I have been using Fortinet Managed Rules for AWS WAF mainly for protection against common web attacks like SQL injection, cross-site scripting, and remote code execution, securing AWS workloads, including virtual patching, API and application protection, and continuous threat intelligence updates.

In virtual patching with Fortinet Managed Rules for AWS WAF, it blocks an exploit at the WAF layer before the code fix, which is illustrated by a typical scenario where I have a web app running on Amazon EC2 with a discovered vulnerability, such as an SQL injection in the login API, where an urgent fix is required but takes days, allowing attackers to exploit it. By enabling Fortinet Managed Rules for AWS WAF group in WAF, SQLi detection and payload pattern blocking are provided, so malicious requests are blocked before reaching the app.

A fintech app had a login endpoint vulnerable to SQLi, and with a three-day patch ETA, Fortinet Managed Rules for AWS WAF rules immediately blocked the SQLi patterns with no downtime, avoiding the need for a hotfix.

Fortinet Managed Rules for AWS WAF offers many features, starting with the API security rule set, which covers SQL injection, XSS, command injection, file inclusion, deserialization, and is particularly essential for API apps protecting against JSON payload manipulation, API abuse patterns, and injection via API parameters.

Fortinet Managed Rules for AWS WAF API rules help with API security compared to other tools I have used. With Fortinet Managed Rules for AWS WAF API, there is no need to write complex custom rules, which contrasts with other setups where I must write JSON inspection rules and regex for payload validation, saving significant time in rule creation and testing, since Fortinet Managed Rules for AWS WAF understands API behavior patterns and automatically detects abnormal parameter changes and JSON injections, including bot detection, credential stuffing detection, and requires minimal maintenance due to continuous updates.

Staging Mode with count-to-block feature of Fortinet Managed Rules for AWS WAF helps avoid breaking production traffic, as it allows for rule tuning before switching to block mode, and its visibility and logging offer detailed insights into triggered rules and malicious payloads, aiding incident investigation.

Fortinet Managed Rules for AWS WAF has had a clear positive impact on my organization, with a significant reduction in attack traffic. I had frequently seen SQL injection attempts previously, and after enabling Fortinet Managed Rules for AWS WAF, a large portion was automatically blocked at the edge, resulting in fewer security incidents and reduced operational efforts.

After implementing Fortinet Managed Rules for AWS WAF, I observed measurable improvements, with around 70 to 90% of common web attack traffic blocked, a 60% reduction in application-level security alerts and incidents, and a substantial decrease in the time spent on WAF management from hours per week to near zero.

Fortinet Managed Rules for AWS WAF are very effective, but areas for improvement include better visibility into rule logic, deeper API schema validation, and advanced bot management features.

For example, legitimate API payloads can be blocked due to generic pattern matching without clear logs indicating the trigger, and there is a need for more advanced capabilities in bot detection, such as device fingerprinting.

I have been using Fortinet Managed Rules for AWS WAF for almost eight or more years.

Fortinet Managed Rules for AWS WAF is stable.

Fortinet Managed Rules for AWS WAF scales very well because of its cloud-native architecture, scaling automatically with traffic without requiring infrastructure changes.

Overall, the customer support for Fortinet Managed Rules for AWS WAF has been good, although there can be some variability based on region and SLAs.

I previously relied on the native managed rule set of AWS WAF along with custom rules, switching to Fortinet Managed Rules for AWS WAF for advanced protection and reduced operational overhead.

I purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace.

I see a clear return on investment after seeing significant time savings, reduced risk, and lower infrastructure load, leading to cost efficiency without needing to scale the security team.

My experience with pricing and licensing for Fortinet Managed Rules for AWS WAF through AWS Marketplace was straightforward with minimal setup costs, aligning well with the AWS pay-as-you-go model.

Before selecting Fortinet Managed Rules for AWS WAF, I evaluated AWS native rules, Cloudflare, F5, and Imperva, but Fortinet Managed Rules for AWS WAF offered the best balance of security and operational efficiency.

Fortinet Managed Rules for AWS WAF have helped me in many scenarios.

If someone is planning to use Fortinet Managed Rules for AWS WAF, I recommend starting in count mode, understanding the application and traffic, tuning for sensitive endpoints, and testing in lower environments.

