Skip navigation

Fortinet FortiWeb 6.3.7 CNF


"Fortinet’s Web Application Firewall (WAF), FortiWeb, protects business-critical web applications from attacks that target known and unknown vulnerabilities. FortiWeb WAF provides advanced features that defend your web applications from known and zero-day threats.  FortiWeb API protection can be used to validate API-based traffic by parsing the contents of each API call using XML, JSON API, and RESTful API and natively supporting HTTP/2.


Using an advanced multi-layered approach, FortiWeb protects against the OWASP Top 10 and many other threats. FortiWeb Machine Learning (ML) models the protection for each application, without requiring the time-consuming manual tuning. With ML, FortiWeb identifies anomalous behavior and distinguishes between malicious and benign anomalies. The solution also features robust bot mitigation capabilities, allowing benign bots to connect (e.g. search engines) while blocking malicious bot activity.


FortiWeb’s first layer of defense uses traditional WAF detection engines (e.g. attack signatures, IP address reputation, protocol validation, and more) to identify and block malicious traffic, powered by intelligence from Fortinet’s industry leading security research from FortiGuard Labs. FortiWeb’s Machine Learning detection engine then examines traffic that passes this first layer, using a continuously updated model of the application to identify malicious anomalies and block them as well.


In addition to the certified CNF, FortiWeb is also available as a VNF and as an appliance with purpose-build security processing units, accelerating SSL-encrypted traffic inspection. In addition, FortiWeb is available as a cloud-native SaaS solution in AWS, Azure and GCP to provide WAF protection right next to the cloud-based applications"

*Information provided by Fortinet