Call a Specialist Today! 800-886-5787 Free Shipping! Free Shipping!

Fortinet FortiWeb VM16

Fortinet FortiSandbox VM16 Box Shot
Fortinet Products
FortiWeb VM16 Virtual Appliance
Web Application Firewall - virtual appliance for all supported platforms. Supports up to 16 x vCPU core
#FWB-VM16
List Price: $57,200.00
Our Price: $49,523.76
Call For Lowest Price!

Click here to jump to more pricing!

Overview:

Web Application and API Protection

FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.

Using machine learning to model each application, FortiWeb defends applications from known vulnerabilities and from zero-day threats. High performance physical, virtual appliances and containers deploy on-site or in the public cloud to serve any size of the organization — from small businesses to service providers, carriers, and large enterprises.

Web Application Protection

Multi layer protection against the OWASP Top 10 application attacks including machine learning to defend against known and unknown attacks.

API Protection

Protect your APIs from malicious actors by automatically enforcing positive and negative security policies. Seamlessly integrate API security into your CI/CD pipeline.

Bot Mitigation

Protect websites, mobile applications, and APIs from automated attacks with advanced bot mitigation that accurately differentiates between good bot traffic and malicious bots. FortiWeb Bot Mitigation provides the visibility and control you need without slowing down your users with unnecessary captchas or challenges.

Highlights:

  • Machine learning that detects and blocks threats while minimizing false positives
  • Advanced Bot Mitigation effectively protect web assets without imposing friction on legitimate users
  • Protection for APIs, including those used to support mobile applications
  • Enhanced protection with Fortinet Security Fabric integration
  • Visual analytics tools for advanced threat insights
  • Third-party integration and virtual patching
  • FortiCare Worldwide 24/7 Support
  • FortiGuard Security Services

Highlights:

Comprehensive Web Application Security

Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your web-based applications from the OWASP Top 10 and many other threats. FortiWeb’s first layer of defense uses traditional WAF detection engines (e.g. attack signatures, IP address reputation, protocol validation, and more) to identify and block malicious traffic, powered by intelligence from Fortinet’s industry leading security research from FortiGuard Labs. FortiWeb’s machine learning detection engine then examines traffic that passes this first layer, using a continuously updated model of your application to identify malicious anomalies and block them as well.

API Protection

Fueling the digital transformation APIs have become increasingly popular, providing the backbone for mobile applications, automated business to business operations and ease of management across applications. However, with their popularity they also increase the attack surface with additional exposed application surfaces that organizations must secure. Fortinet’s FortiWeb web application firewall provides the right tools to address threats to APIs. FortiWeb integrates out of the box policies together with an automatically generated positive security model policy that is based on your organization’s schema specification (OpenAPI, XML and generic JSON are supported schemas) to protect against API exploits. FortiWeb schema validation can be integrated into the CI/CD pipeline, automatically generating an updated positive security model policy once the API is updated.

Machine Learning Improves Detection and Drives Operational Efficiency

FortiWeb’s multi-layer approach provides two key benefits: superior threat detection and improved operational efficiency.

FortiWeb’s ability to detect anomalous behavior relative to the specific application being protected enables the solution to block unknown, never-before-seen exploits, providing your best protection against zero-day attacks targeting your application.

Operationally, FortiWeb machine learning relieves you of time-consuming tasks such as remediating false positives or manually tuning WAF rules. FortiWeb continually updates the model as your application evolves, so there is no need to manually update rules every time you update your application.

FortiWeb enables you to get your code into production faster, eliminating the need for time-consuming manual WAF rules tuning and troubleshooting the false positives that plague less advanced WAFs

Bot Mitigation

FortiWeb protects against automated bots, webs scrapers, crawlers, data harvesting, credential stuffing and other automated attacks to protect your web assets, mobile APIs, applications, users and sensitive data. Combining machine learning with policies such as threshold based detection, Bot deception and Biometrics based detection with superior good bot identification FortiWeb is able to block malicious bot attacks while reducing friction on legitimate users. With advanced tracking techniques FortiWeb can differentiate between humans, automated requests and repeat offenders, track behavior over time to better identify humans from bots and enforce CAPTCHA challenges when required. Together with FortiView, FortiWeb’s graphical analysis dashboard organizations can quickly identify attacks and differentiate from good bots and legitimate users.

FortiWeb’s machine learning accurately detects anomalies and identifies which are threats. Unlike prevailing auto-learning detection models used by other WAF vendors that treat every anomaly as a threat, FortiWeb’s precision nearly eliminates false positive detections and catches attack types that others cannot.

