Fortinet Managed Rules for AWS WAF - SQLi/XSS

We are using Fortinet Managed Rules for AWS WAF  for one of our front-end applications called the lockers application, where it will be interacted with our postmen in Belgium. For that application to protect against hackers and bots, we are using these WAF  rules.

Currently, I have used Fortinet Managed Rules for AWS WAF  in the AWS  service provider for cloud. We have integrated this in the WAF  for the locker application, which is an end customer application, and we receive around thousands to hundreds of thousands of requests coming to our application. Since this is publicly exposed, we are using it to make our application more secure and robust without any downtime or security attacks.

Fortinet Managed Rules for AWS WAF is mainly used for controlling the use of bots and hackers, and tracking geolocation rules and source IP behaviors, which is very helpful in our application and organization from a security perspective.

The main features include integration with AWS , Azure , and Google Cloud . Additionally, it helps protect against OWASP Top 10 vulnerabilities, helps prevent data breaching, and ensures regulatory compliance.

Fortinet Managed Rules for AWS WAF has positively impacted us. We were not having financial losses because our application, the lockers, is where citizens place their parcels. Someone could potentially try to manipulate those devices. To protect against such security risks and penalties, this solution helped notify us about what is coming to our application from a hacker's perspective and how they are trying to exploit the application. To mitigate these things, it has been helpful for us.

Since using Fortinet Managed Rules for AWS WAF, financial losses have gradually decreased. Because this is a customer-facing environment where citizens of Belgium use the lockers to place their parcels, we were able to mitigate this risk. Additionally, whenever a hacker was trying to exploit the system and asking for a bounty, that threat was completely eliminated. These two things are very valuable for our application to mitigate.

Fortinet Managed Rules for AWS WAF should have AI-driven threat detection to reduce false positives, and the UI should be improved. Additionally, improvements should be made to the logging methods and web application protection. It should also be more effective for modern environments, and as the world evolves along with AI, it should evolve with an AI-driven architecture as well.

We are emerging in the AI space, and Fortinet Managed Rules for AWS WAF should be AI compatible as well. I am not certain whether it is AI compatible, as I have not used that particular service. I suggest enhancing it for more AI-driven applications.

I have been using Fortinet Managed Rules for AWS WAF for the last one year.

Fortinet Managed Rules for AWS WAF is stable.

Fortinet Managed Rules for AWS WAF was easily scaled without any issues. We did not have to monitor anything, but it scaled directly.

The customer support for Fortinet Managed Rules for AWS WAF was very prompt. Whenever assistance was needed, there was always an engineer available to help us. I really appreciate their support.

I have not used any other services. I am directly using Fortinet Managed Rules for AWS WAF only.

I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace , which is the only option available.

Since it is present in AWS, the cost of Fortinet Managed Rules for AWS WAF is not high, and my customer is also happy with the cost and the work it is doing. At the integration level, it is a click and use solution.

For return on investment, since we are protecting our application from Layer 7 attacks and deadly attacks, Fortinet Managed Rules for AWS WAF helps us prevent data breaches and protects against hackers trying to exploit the lockers or someone trying to steal parcels from the lockers. For that, it has been very helpful.

I checked F5 and Imperva before choosing Fortinet Managed Rules for AWS WAF. Comparing all those options, I made the decision to use Fortinet.

I would rate Fortinet Managed Rules for AWS WAF a seven out of ten. I highly recommend others to try Fortinet Managed Rules for AWS WAF and see how exactly these managed rules are working.

My main use case for Fortinet Managed Rules for AWS WAF  is to manage our rules and utilize its pre-configured security rules as an AWS WAF  forensic provider.

The best features Fortinet Managed Rules for AWS WAF  offers include regularly updated rules which incorporate the latest threat intelligence, logs, alerts, and the ability to block malicious requests that we have found on this WAF .

Fortinet Managed Rules for AWS WAF  positively impacts my organization by providing protections against API-based attacks, rule-based security, and threat intelligence from FortiGuard.

Improvements for Fortinet Managed Rules for AWS WAF could enhance its capabilities as a cloud-based software application by directly identifying application model-wise for monthly usage which resembles billing concerning AWS  billing, deployment, and infrastructure management.

I find Fortinet Managed Rules for AWS WAF acceptable with no specific recommendations for improvements.

There are no additional improvements needed for Fortinet Managed Rules for AWS WAF that I have not mentioned.

I have been using Fortinet Managed Rules for AWS WAF for one year.