Fortinet Managed Rules for AWS WAF have been foundational for my security stack, providing a good balance between strong out-of-the-box protection and reduced operational overhead. I would rate my overall experience with Fortinet Managed Rules for AWS WAF as an eight out of ten.

Our primary use case is protecting public‑facing web applications hosted on AWS against common web threats while reducing the effort required to manage custom WAF rules. We use Fortinet Managed Rules to enhance baseline AWS WAF protection, particularly for OWASP Top 10 vulnerabilities, malicious bots, and abnormal web traffic.

The managed rule sets help standardize application security across workloads fronted by AWS services such as Application Load Balancers and CloudFront, while allowing us to focus on operations rather than constant rule tuning.

Fortinet Managed Rules for AWS WAF have helped strengthen our overall web application security posture while significantly reducing operational effort. By using managed rule sets, we improved protection against common OWASP Top 10 threats and malicious bot traffic without continuously maintaining custom rules.

Automatic updates from Fortinet reduced manual intervention, improved consistency across applications, and allowed the team to focus more on operations and monitoring rather than rule maintenance.

One of the best features of Fortinet Managed Rules for AWS WAF is the automation of rule updates, which significantly reduces the need for manual intervention. The managed rule sets provide effective coverage for common OWASP Top 10 threats, SQL injection attempts, and malicious bot activity, helping strengthen baseline application security.

Bot control and traffic filtering capabilities have been particularly useful in ensuring that incoming traffic is legitimate, improving visibility into request behavior and reducing unwanted or suspicious activity. The ability to quickly apply policies such as geo‑blocking and IP reputation checks through AWS WAF integration also saves time and simplifies daily operations. Overall, these features help balance strong security with lower operational overhead.

Fortinet Managed Rules for AWS WAF could be improved by providing more granular visibility and tuning capabilities while still keeping the managed nature of the service. Simplifying rule customization and offering clearer insights into why certain rules trigger would help reduce the effort required to fine‑tune policies for complex applications.

Additional enhancements around analytics and reporting — such as faster access to traffic insights and clearer threat context — would further improve operational efficiency and help teams respond more quickly to security events.

I have been using Fortinet Managed Rules for AWS WAF for over three years as part of our AWS web application security operations.

Fortinet Managed Rules for AWS WAF has been stable and reliable in our environment. Over the past several months of use, we have not experienced service disruptions, unexpected behavior, or rule‑related issues impacting application availability.

The managed updates have been applied smoothly without requiring manual intervention, which has helped maintain consistent protection while keeping operations stable.

Fortinet Managed Rules for AWS WAF scale well because they are built on top of AWS WAF’s cloud‑native architecture. The solution automatically scales with application traffic, allowing protection to remain consistent during traffic spikes without requiring manual intervention or additional infrastructure.

From an operational perspective, the managed rule updates and native integration with AWS services make it easier to maintain consistent security as environments grow. This scalability is particularly useful for applications hosted behind AWS Application Load Balancers or CloudFront where traffic patterns can change dynamically.

Our experience with customer service and technical support has been positive. When support was needed, responses were timely and knowledgeable, and issues were addressed efficiently. Overall, the support experience has been reliable and adequate for operational needs.

Previously, we used an open‑source solution based on pfSense, primarily due to budget constraints at the time. While it provided flexibility, it required significant manual configuration and ongoing management. As our environment matured, we moved to a managed solution to reduce operational overhead and improve consistency in application security.

The initial setup was straightforward. We purchased Fortinet Managed Rules for AWS WAF through the AWS Marketplace, and enabling the managed rule sets within AWS WAF was simple. Since it integrates natively with AWS WAF, there was no additional infrastructure to deploy, and the configuration process was quick and easy to manage.

No, we did not use an integrator, reseller, or external consultant for the deployment. The solution was implemented internally, and the integration with AWS WAF was straightforward enough to manage without third‑party assistance.

While it is difficult to quantify ROI strictly in terms of direct cost savings, we have seen positive returns through improved security posture and operational efficiency. Fortinet Managed Rules for AWS WAF reduced the time and effort required to manage and update WAF rules manually, allowing the team to focus on monitoring and response rather than constant tuning.

