeb platforms help you prevent identity theft, financial fraud and corporate espionage. FortiWeb delivers the technology you need to monitor and enforce government regulations, industry best practices, and internal policies.