Image

Deep Integration into the Fortinet Security Fabric and Third-Party Scanners

As the threat landscape evolves, many new threats require a multi-pronged approach for protecting web-based applications. Advanced Persistent Threats that target users can take many different forms than traditional singlevector attack types and can evade protections offered only by a single device. FortiWeb’s integration with FortiGate and FortiSandbox extend basic WAF protections through synchronization and sharing of threat information to both deeply scan suspicious files and share infected internal sources.

FortiWeb also provides integration with leading third-party vulnerability scanners including Acunetix, HP WebInspect, IBM AppScan, Qualys, ImmuniWeb and WhiteHat to provide dynamic virtual patches to security issues in application environments. Vulnerabilities found by the scanner are quickly and automatically turned into security rules by FortiWeb to protect the application until developers can address them in the application code.

Solving the Challenge of False Threat Detections

False positive threat detections can be very disruptive and force many administrators to loosen security rules on their web application firewalls to the point where many often become a monitoring tool rather than a trusted threat avoidance platform. The installation of a WAF may take only minutes, however fine-tuning can take days, or even weeks. Even after setup, a WAF can require regular checkups and tweaks as applications and the environment change.

FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. With near 100% accuracy, the dual layer machine learning engines detect anomalies and then determine if they are threats unlike other methods that block all anomalies regardless of their intent. When combined with other tools, including user tracking, session tracking, and threat weighting, FortiWeb virtually eliminates all false detection scenarios

Advanced Graphical Analysis and Reporting

FortiWeb includes a suite of graphical analysis tools called FortiView. Similar to other Fortinet products such as FortiGate, FortiWeb gives administrators the ability to visualize and drill-down into key elements of FortiWeb such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. FortiView for FortiWeb lets administrators quickly identify suspicious activity in real time and address critical use cases such as origin of threats, common violations, and client/ device risks

Secured by FortiGuard

Fortinet’s Award-winning FortiGuard Labs is the backbone for many of FortiWeb’s layers in its approach to application security. Offered as five separate options, you can choose the FortiGuard services you need to protect your web applications. FortiWeb IP address reputation service protects you from known attack sources like botnets, spammers, anonymous proxies, and sources known to be infected with malicious software.

FortiWeb Security Service is designed just for FortiWeb including items such as application layer signatures, machine learning threat models, malicious robots, suspicious URL patterns, and web vulnerability scanner updates. Credential Stuffing Defense checks login attempts against FortiGuard’s list of compromised credentials and can take actions ranging from alerts to blocking logins from suspected stolen user ids and passwords. The FortiWeb Cloud Sandbox subscription enables FortiWeb to integrate with Fortinet’s cloud-sandbox service. Finally, FortiWeb offers FortiGuard’s top-rated antivirus engine that scans all file uploads for threats that can infect your servers or other network elements.

VM and Public Cloud Options

FortiWeb provides maximum flexibility in supporting your virtual and hybrid environments. The virtual versions of FortiWeb support all the same features as our hardwarebased devices and can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM, and Docker platforms. FortiWeb is also available for AWS, Azure, Google Cloud, and Oracle Cloud as a VM, and as WAF as a Service on AWS, Azure, and Google Cloud. For more information, see Fortiweb-Cloud.com.

Central Management and Reporting

FortiWeb offers the tools you need to manage multiple appliances and gain valuable insights on attacks that target your applications. From within a single management console you can configure and manage multiple FortiWeb gateways using our VMware-based central management utility. If you need an aggregated view of attacks across your network, FortiWeb easily integrates into our FortiAnalyzer reporting appliances for centralized logging and report consolidation from multiple FortiWeb devices

Features:


Deployment options

  • Reverse Proxy
  • Inline Transparent
  • True Transparent Proxy
  • Offline Sniffing
  • WCCP

Web Security

  • AI-based Machine Learning
  • Automatic profiling (white list)
  • Web server and application signatures (black list)
  • IP Reputation
  • IP Geolocation
  • HTTP RFC compliance
  • Native support for HTTP/2
  • OpenAPI 3.0 verification
  • WebSocket protection and signature enforcement
  • Man in the Browser (MiTB) protection

Application Attack Protection

  • OWASP Top 10
  • Cross Site Scripting
  • SQL Injection
  • Cross Site Request Forgery
  • Built-in Vulnerability Scanner
  • Third-party scanner integration (virtual patching)
  • File upload scanning with AV and sandbox