From a risk‑reduction perspective, preventing web attacks and ensuring consistent application availability provides clear business value, even if the benefits are not always directly measurable in monetary terms.

Our experience with pricing and licensing has been reasonable and aligned with the value provided. As a managed solution integrated with AWS WAF, the setup cost was relatively low compared to deploying and maintaining standalone infrastructure.

Licensing was straightforward and flexible, allowing us to scale protection based on actual security needs. While cost considerations always depend on the level of protection required, the overall pricing felt justified given the reduced operational effort and ongoing rule management handled by the vendor.

Before selecting Fortinet Managed Rules for AWS WAF, we evaluated other solutions such as Palo Alto and Sophos. These options provided strong security capabilities but typically required more complex deployment models or additional infrastructure and management overhead in a cloud‑native AWS environment.

Fortinet Managed Rules integrated more seamlessly with AWS WAF and offered a simpler, managed approach to rule updates and ongoing maintenance. This made it easier to standardize web application security while reducing operational effort compared to the alternatives we reviewed.

I would rate Fortinet Managed Rules for AWS WAF 8 out of 10.

My advice to other organizations would be to clearly assess their application security requirements and operational capabilities before selecting a WAF solution. Fortinet Managed Rules work well for teams looking to strengthen baseline web application security on AWS without taking on heavy rule‑management overhead.

The combination of native AWS WAF scalability with Fortinet’s managed threat intelligence provides a good balance between cloud‑native simplicity and enterprise‑grade security. For organizations that value ease of deployment, automated updates, and consistent protection, this solution is a strong and practical choice.

I have been using Fortinet Managed Rules for AWS WAF for one year or more. The main use case for Fortinet Managed Rules for AWS WAF is that it protects from any malicious attack for URLs, including injection or SQL injection, limits requests for denial of service, or addresses middleware attacks.

Fortinet Managed Rules for AWS WAF is useful and easy to use and manage, as it can handle use cases for denial of service and limited access, and serve as an application firewall for controlling who can access the application from outside the organization.

The best features Fortinet Managed Rules for AWS WAF offers include the ease of FortiManager, which allows me to manage multiple WAFs from a single dashboard. Having everything on one dashboard helps speed up my team's workflow and efficiency because with one dashboard, I am not moving to another, and it uses multiple links, making it protected and easy for operation and management.

Fortinet Managed Rules for AWS WAF positively impacts my organization by providing protection. Since using Fortinet Managed Rules for AWS WAF, I have seen a positive impact, including improved security and easier management. I have noticed fewer attacks due to limiting the requests, or if someone tries a man-in-the-middle attack to steal the communication between the application and the end-user, as the service has protected many things from man-in-the-middle attacks, denial of service, and SQL server attacks.

Fortinet Managed Rules for AWS WAF can be improved by enhancing the dashboard and fine-tuning it depending on what service will be protected.

I have been working in my current field for more than three years.

Fortinet Managed Rules for AWS WAF is stable.

The scalability of Fortinet Managed Rules for AWS WAF is useful, as it increases the scalability and protection from external services.

The customer support for Fortinet Managed Rules for AWS WAF is very nice, as it is easy to access and has a fast response.

I have seen a return on investment, particularly in time saved, and it protects my external services from attackers.

My experience with pricing, setup cost, and licensing has shown that the setup cost is very useful and the cost is very cheap for using this service as a SaaS solution, which hopefully supports my organization.

I evaluated other options before choosing Fortinet Managed Rules for AWS WAF.

I advise others looking into using Fortinet Managed Rules for AWS WAF that it is easy for deployment, easy for management, and easy for configuration. I would rate this product an eight out of ten.

My main use of Fortinet Managed Rules for AWS WAF is to protect web applications from common threats like SQL injection, XSS, and bot traffic. I use it to automatically detect and block malicious requests and improve overall application security. In addition to basic protection, I also focus on monitoring logs, tuning rules to reduce false positives, and improving overall application security performance.

The best features of Fortinet Managed Rules for AWS WAF are automatic protection against OWASP threats, real-time threat updates, easy integration with AWS WAF, and reduced manual effort through preconfigured rulesets.

Automatic protection with Fortinet Managed Rules for AWS WAF helps block threats instantly without manual effort, and real-time updates ensure the application stays protected against new and evolving attacks.

