Fortinet FortiWeb 100E
Web Application Firewall

Fortinet FortiWeb 100E

Sorry, this product is no longer available, please contact us for a replacement.

Click here to jump to more pricing!

Overview:

FortiWeb is a web application firewall (WAF) that protects hosted web applications and API from attacks that target known and unknown exploits. Using machine learning to model each application, FortiWeb defends applications from known vulnerabilities and from zero-day threats.

Web Application Protection

Multi layer protection against the OWASP Top 10 application attacks including machine learning to defend against known and unknown attacks.

API Protection

Protect your APIs from malicious actors by automatically enforcing positive and negative security policies. Seamlessly integrate API security into your CI/CD pipeline.

Bot Mitigation

Protect websites, mobile applications, and APIs from automated attacks with advanced bot mitigation that accurately differentiates between good bot traffic and malicious bots. FortiWeb Bot Mitigation provides the visibility and control you need without slowing down your users with unnecessary captchas or challenges.

FortiWeb protects against automated bots, webs scrapers, crawlers, data harvesting, credential stuffing and other automated attacks to protect your web assets, mobile APIs, applications, users and sensitive data. Combining machine learning with policies such as threshold based detection, Bot deception and Biometrics based detection with superior good bot identification FortiWeb is able to block malicious bot attacks while reducing friction on legitimate users. With advanced tracking techniques FortiWeb can differentiate between humans, automated requests and repeat offenders, track behavior over time to better identify humans from bots and enforce CAPTCHA challenges when required. Together with FortiView, FortiWeb’s graphical analysis dashboard organizations can quickly identify attacks and differentiate from good bots and legitimate users.

Key Points

Machine learning that detects and blocks threats while minimizing false positives
Advanced Bot Mitigation effectively protect web assets without imposing friction on legitimate users
Protection for APIs, including those used to support mobile applications
Enhanced protection with Fortinet Security Fabric integration
Visual analytics tools for advanced threat insights
Third-party integration and virtual patching

Highlights:

Comprehensive Web Application Security with FortiWeb

Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your web-based applications from the OWASP Top 10 and many other threats. FortiWeb’s first layer of defense uses traditional WAF detection engines (e.g. attack signatures, IP address reputation, protocol validation, and more) to identify and block malicious traffic, powered by intelligence from Fortinet’s industry leading security research from FortiGuard Labs. FortiWeb’s machine learning detection engine then examines traffic that passes this first layer, using a continuously updated model of your application to identify malicious anomalies and block them as well.

Machine Learning Improves Detection and Drives Operational Efficiency

FortiWeb’s multi-layer approach provides two key benefits: superior threat detection and improved operational efficiency.

FortiWeb’s ability to detect anomalous behavior relative to the specific application being protected enables the solution to block unknown, never-before-seen exploits, providing your best protection against zero-day attacks targeting your application.

Operationally, FortiWeb machine learning relieves you of time-consuming tasks such as remediating false positives or manually tuning WAF rules. FortiWeb continually updates the model as your application evolves, so there is no need to manually update rules every time you update your application. . FortiWeb continually updates the model as your application evolves, so there is no need to manually update rules every time you update your application.

FortiWeb enables you to get your code into production faster, eliminating the need for time-consuming manual WAF rules tuning and troubleshooting the false positives that plague less advanced WAFs.

Deep Integration into the Fortinet Security Fabric and Third-Party Scanners

As the threat landscape evolves, many new threats require a multi-pronged approach for protecting web-based applications. Advanced Persistent Threats that target users can take many different forms than traditional single-vector attack types and can evade protections offered only by a single device. FortiWeb’s integration with FortiGate and FortiSandbox extend basic WAF protections through synchronization and sharing of threat information to both deeply scan suspicious files and share infected internal sources.

FortiWeb also provides integration with leading third-party vulnerability scanners including Acunetix, HP WebInspect, IBM AppScan, Qualys, IBM QRadar, and WhiteHat to provide dynamic virtual patches to security issues in application environments. Vulnerabilities found by the scanner are quickly and automatically turned into security rules by FortiWeb to protect the application until developers can address them in the application code.

Solving the Challenge of False Threat Detections

False positive threat detections can be very disruptive and force many administrators to loosen security rules on their web application firewalls to the point where many often become a monitoring tool rather than a trusted threat avoidance platform. The installation of a WAF may take only minutes, however fine-tuning can take days, or even weeks. Even after setup, a WAF can require regular checkups and tweaks as applications and the environment change.

FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. With near 100% accuracy, the dual layer machine learning engines detect anomalies and then determine if they are threats unlike other methods that block all anomalies regardless of their intent. When combined with other tools, including user tracking, device fingerprinting, and threat weighting, FortiWeb virtually eliminates all false detection scenarios.

API Protection

Fueling the digital transformation APIs have become increasingly popular, providing the backbone for mobile applications, automated business to business operations and ease of management across applications. However, with their popularity they also increase the attack surface with additional exposed application surfaces that organizations must secure. Fortinet’s FortiWeb web application firewall provides the right tools to address threats to APIs.

FortiWeb integrates out of the box policies together with an automatically generated positive security model policy that is based on your organization’s schema specification (OpenAPI, XML and generic JSON are supported schemas) to protect against API exploits. FortiWeb schema validation can be integrated into the CI/CD pipeline, automatically generating an updated positive security model policy once the API is updated

Advanced Graphical Analysis and Reporting

FortiWeb includes a suite of graphical analysis tools called FortiView. Similar to other Fortinet products such as FortiGate, FortiWeb gives administrators the ability to visualize and drill-down into key elements of FortiWeb such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. FortiView for FortiWeb lets administrators quickly identify suspicious activity in real time and address critical use cases such as origin of threats, common violations, and client/device risks.

Secured by FortiGuard

Fortinet’s Award-winning FortiGuard Labs is the backbone for many of FortiWeb’s layers in its approach to application security. Offered as 5 separate options, you can choose the FortiGuard services you need to protect your web applications. FortiWeb IP Reputation service protects you from known attack sources like botnets, spammers, anonymous proxies, and sources known to be infected with malicious software. FortiWeb Security Service is designed just for FortiWeb including items such as application layer signatures, machine learning threat models, malicious robots, suspicious URL patterns and web vulnerability scanner updates. Credential Stuffing Defense checks login attempts against FortiGuard’s list of compromised credentials and can take actions ranging from alerts to blocking logins from suspected stolen user ids and passwords. The FortiSandbox Cloud subscription enables FortiWeb to integrate with Fortinet’s cloud-sandbox service. Finally, FortiWeb offers FortiGuard’s top-rated antivirus engine that scans all file uploads for threats that can infect your servers or other network elements.

VM and Public Cloud Options

FortiWeb provides maximum flexibility in supporting your virtual and hybrid environments. The virtual versions of FortiWeb support all the same features as our hardware-based devices and can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms. FortiWeb is also available for AWS, Azure, Google Cloud, and Oracle Cloud as a VM, and as WAF as a Service on AWS, Azure, and Google Cloud. For more information, see Fortiweb-Cloud.com.

Features:

Deployment options

Reverse Proxy
Inline Transparent
True Transparent Proxy
Offline Sniffing
WCCP

Web Security

AI-based Machine Learning
Automatic profiling (white list)
Web server and application signatures (black list)
IP Reputation
IP Geolocation
HTTP RFC compliance
Native support for HTTP/2
OpenAPI 3.0 verification
WebSocket protection and signature enforcement
Man in the Brower (MiTB) protection

Application Attack Protection

OWASP Top 10
Cross Site Scripting
SQL Injection
Cross Site Request Forgery
Session Hijacking
Built-in Vulnerability Scanner
Third-party scanner integration (virtual patching)
File upload scanning with AV and sandbox

Security Services

Web services signatures
XML and JSON protocol conformance
Malware detection
Virtual patching
Protocol validation
Brute force protection
Cookie signing and encryption
Threat scoring and weighting
Syntax-based SQLi detection
HTTP Header Security
Custom error message and error code handling
Operating system intrusion signatures
Known threat and zero-day attack protection
L4 Stateful Network Firewall
DoS prevention
Advanced correlation protection using multiple security elements
Data leak prevention
Web Defacement Protection

Application Delivery

Layer 7 server load balancing
URL Rewriting
Content Routing
HTTPS/SSL Offloading
HTTP Compression
Caching

Authentication

Active and passive authentication
Site Publishing and SSO
RSA Access for 2-factor authentication
LDAP, RADIUS, and SAML support
SSL client certificate support
CAPTCHA and Real Browser Enforcement (RBE)

Management and Reporting

Web user interface
Command line interface
FortiView graphical analysis and reporting tools
Central management for multiple FortiWeb devices
Active/Active HA Clustering
REST API
Centralized logging and reporting
User/device tracking
Real-time dashboards
Bot dashboard
OWASP Top 10 attack categorization
Geo IP Analytics
SNMP, Syslog and Email Logging/Monitoring
Administrative Domains with full RBAC