Security Services

  • Web services signatures
  • XML protocol conformance
  • Malware detection
  • Virtual patching
  • Protocol validation
  • Brute force protection
  • Cookie signing and encryption
  • Threat scoring and weighting
  • Syntax-based SQLi detection
  • HTTP Header Security
  • Custom error message and error code handling
  • Operating system intrusion signatures
  • Known threat and zero-day attack protection
  • L4 Stateful Network Firewall
  • DoS prevention
  • Advanced correlation protection using multiple security elements
  • Data leak prevention
  • Web Defacement Protection

Application Delivery

  • Layer 7 server load balancing
  • URL Rewriting
  • Content Routing
  • HTTPS/SSL Offloading
  • HTTP Compression
  • Caching

Authentication

  • Active and passive authentication
  • Site Publishing and SSO
  • RSA Access for 2-factor authentication
  • LDAP and RADIUS support
  • SSL client certificate support
  • CAPTCHA and Real Browser Enforcement (RBE)

Management and Reporting

  • Web user interface
  • Command line interface
  • FortiView graphical analysis and reporting tools
  • Central management for multiple devices
  • Active/Active HA Clustering
  • REST API
  • Centralized logging and reporting
  • Real-time dashboards
  • Bot dashboard
  • OWASP Top 10 attack categorization
  • Geo IP Analytics
  • SNMP, Syslog and email Logging/Monitoring
  • Administrative Domains with full RBAC

Other

  • IPv6 Ready
  • HTTP/2 to HTTP 1.1 translation
  • Seamless PKI integration
  • Attachment scanning for ActiveSync/MAPI applications, OWA, and FTP
  • High Availability with Config-sync for syncing across multiple active appliances
  • Auto setup and default configuration settings for simplified deployment
  • Setup Wizards for common applications and databases
  • Preconfigured for common Microsoft applications; Exchange, SharePoint, OWA
  • Predefined security policies for Drupal and Wordpress applications
  • OpenStack support for FortiWeb VMs
  • WebSockets support

Specifications:


FortiWeb Models FortiWeb-VM01 (1 vCPU) FortiWeb-VM02 (2 vCPU) FortiWeb-VM04 (4 vCPU) FortiWeb-VM08 (8 vCPU) FortiWeb-VM16 (16 vCPU)
System Performance
HTTP Throughput 25 Mbps 100 Mbps 500 Mbps 3 Gbps 6 Gbps
Application Licenses Unlimited Unlimited Unlimited Unlimited Unlimited
Administrative Domains 4 to 64 based on the amount of memory allocated
Hardware Specifications
Hypervisors Supported VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, KVM, Amazon Web Services (AWS) and Microsoft Azure.
Please see FortiWeb VM Installation Guide for versions supported.
vCPU Support (Minimum / Maximum) 1 2 2 / 4 2 / 8 2 / 8
Network Interface Support (Minimum / Maximum) 1 / 10 1 / 10 1 / 10 1 / 10
Storage Support (Minimum / Maximum) 40 GB / 2 TB 40 GB / 2 TB 40 GB / 2 TB 40 GB / 2 TB 40 GB / 2 TB
Memory Support (Minimum / Maximum) 1,024 MB / Unlimited for 64-bit 1,024 MB / Unlimited for 64-bit 1,024 MB / Unlimited for 64-bit 1,024 MB / Unlimited for 64-bit 1,024 MB / Unlimited for 64-bit
Recommended Memory 8 GB 8 GB 16 GB 32 GB 64 GB
High Availability Support Yes Yes Yes Yes Yes
Actual performance values may vary depending on the network traffic and system configuration. Performance metrics were observed using a Dell PowerEdge R710 server (2x Intel Xeon E5504 2.0 GHz 4 MB Cache) running VMware ESXi 5.5 with 4 GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 4 GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.

Documentation:

Download the Fortinet FortiWeb Series Datasheet (PDF).