Additionally, Fortinet Managed Rules for AWS WAF offers easy rule customization, better visibility through logs, and helps reduce false positives while maintaining strong security.

Fortinet Managed Rules for AWS WAF has positively impacted my organization by improving application security by blocking threats automatically, reducing manual effort, and ensuring consistent protection with real-time updates.

It helped to reduce security incidents, save time by automating threat protection, and improved overall efficiency in managing web application security. It helped save time by reducing manual monitoring, lowered security risk, and improved efficiency by automating threat protection with minimal resources.

Fortinet Managed Rules for AWS WAF can be improved by offering more customization options, better visibility into rule behavior, and easier tuning to reduce false positives.

Adding simpler rule tuning, clearer insight into blocked traffic, and better integration with monitoring tools would further improve usability.

Currently, I have been learning and working with AWS and WAF and Fortinet Managed Rules for the past few months through hands-on practice and self-learning.

Fortinet Managed Rules for AWS WAF have been stable overall with consistent performance and minimal disruption. Updates are regular, and it handles traffic without a noticeable impact on application performance.

Fortinet Managed Rules for AWS WAF is highly scalable. It works with AWS infrastructure and can handle increased traffic automatically without requiring major manual changes.

Customer support for Fortinet Managed Rules for AWS WAF is generally good with timely responses and helpful guidance, especially for setups and troubleshooting issues.

Earlier I relied on basic WAF rules, but I switched to Fortinet Managed Rules for better automation, stronger threat protection, and reduced manual effort.

Fortinet Managed Rules are typically purchased through the AWS Marketplace.

The pricing for Fortinet Managed Rules for AWS WAF is generally pay-as-you-go through AWS Marketplace with no major setup costs. Licensing is flexible, but cost can increase based on usage and traffic.

I also evaluated options like AWS native managed rules and other third-party WAF rulesets, but I chose Fortinet for better threat intelligence, automation, and ease of management.

I chose a rating of eight out of ten for Fortinet Managed Rules for AWS WAF because it provides strong automated security and ease of use, but there is still room for improvement in customization and detailed visibility.

My main use case for Fortinet Managed Rules for AWS WAF is having the OWASP rule set in place so it can work with the latest kinds of attacks, mitigations, and all.

One of the best features of Fortinet Managed Rules for AWS WAF is the depth and quality of the threat protection that it provides. The rule sets are regularly updated with FortiGuard Threat Intelligence, which helps in protecting against evolving threats such as SQL injection, XSS, bot attacks, and zero-day vulnerabilities, without requiring any constant manual tuning. Another key advantage is the ease of deployment with the integration with AWS WAF.

Fortinet Managed Rules for AWS WAF offers strong, enterprise-grade protection with minimal effort. One of the biggest advantages is the integration of the FortiGuard Threat Intelligence, which ensures that rules are continuously updated to defend against the latest threats such as SQL injection, XSS, and emerging vulnerabilities. The rules are also well-optimized to reduce false positives, which is critical in production environments, while providing flexibility to fine-tune behavior using exclusion overrides, allowing security teams to balance protection and application availability.

I would like to highlight how the threat intelligence updates have impacted my team. Since the rules are continuously updated, we do not have to manually track every new vulnerability or threat pattern, significantly reducing our operational effort and ensuring that we are always protected against the latest attack vectors without delays. The ease of deployment made a big difference; we were able to quickly onboard the application into AWS WAF, which helped us improve our security posture in a very short time. The consistency of protection across the application helped standardize our security approach; instead of creating custom rules for every application, we relied on these managed rules for a strong baseline and fine-tuned only where necessary.

Fortinet Managed Rules for AWS WAF has had a very positive impact on my organization, especially in terms of improving my overall security posture and reducing the operational effort. One of the biggest benefits has been proactive threat protection, allowing us to protect our applications against common and emerging threats without having to manually track every vulnerability, giving us confidence that our applications are consistently secured. From an operational perspective, it significantly reduces the time and effort required for rule management. Instead of building and maintaining complex custom rules, we leverage the managed rule set for a strong baseline and focus only on fine-tuning wherever necessary. This helps my team save time and improve efficiency, while also minimizing the risk related to false positives and downtime. The rules are well optimized, and with proper tuning, we maintain a good balance between security and application availability, which is critical for business continuity. Additionally, the visibility through AWS WAF logs allows us to better understand attack patterns and improve our response strategy over time. Overall, it enables us to achieve stronger, more consistent security while simplifying the operational side and allowing the team to focus on higher-value tasks.