Fortinet Managed Rules for AWS WAF is stable.

The scalability of Fortinet Managed Rules for AWS WAF ensures stability while handling large traffic volumes efficiently, making it a suitable enterprise application.

Customer support is good, and customers are expressing satisfaction.

I did not previously use a different solution.

I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace .

My company has a business relationship with this vendor as a partner.

I have seen a return on investment with money saved and time saved.

My experience with pricing, setup cost, and licensing for Fortinet Managed Rules for AWS WAF is acceptable as a budgetary matter.

Before choosing Fortinet Managed Rules for AWS WAF, I did not evaluate other options.

I have no additional comments or advice to give to others looking into using Fortinet Managed Rules for AWS WAF. I have no additional thoughts about Fortinet Managed Rules for AWS WAF. I would rate this product a 10.

My main use case for Fortinet Managed Rules for AWS WAF  is to use it as a firewall to protect my internal device which is in the internal network in AWS  and the internet.

To protect my internal device, I had some servers inside the internal network in AWS , one of which is a published server, a web server, that we would like to publish some of this website's application to users outside in our previous company. We have an application hosted in AWS that has a web interface accessible through multiple tablets connected to around 110 trucks all around Egypt, and we have used Fortinet Managed Rules for AWS WAF  to publish only this website to a specific number of tablets.

Regarding my main use case, we choose the right rule which is only publishing this web interface with a specific port, and we changed this port to a non-standard port to be able to be secured, and changing the port also decreases the threats usually aimed at the default ports for HTTP and HTTPS.

Fortinet Managed Rules for AWS WAF  offers the best features by protecting my servers and blocking unauthorized access while also giving me the flexibility to only enable allowed access.

The flexibility it offers for enabling allowed access works for me as I have multiple websites on this server using multiple ports, so using port address translation allows us to publish only a specific website.

Fortinet Managed Rules for AWS WAF  has positively impacted my organization by decreasing the risk and vulnerability and the threats to attack my internal server.

I do not have anything else to add about the needed improvements. I chose eight out of ten for my rating because there are some competitor software or applications that offer more advanced rules and policies.

I have been using Fortinet Managed Rules for AWS WAF for two years.

Fortinet Managed Rules for AWS WAF is stable.

I cannot comment on its scalability because I have only a couple of servers in AWS and was using it with only two servers.

I did not use customer support because I did the configuration by myself.

I did not previously use a different solution, as this was the first time solution to do that, and after that, I have also used the WAF for Huawei Cloud.

I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace .

My experience with pricing, setup costs, and licensing is that I did not take a large amount or large package, so it is acceptable for me.

My company does not have a business relationship with this vendor other than being a customer.

A general sense is that Fortinet Managed Rules for AWS WAF is decreasing our risk.

I do not have an exact number or figures or metrics to share, but based on what we are checking on the logs, we find that multiple unauthenticated access attempts have already been blocked.

My experience with pricing, setup costs, and licensing is that I did not take a large amount or large package, so it is acceptable for me.

I did not evaluate other options before choosing Fortinet Managed Rules for AWS WAF.

My advice to others looking into using Fortinet Managed Rules for AWS WAF is that it is reasonable, flexible, and cost-sufficient.

In my point of view, Fortinet Managed Rules for AWS WAF is acceptable, as I did not face any issue or any complicated configuration. I gave this product a rating of eight out of ten.

I have been using Fortinet Managed Rules for AWS WAF  mainly for protection against common web attacks like SQL injection, cross-site scripting, and remote code execution, securing AWS  workloads, including virtual patching, API and application protection, and continuous threat intelligence updates.

In virtual patching with Fortinet Managed Rules for AWS WAF , it blocks an exploit at the WAF  layer before the code fix, which is illustrated by a typical scenario where I have a web app running on Amazon EC2  with a discovered vulnerability, such as an SQL injection in the login API, where an urgent fix is required but takes days, allowing attackers to exploit it. By enabling Fortinet Managed Rules for AWS WAF  group in WAF, SQLi detection and payload pattern blocking are provided, so malicious requests are blocked before reaching the app.

A fintech app had a login endpoint vulnerable to SQLi, and with a three-day patch ETA, Fortinet Managed Rules for AWS WAF rules immediately blocked the SQLi patterns with no downtime, avoiding the need for a hotfix.