Pricing Notes:

Fortinet Products
FortiWeb VM16 Virtual Appliance
Web Application Firewall - virtual appliance for all supported platforms. Supports up to 16 x vCPU core
#FWB-VM16
List Price: $57,200.00
Our Price: $49,523.76
Call For Lowest Price!
FortiWeb VM16 Standard Bundle Subscription
FortiWeb-VM16 1 Year Standard Bundle (FortiCare Premium plus AV, FortiWeb Security Service, and IP Reputation)
#FC-10-VVM16-936-02-12
List Price: $28,600.00
Our Price: $24,761.88
Call For Lowest Price!
FortiWeb-VM16 3 Year Standard Bundle (FortiCare Premium plus AV, FortiWeb Security Service, and IP Reputation)
#FC-10-VVM16-936-02-36
List Price: $85,800.00
Our Price: $74,285.64
Call For Lowest Price!
FortiWeb-VM16 5 Year Standard Bundle (FortiCare Premium plus AV, FortiWeb Security Service, and IP Reputation)
#FC-10-VVM16-936-02-60
List Price: $143,000.00
Our Price: $123,809.40
Call For Lowest Price!
FortiWeb VM16 Advanced Bundle Subscription
FortiWeb-VM16 1 Year Advanced Bundle (FortiCare Premium plus AV, FortiWeb Security Service, IP Reputation, FortiSandbox Cloud Service, and Credential Stuffing Defense Service)
#FC-10-VVM16-603-02-12
List Price: $37,180.00
Our Price: $32,190.44
Call For Lowest Price!
FortiWeb-VM16 3 Year Advanced Bundle (FortiCare Premium plus AV, FortiWeb Security Service, IP Reputation, FortiSandbox Cloud Service, and Credential Stuffing Defense Service)
#FC-10-VVM16-603-02-36
List Price: $111,540.00
Our Price: $96,571.33
Call For Lowest Price!
FortiWeb-VM16 5 Year Advanced Bundle (FortiCare Premium plus AV, FortiWeb Security Service, IP Reputation, FortiSandbox Cloud Service, and Credential Stuffing Defense Service)
#FC-10-VVM16-603-02-60
List Price: $185,900.00
Our Price: $160,952.22
Call For Lowest Price!
FortiWeb VM16 FortiCare Premium Support
FortiWeb-VM16 1 Year FortiCare Premium Support
#FC-10-VVM16-248-02-12
List Price: $11,440.00
Our Price: $9,904.75
FortiWeb-VM16 3 Year FortiCare Premium Support
#FC-10-VVM16-248-02-36
List Price: $34,320.00
Our Price: $29,714.26
Call For Lowest Price!
FortiWeb-VM16 5 Year FortiCare Premium Support
#FC-10-VVM16-248-02-60
List Price: $57,200.00
Our Price: $49,523.76
Call For Lowest Price!
FortiWeb VM16 Subscription Services
FortiWeb-VM16 1 Year IP Reputation Service
#FC-10-VVM16-140-02-12
List Price: $11,440.00
Our Price: $9,904.75
FortiWeb-VM16 1 Year FortiGuard AV Services
#FC-10-VVM16-100-02-12
List Price: $11,440.00
Our Price: $9,904.75
FortiWeb-VM16 1 Year FortiWeb Application Security Service
#FC-10-VVM16-137-02-12
List Price: $11,440.00
Our Price: $9,904.75
FortiWeb-VM16 1 Year FortiWeb Cloud Sandbox - Cloud Sandbox for FortiWeb
#FC-10-VVM16-123-02-12
Our Price: $11,440.00
FortiWeb-Cloud-WAF-as-a-Service - 20Mbps average throughput - Annual Subscription
FortiWeb-Cloud-WAF-as-a-Service 3 Year FortiWeb Cloud WAF-as-a-Service - 20Mbps average throughput - Annual Subscription. Select number of sites separately
#FC1-10-WBCLD-654-02-36
Our Price: $18,000.00
Call For Lowest Price!
FortiWeb VM16 Subscription Services
FortiWeb-VM16 1 Year FortiGuard Credential Stuffing Defense
#FC-10-VVM16-143-02-12
List Price: $11,440.00
Our Price: $9,904.75
FortiWeb-Cloud-WAF-as-a-Service - 20Mbps average throughput - Annual Subscription
FortiWeb-Cloud-WAF-as-a-Service 5 Year FortiWeb Cloud WAF-as-a-Service - 20Mbps average throughput - Annual Subscription. Select number of sites separately
#FC1-10-WBCLD-654-02-60
Our Price: $30,000.00
Call For Lowest Price!
FortiWeb-Cloud-WAF-as-a-Service 1 Year FortiWeb Cloud WAF-as-a-Service - 20Mbps average throughput - Annual Subscription. Select number of sites separately