Fortinet Managed Rules for AWS WAF has had a very measurable positive impact on my organization, both in terms of security improvement and operational efficiency. From a security standpoint, we observe a noticeable reduction in web-based attack incidents reaching the application layer. Common threats such as SQL injection, XSS, and bot-driven attacks are effectively blocked at the WAF level itself, which reduces the burden on the back-end systems and incident response teams. Operationally, it helps us save a significant amount of time; earlier, a lot of effort was spent on creating and tuning the custom rules. With Fortinet Managed Rules for AWS WAF, we use them as a baseline and focus on fine-tuning, which reduces our rule management effort by around 40 to 50 percent, especially during the onboarding of any new application. We also see faster deployment timelines; new applications can be protected within hours instead of days, improving our overall security onboarding process. In terms of cost and efficiency, fewer incidents and reduced manual effort indirectly lead to cost savings, particularly by minimizing the downtime risk and reducing the need for continuous rule maintenance. The improved visibility from AWS WAF logs helps us identify attack trends and proactively adjust our security posture. Overall, Fortinet Managed Rules for AWS WAF help us strengthen security, reduce operational overhead, and improve deployment speed, making our WAF management more efficient and scalable.

Fortinet Managed Rules for AWS WAF is strong overall, but there are a few areas where improvements could make it even more effective. One area is around the visibility and transparency of rules; while the protection is good, having more detailed insights into how specific rules are triggered and a clearer description of rule logic would help teams with faster troubleshooting and fine-tuning. Another improvement could be handling false positives. Although the rules are generally well-optimized, in some cases, additional granularity in exclusion or more context-aware tuning options would help reduce manual effort during production deployments. Better integration and centralized visibility across multiple applications and environments would also be beneficial, especially for organizations managing large-scale or multi-account AWS setups. Additionally, more customizable reporting and built-in analytics within the AWS WAF ecosystem, especially tailored for Fortinet Managed Rules for AWS WAF, would help teams quickly understand trends and make informed decisions without relying heavily on external tools. Overall, the solution is very effective, but enhancing visibility, flexibility, and reporting capabilities would further improve the user experience and operational efficiency.

One additional improvement would be more granular control and customization options within the managed rule set. While the default rule sets provide strong baseline protection, having more context-aware tuning capabilities, such as better handling based on the application behavior or user patterns, would further reduce the effort required during fine-tuning. Enhanced built-in dashboards, especially for Fortinet Managed Rules for AWS WAF, would make it easier to quickly understand rule effectiveness, false positive trends, and attack patterns without relying heavily on external tools. Another area is improved documentation and rule-level visibility, which would help teams troubleshoot faster and make more informed decisions when applying exclusions or overrides. Overall, these enhancements would further improve usability, reduce operational overhead, and make the solution even more efficient at scale.

I have been using Fortinet Managed Rules for AWS WAF for two years.

Fortinet Managed Rules for AWS WAF has been stable in my experience. I have not encountered any major issues impacting availability or performance. The rule updates from FortiGuard are applied smoothly and have not caused any disruption to my application when implemented with proper monitoring and testing. In production environments, the rules are consistently performing very well, effectively blocking malicious traffic without introducing significant latency or instability. Any minor tuning required was mainly related to false positives, which is expected with WAF solutions. Overall, the solution has been reliable and stable, making it suitable for securing critical applications.

From a management perspective, scaling across multiple applications and environments is straightforward. I apply consistent security policies across different workloads without significant additional effort.

My experience with customer support has been generally positive; the documentation and Fortinet resources are helpful, and the support response is good when needed. For more complex issues or tuning scenarios, support provides useful guidance, although response times can vary depending on the priority and complexity of the cases. Overall, the solution is both scalable and reliable, with good support that helps maintain and optimize deployments.