Other

IPv6 Ready
HTTP/2 to HTTP 1.1 translation
HSM Integration
Seamless PKI integration
Attachment scanning for ActiveSync/MAPI applications, OWA, and FTP
High Availability with Config-sync for syncing across multiple active appliances
Auto setup and default configuration settings for simplified deployment
Setup Wizards for common applications and databases
Preconfigured for common Microsoft applications; Exchange, SharePoint, OWA
OpenStack support for FortiWeb VMs
Predefined security policies for Drupal and Wordpress applications
WebSockets support

Specifications:

	FortiWeb 100E	FortiWeb 400E	FortiWeb 600E	FortiWeb 1000E
Hardware
10/100/1000 Interfaces (RJ-45 ports)	4	4 GE RJ45, 4 SFP GE	4 GE RJ45 (2 bypass), 4 SFP GE	6 (4 bypass), 2x SFP GE (non-bypass)
10G BASE-SR SFP+ Ports	0	0	0	2
SSL/TLS Processing	Software	Software	Hardware	Hardware
USB Interfaces	2	2	2	2
Storage	32 GB SSD	480 GB SSD	480 GB SSD	2x 1 TB
Form Factor	Desktop	1U	1U	2U
Power Supply	Single	Single	Dual	Dual Hot Swappable
System Performance
Throughput	50 Mbps	250 Mbps	750 Mbps	1.3 Gbps
Latency	<5 ms	<5 ms	<5 ms	<5 ms
High Availability	Active/Passive, Active/Active Clustering	Active/Passive, Active/Active Clustering	Active/Passive, Active/Active Clustering	Active/Passive, Active/Active Clustering
Application Licenses	Unlimited	Unlimited	Unlimited	Unlimited
Administrative Domains	0	32	32	64
All performance values are “up to” and vary depending on the system configuration.
Dimensions
Height x Width x Length (inches)	1.61 x 8.27 x 5.24	1.73 x 17.24 x 16.38	1.73 x 17.24 x 16.38	3.46 x 16.93 x 19.73
Height x Width x Length (mm)	41 x 210 x 133	44 x 438 x 416	44 x 438 x 416	88 x 430 x 501.20
Weight	2.3 lbs (1.1 kg)	22 lbs (9.97 kg)	22 lbs (9.97 kg)	28 lbs (12.8 kg)
Rack Mountable	Optional	Yes	Yes	Yes, with flanges
Environment
Power Required	100–240V AC, 50–60 Hz	100–240V AC, 50–60 Hz	100–240V AC, 50–60 Hz	100–240V AC, 50–60 Hz
Maximum Current	110V/1.2A, 220V/1.2A	100V/5A, 240V/3A	100V/5A, 240V/3A	100V/5A, 240V/3A
Power Consumption (Average)	18 W	109 W	109 W	140 W
Heat Dissipation	74 BTU/h	446.3 BTU/h	446.3 BTU/h	471 BTU/h
Operating Temperature	32–104°F	32–104°F	32–104°F	32–104°F
Storage Temperature	-13–158°F	-13–158°F	-13–158°F	-13–158°F
Humidity	0–90% non-condensing	0–90% non-condensing	0–90% non-condensing	5–95% non-condensing
Compliance
Safety Certifications	FCC Class A Part 15, RCM, VCCI, CE, UL/cUL, CB (-25–70°C)

Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.

Documentation:

Download the Fortinet FortiWeb 100E (PDF).

Pricing Notes:

Hardware plus FortiCare Premium and FortiWeb Standard Bundle
Hardware Unit, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, Antivirus, FortiWeb Application Security Service, & IP Reputation Service
Hardware plus FortiCare Premium and FortiWeb Advanced Bundle
Hardware Unit, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, Antivirus, FortiWeb Application Security, IP Reputation, FortiWeb Cloud Sandbox, and Credential Stuffing Defense Service
Hardware plus FortiCare Premium and FortiWeb Enterprise Bundle
Hardware Unit, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, FortiWeb Application Security, IP Reputation, Antivirus, FortiWeb Cloud Sandbox, Credential Stuffing Defense Threat Analytics, Advanced Bot Protection and Data Loss Prevention service
Standard Bundle (FortiCare Premium plus AV, FortiWeb Security Service, and IP Reputation)
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, Antivirus, FortiWeb Application Security Service, & IP Reputation Service
Advanced Bundle (FortiCare Premium plus AV, FortiWeb Security Service, IP Reputation, FortiWeb Cloud Sandbox, and Credential Stuffing Defense Service)
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, Antivirus, FortiWeb Application Security, IP Reputation, FortiWeb Cloud Sandbox, and Credential Stuffing Defense Service
Enterprise Bundle (FortiCare Premium plus FortiWeb Security Service, IP Reputation, Antivirus, FortiSandbox Cloud Service, Credential Stuffing Defense Service and Threat Analytics, Advanced Bot Protection and Data Loss Prevention service)
Advanced Hardware Replacement (NBD), Firmware and General Upgrades, FortiCare Premium Ticket Handling, FortiWeb Application Security, IP Reputation, Antivirus, FortiWeb Cloud Sandbox, Credential Stuffing Defense, Threat Analytics, Advanced Bot Protection and Data Loss Prevention service
FortiCare Premium Support
FortiCare Premium Ticket Handling, Advanced Hardware Replacement (NBD), Firmware and General Upgrades
Prices are for one year of Premium RMA support. Usual discounts can be applied.
Annual contracts only. No multi-year SKUs are available for these services.
Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
Pricing and product availability subject to change without notice.

Fortinet Products

FortiWeb 100E Standard Bundle Subscription

FortiWeb-100E 1 Year Standard Bundle (FortiCare Premium plus AV, FortiWeb Security Service, and IP Reputation)

#FC-10-W01HE-934-02-12
List Price: ~~$5,814.50~~
Our Price: $4,993.21

FortiWeb 100E FortiCare Premium Support

FortiWeb-100E 1 Year FortiCare Premium Support

#FC-10-W01HE-247-02-12
List Price: ~~$2,325.80~~
Our Price: $1,997.28

FortiWeb 100E Subscription Services

FortiWeb-100E 1 Year IP Reputation Service

#FC-10-W01HE-140-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

FortiWeb-100E 1 Year FortiGuard AV Services

#FC-10-W01HE-100-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

FortiWeb-100E 1 Year FortiWeb Application Security Service

#FC-10-W01HE-137-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

FortiWeb-100E 1 Year FortiWeb Cloud Sandbox - FortiSandbox SaaS for FortiWeb

#FC-10-W01HE-123-02-12
List Price: ~~$2,325.80~~
Our Price: $2,077.17

FortiWeb-100E 1 Year FortiGuard Credential Stuffing Defense Service

#FC-10-W01HE-143-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

FortiWeb-100E Advanced Bundle

FortiWeb-100E 1 Year Advanced Bundle - Standard Bundle plus Credential Stuffing Defense Service and Threat Analytics

#FC-10-W01HE-580-02-12
List Price: ~~$9,303.20~~
Our Price: $7,989.12

FortiWeb-100E Threat Analytics Service

FortiWeb-100E 1 Year Threat Analytics Service

#FC-10-W01HE-579-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

FortiWeb-100E FortiCloud Remote Management

FortiWeb-100E 1 Year FortiCloud Remote Management

#FC-10-W01HE-680-02-12
List Price: ~~$2,325.80~~
Our Price: $2,077.17

FortiWeb-100E Enterprise Bundle - Advanced bundle plus Advanced Bot Protection (500K monthly requests) and Data Loss Prevention service

FortiWeb-100E 1 Year Enterprise Bundle - Advanced bundle plus Advanced Bot Protection (500K monthly requests) and Data Loss Prevention service

#FC-10-W01HE-725-02-12
List Price: ~~$11,629.00~~
Our Price: $9,986.40

FortiWeb-100E FortiGuard Data Loss Prevention Service

FortiWeb-100E 1 Year FortiGuard Data Loss Prevention Service

#FC-10-W01HE-589-02-12
List Price: ~~$2,325.80~~
Our Price: $1,730.98

Fortinet FortiWeb 100E Web Application Firewall

Sorry, this product is no longer available, please contact us for a replacement.

Overview:

Web Application Protection

API Protection

Bot Mitigation

Key Points

Highlights:

Comprehensive Web Application Security with FortiWeb

Machine Learning Improves Detection and Drives Operational Efficiency

Deep Integration into the Fortinet Security Fabric and Third-Party Scanners

Solving the Challenge of False Threat Detections

API Protection

Advanced Graphical Analysis and Reporting

Secured by FortiGuard

VM and Public Cloud Options

Features:

Deployment options

Web Security

Application Attack Protection

Security Services

Application Delivery

Authentication

Management and Reporting

Other

Specifications:

Documentation:

Fortinet FortiWeb 100E
Web Application Firewall