#FC1-10-WBCLD-654-02-12
Our Price: $6,000.00
FortiWeb-Cloud-WAF-as-a-Service - 50Mbps average throughput - Annual Subscription
FortiWeb-Cloud-WAF-as-a-Service 1 Year FortiWeb Cloud WAF-as-a-Service - 50Mbps average throughput - Annual Subscription. Select number of sites separately
#FC2-10-WBCLD-654-02-12
Our Price: $14,000.00
FortiWeb-Cloud-WAF-as-a-Service 3 Year FortiWeb Cloud WAF-as-a-Service - 50Mbps average throughput - Annual Subscription. Select number of sites separately
#FC2-10-WBCLD-654-02-36
Our Price: $42,000.00
Call For Lowest Price!
FortiWeb-Cloud-WAF-as-a-Service 5 Year FortiWeb Cloud WAF-as-a-Service - 50Mbps average throughput - Annual Subscription. Select number of sites separately
#FC2-10-WBCLD-654-02-60
Our Price: $70,000.00
Call For Lowest Price!
FortiWeb-Cloud-WAF-as-a-Service - Additional 1 web site - Annual Subscription
FortiWeb-Cloud-WAF-as-a-Service 1 Year FortiWeb Cloud WAF-as-a-Service - Additional 1 web site - Annual Subscription
#FC1-10-WBCLD-655-02-12
Our Price: $600.00
FortiWeb-Cloud-WAF-as-a-Service 3 Year FortiWeb Cloud WAF-as-a-Service - Additional 1 web site - Annual Subscription
#FC1-10-WBCLD-655-02-36
Our Price: $1,800.00
FortiWeb-Cloud-WAF-as-a-Service 5 Year FortiWeb Cloud WAF-as-a-Service - Additional 1 web site - Annual Subscription
#FC1-10-WBCLD-655-02-60
Our Price: $3,000.00
FortiWeb-Cloud-WAF-as-a-Service - Additional 5 web sites - Annual Subscription
FortiWeb-Cloud-WAF-as-a-Service 1 Year FortiWeb Cloud WAF-as-a-Service - Additional 5 web sites - Annual Subscription
#FC2-10-WBCLD-655-02-12
Our Price: $2,400.00
FortiWeb-Cloud-WAF-as-a-Service 3 Year FortiWeb Cloud WAF-as-a-Service - Additional 5 web sites - Annual Subscription
#FC2-10-WBCLD-655-02-36
Our Price: $7,200.00
FortiWeb-Cloud-WAF-as-a-Service 5 Year FortiWeb Cloud WAF-as-a-Service - Additional 5 web sites - Annual Subscription
#FC2-10-WBCLD-655-02-60
Our Price: $12,000.00
Fortinet SubscriptionLicense with Standard Bundle for FortiWeb-VM (16 CPU)
Subscription license with Bundle for FortiWeb-VM (16 CPU) 1 Year Subscription license for FortiWeb-VM (16 CPU) with Standard bundle included
#FC5-10-WBVMS-916-02-12
List Price: $47,667.00
Our Price: $41,270.09
Call For Lowest Price!
Subscription license with Bundle for FortiWeb-VM (16 CPU) 3 Year Subscription license for FortiWeb-VM (16 CPU) with Standard bundle included
#FC5-10-WBVMS-916-02-36
List Price: $143,001.00
Our Price: $123,810.27
Call For Lowest Price!
Subscription license with Bundle for FortiWeb-VM (16 CPU) 5 Year Subscription license for FortiWeb-VM (16 CPU) with Standard bundle included
#FC5-10-WBVMS-916-02-60
List Price: $238,335.00
Our Price: $206,350.44
Call For Lowest Price!
Fortinet SubscriptionLicense with Advanced Bundle for FortiWeb-VM (16 CPU)
Subscription license with Bundle for FortiWeb-VM (16 CPU) 1 Year Subscription license for FortiWeb-VM (16 CPU) with Advanced bundle included
#FC5-10-WBVMS-633-02-12
List Price: $56,247.00
Our Price: $48,698.65
Call For Lowest Price!
Subscription license with Bundle for FortiWeb-VM (16 CPU) 3 Year Subscription license for FortiWeb-VM (16 CPU) with Advanced bundle included
#FC5-10-WBVMS-633-02-36
List Price: $168,741.00
Our Price: $146,095.96
Call For Lowest Price!
Subscription license with Bundle for FortiWeb-VM (16 CPU) 5 Year Subscription license for FortiWeb-VM (16 CPU) with Advanced bundle included
#FC5-10-WBVMS-633-02-60
List Price: $281,235.00
Our Price: $243,493.26
Call For Lowest Price!
email subscribe

Enjoy Exclusive Weekly Deals from Virtual Graffiti