I was previously using a combination of custom AWS WAF rules and basic managed rule sets. While that setup provided a basic level of protection, it required significant manual effort for rule creation, tuning, and ongoing maintenance. I also faced challenges in keeping up with evolving threats and ensuring consistent protection across multiple applications. I decided to switch to Fortinet Managed Rules for AWS WAF mainly because of the advanced threat intelligence from FortiGuard, which provides continuously updated protection against new and emerging threats, reducing my dependency on manual rule updates. Operational efficiency was another key reason; with Fortinet Managed Rules for AWS WAF, I was able to standardize my WAF protection across environments and significantly reduce the time spent on rule management and tuning. Overall, the switch helped me improve security coverage, reduce operational overhead, and achieve more consistent and scalable protection.

I have seen a clear return on investment after implementing Fortinet Managed Rules for AWS WAF. One of the biggest gains is in time savings and operational efficiency. The effort required for creating and maintaining custom WAF rules reduced by around 45 to 55 percent, allowing my team to focus more on monitoring and optimization rather than rule management. I also observe a reduction in security incidents reaching back-end systems as common threats such as SQL injection, XSS, or automated bot traffic are effectively blocked at the WAF layer. This helps reduce incident handling effort and improves overall system stability. In terms of deployment, I am able to onboard and secure new applications much faster, in many cases within hours instead of days, improving my overall delivery timelines. From a cost perspective, while there is an additional licensing cost, it is offset by reduced manual effort, faster deployment, and lower risk of downtime or security breaches. Overall, it provides strong value by improving both security and efficiency without increasing team size.

My experience with pricing, setup cost, and licensing has been quite reasonable and aligned with the value provided. Since Fortinet Managed Rules for AWS WAF is available through the AWS Marketplace, the onboarding and licensing process was straightforward with no significant upfront setup cost. The pay-as-you-go model is flexible, allowing me to scale based on usage and application requirements. From a cost perspective, while there is an additional charge on top of the AWS WAF pricing, it is justified by the reduction of operational effort and the improved security coverage, helping me avoid spending excessive time and resources on building and maintaining custom rules. Overall, the pricing is fair considering the level of protection, ease of deployment, and ongoing threat intelligence updates, delivering good value, especially for organizations looking for managed security with minimal overhead.

Before choosing Fortinet Managed Rules for AWS WAF, I evaluated a few other options. I considered AWS native managed rule groups, which are easy to deploy but somewhat limited in terms of advanced threat intelligence and coverage. I also looked at third-party managed rule providers available in the AWS Marketplace, as well as alternative WAF solutions such as Cloudflare WAF and Akamai, especially for broader edge protection use cases. However, I chose Fortinet Managed Rules for AWS WAF because of the strong FortiGuard threat intelligence, frequent updates, and better balance between security coverage and operational simplicity. It also integrates seamlessly with my existing AWS WAF setup without requiring major architectural changes. Overall, Fortinet Managed Rules for AWS WAF stood out in terms of ease of deployment, consistent protection, and reduced effort for rule management compared to other options I evaluated.

I would recommend starting by using Fortinet Managed Rules for AWS WAF as a baseline protection layer rather than relying entirely on custom rule sets from the beginning. It helps quickly secure the application with minimal effort. I would also recommend enabling the rules initially in monitoring log mode, reviewing the traffic, and gradually moving to block mode. This approach helps in identifying and tuning false positives without impacting legitimate users. Another important point is to leverage AWS WAF logging and CloudWatch insights to understand traffic patterns and continuously fine-tune the rules based on application behavior. For organizations managing multiple applications, it is beneficial to standardize rule sets and apply them consistently across environments while allowing flexibility for specific exceptions. Overall, Fortinet Managed Rules for AWS WAF is very effective, but combining it with proper monitoring, tuning, and regular review will give the best results in terms of both security and performance.

Overall, Fortinet Managed Rules for AWS WAF has been a reliable and effective solution for securing my application. It provides strong baseline protection with minimal effort and integrates well within the AWS WAF ecosystem. With proper tuning and monitoring, it offers a good balance between security and performance. While there are areas for improvement in visibility and advanced customization, the solution delivers solid value and scalability for organizations managing modern cloud workloads. I would rate this solution an eight out of ten.