Fortinet Managed Rules for AWS WAF offers many features, starting with the API security rule set, which covers SQL injection, XSS, command injection, file inclusion, deserialization, and is particularly essential for API apps protecting against JSON payload manipulation, API abuse patterns, and injection via API parameters.

Fortinet Managed Rules for AWS WAF API rules help with API security compared to other tools I have used. With Fortinet Managed Rules for AWS WAF API, there is no need to write complex custom rules, which contrasts with other setups where I must write JSON inspection rules and regex for payload validation, saving significant time in rule creation and testing, since Fortinet Managed Rules for AWS WAF understands API behavior patterns and automatically detects abnormal parameter changes and JSON injections, including bot detection, credential stuffing detection, and requires minimal maintenance due to continuous updates.

Staging Mode with count-to-block feature of Fortinet Managed Rules for AWS WAF helps avoid breaking production traffic, as it allows for rule tuning before switching to block mode, and its visibility and logging offer detailed insights into triggered rules and malicious payloads, aiding incident investigation.

Fortinet Managed Rules for AWS WAF has had a clear positive impact on my organization, with a significant reduction in attack traffic. I had frequently seen SQL injection attempts previously, and after enabling Fortinet Managed Rules for AWS WAF, a large portion was automatically blocked at the edge, resulting in fewer security incidents and reduced operational efforts.

After implementing Fortinet Managed Rules for AWS WAF, I observed measurable improvements, with around 70 to 90% of common web attack traffic blocked, a 60% reduction in application-level security alerts and incidents, and a substantial decrease in the time spent on WAF management from hours per week to near zero.

Fortinet Managed Rules for AWS WAF are very effective, but areas for improvement include better visibility into rule logic, deeper API schema validation, and advanced bot management features.

For example, legitimate API payloads can be blocked due to generic pattern matching without clear logs indicating the trigger, and there is a need for more advanced capabilities in bot detection, such as device fingerprinting.

I have been using Fortinet Managed Rules for AWS WAF for almost eight or more years.

Fortinet Managed Rules for AWS WAF is stable.

Fortinet Managed Rules for AWS WAF scales very well because of its cloud-native architecture, scaling automatically with traffic without requiring infrastructure changes.

Overall, the customer support for Fortinet Managed Rules for AWS WAF has been good, although there can be some variability based on region and SLAs.

I previously relied on the native managed rule set of AWS WAF  along with custom rules, switching to Fortinet Managed Rules for AWS WAF for advanced protection and reduced operational overhead.

I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace .

I see a clear return on investment after seeing significant time savings, reduced risk, and lower infrastructure load, leading to cost efficiency without needing to scale the security team.

My experience with pricing and licensing for Fortinet Managed Rules for AWS WAF through AWS Marketplace  was straightforward with minimal setup costs, aligning well with the AWS  pay-as-you-go model.

Before selecting Fortinet Managed Rules for AWS WAF, I evaluated AWS native rules, Cloudflare , F5, and Imperva, but Fortinet Managed Rules for AWS WAF offered the best balance of security and operational efficiency.

Fortinet Managed Rules for AWS WAF have helped me in many scenarios.

If someone is planning to use Fortinet Managed Rules for AWS WAF, I recommend starting in count mode, understanding the application and traffic, tuning for sensitive endpoints, and testing in lower environments.

Fortinet Managed Rules for AWS WAF have been foundational for my security stack, providing a good balance between strong out-of-the-box protection and reduced operational overhead. I would rate my overall experience with Fortinet Managed Rules for AWS WAF as an eight out of ten.

Our primary use case is protecting public‑facing web applications hosted on AWS  against common web threats while reducing the effort required to manage custom WAF  rules. We use Fortinet Managed Rules to enhance baseline AWS WAF  protection, particularly for OWASP Top 10 vulnerabilities, malicious bots, and abnormal web traffic.

The managed rule sets help standardize application security across workloads fronted by AWS  services such as Application Load Balancers  and CloudFront, while allowing us to focus on operations rather than constant rule tuning.

Fortinet Managed Rules for AWS WAF  have helped strengthen our overall web application security posture while significantly reducing operational effort. By using managed rule sets, we improved protection against common OWASP Top 10 threats and malicious bot traffic without continuously maintaining custom rules.

Automatic updates from Fortinet reduced manual intervention, improved consistency across applications, and allowed the team to focus more on operations and monitoring rather than rule maintenance.

One of the best features of Fortinet Managed Rules for AWS WAF  is the automation of rule updates, which significantly reduces the need for manual intervention. The managed rule sets provide effective coverage for common OWASP Top 10 threats, SQL injection attempts, and malicious bot activity, helping strengthen baseline application security.

Bot control and traffic filtering capabilities have been particularly useful in ensuring that incoming traffic is legitimate, improving visibility into request behavior and reducing unwanted or suspicious activity. The ability to quickly apply policies such as geo‑blocking and IP reputation checks through AWS WAF  integration also saves time and simplifies daily operations. Overall, these features help balance strong security with lower operational overhead.

Fortinet Managed Rules for AWS WAF  could be improved by providing more granular visibility and tuning capabilities while still keeping the managed nature of the service. Simplifying  rule customization and offering clearer insights into why certain rules trigger would help reduce the effort required to fine‑tune policies for complex applications.

Additional enhancements around analytics and reporting — such as faster access to traffic insights and clearer threat context — would further improve operational efficiency and help teams respond more quickly to security events.

I have been using Fortinet Managed Rules for AWS WAF for over three years as part of our AWS web application security operations.

Fortinet Managed Rules for AWS WAF has been stable and reliable in our environment. Over the past several months of use, we have not experienced service disruptions, unexpected behavior, or rule‑related issues impacting application availability.

The managed updates have been applied smoothly without requiring manual intervention, which has helped maintain consistent protection while keeping operations stable.

Fortinet Managed Rules for AWS WAF scale well because they are built on top of AWS WAF’s cloud‑native architecture. The solution automatically scales with application traffic, allowing protection to remain consistent during traffic spikes without requiring manual intervention or additional infrastructure.

From an operational perspective, the managed rule updates and native integration with AWS services make it easier to maintain consistent security as environments grow. This scalability is particularly useful for applications hosted behind AWS Application Load Balancers  or CloudFront where traffic patterns can change dynamically.

Our experience with customer service and technical support has been positive. When support was needed, responses were timely and knowledgeable, and issues were addressed efficiently. Overall, the support experience has been reliable and adequate for operational needs.

Previously, we used an open‑source solution based on pfSense, primarily due to budget constraints at the time. While it provided flexibility, it required significant manual configuration and ongoing management. As our environment matured, we moved to a managed solution to reduce operational overhead and improve consistency in application security.

The initial setup was straightforward. We purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace , and enabling the managed rule sets within AWS WAF was simple. Since it integrates natively with AWS WAF, there was no additional infrastructure to deploy, and the configuration process was quick and easy to manage.

No, we did not use an integrator, reseller, or external consultant for the deployment. The solution was implemented internally, and the integration with AWS WAF was straightforward enough to manage without third‑party assistance.

While it is difficult to quantify ROI strictly in terms of direct cost savings, we have seen positive returns through improved security posture and operational efficiency. Fortinet Managed Rules for AWS WAF reduced the time and effort required to manage and update WAF rules manually, allowing the team to focus on monitoring and response rather than constant tuning.

From a risk‑reduction perspective, preventing web attacks and ensuring consistent application availability provides clear business value, even if the benefits are not always directly measurable in monetary terms.

Our experience with pricing and licensing has been reasonable and aligned with the value provided. As a managed solution integrated with AWS WAF, the setup cost was relatively low compared to deploying and maintaining standalone infrastructure.

Licensing was straightforward and flexible, allowing us to scale protection based on actual security needs. While cost considerations always depend on the level of protection required, the overall pricing felt justified given the reduced operational effort and ongoing rule management handled by the vendor.

Before selecting Fortinet Managed Rules for AWS WAF, we evaluated other solutions such as Palo Alto and Sophos. These options provided strong security capabilities but typically required more complex deployment models or additional infrastructure and management overhead in a cloud‑native AWS environment.

Fortinet Managed Rules integrated more seamlessly with AWS WAF and offered a simpler, managed approach to rule updates and ongoing maintenance. This made it easier to standardize web application security while reducing operational effort compared to the alternatives we reviewed.

I would rate Fortinet Managed Rules for AWS WAF 8 out of 10.

My advice to other organizations would be to clearly assess their application security requirements and operational capabilities before selecting a WAF solution. Fortinet Managed Rules work well for teams looking to strengthen baseline web application security on AWS without taking on heavy rule‑management overhead.

The combination of native AWS WAF scalability with Fortinet’s managed threat intelligence provides a good balance between cloud‑native simplicity and enterprise‑grade security. For organizations that value ease of deployment, automated updates, and consistent protection, this solution is a strong and practical choice.