I am protecting our application from Layer 7 attacks, and we mainly use Fortinet Managed Rules for AWS WAF.

Let's suppose I want to protect my application from OWASP Top 10 vulnerabilities. For that, I also want to protect from SQL injection, cross-site scripting, common injection, and file inclusion attacks. For this type of attack, we use ports and scanners to identify the kind of attack, including DDoS attacks. I am using this web application firewall to protect my application.

The main use case is creating a policy and protecting applications. Fortinet Managed Rules for AWS WAF protects web applications from application-layer attacks such as SQL injection, cross-site scripting, and OWASP Top 10 vulnerabilities. It sits in front of the web server and inspects HTTP and HTTPS traffic to detect and block malicious requests. I work for an ISP, so we have some critical applications that need protection. To protect those applications, we have created different policies. I will not reveal my client's name or the type of product, but I can give an example of the architecture: client, then WAF, then the web server, then the application. From the WAF, we have created a policy to protect our web server from Layer 7 attacks.

Let's suppose I am using a REST API and I want to protect that API. We have created a policy for that, including JSON and XML request inspection, API abuse detection, and rate limiting. For this type of protection, we are using API security. We also use bot protection for credential stuffing, scraping bots, fake account creation bots, and automated login attacks. For this, we have created a policy and profiles within a security policy.

OWASP Top 10 protection is the best feature. Bot protection includes credential stuffing, scraping bots, and API security. Machine learning protection, data loss prevention, SSL/TLS inspection, and integration with cloud platforms like AWS, Azure, and Google Cloud are key features of Fortinet Managed Rules for AWS WAF.

After using these features, we are seeing fewer attacks in our organization. Fewer attacks mean we have more visibility. Fortinet Managed Rules for AWS WAF protects web applications from common cyber threats, allowing us to see the type of attack occurring, such as cross-site scripting and OWASP Top 10 vulnerabilities. This helps prevent data breaches, improve application availability, ensure regulatory compliance, and protect the organization's reputation in front of leadership, users, and clients.

Improved security means protection from Layer 7 attacks, including SQL injection, cross-site scripting, command injection, and bot attacks. Better business continuity is achieved since we are providing high availability, so the application stays available always and the service remains stable. We protect sensitive data like customer information, payment data, login credentials, and business data. We maintain compliance with security regulations including PCI DSS, GDPR, and ISO 20001. Overall, Fortinet Managed Rules for AWS WAF has positively impacted our organization by strengthening application security, preventing cyber attacks, and ensuring regulatory compliance.

Fortinet Managed Rules for AWS WAF is a strong solution for protecting web applications from OWASP Top 10 attacks and other application-layer threats. However, it could be improved by enhancing the user interface for easier policy management, providing deeper integration with multi-cloud platforms, improving reporting and analytics capabilities, and offering more advanced AI-driven threat detection to reduce false positives.

User interface and ease of management are areas where improvement is needed. Policy configuration can be complex, and navigation of the dashboard could be simpler. Better multi-integration with platforms like AWS, Azure, and Google Cloud would be beneficial. Enhanced reporting and analytics capabilities should include security visibility, attack trend analysis, and compliance reporting. Advanced AI-based features such as behavior analysis, automated threat protection, and reduced false positives would enhance the solution.

There is scope for improvement in complex logging methods, as navigation of the dashboard could be simpler. Overall, Fortinet Managed Rules for AWS WAF is a reliable solution for web application protection, but improvements in usability, analytics, and cloud integration could make it even more effective for modern environments.

I have been using Fortinet Managed Rules for AWS WAF for the last four years.

Fortinet Managed Rules for AWS WAF is very stable.

Fortinet Managed Rules for AWS WAF can be easily scaled.

Customer support was very prompt. Whenever we needed assistance, we logged a case and there was an engineer to help us. I really appreciate the support provided by Fortinet.

I have used F5 before. Now we have switched to Fortinet Managed Rules for AWS WAF. F5 is a bit costly in comparison to Fortinet Managed Rules for AWS WAF.

Return on investment through using Fortinet Managed Rules for AWS WAF is definitely positive. Since we are protecting our application from Layer 7 attacks and deadly attacks, it provides a strong return on investment by preventing costly security incidents such as data breaches, application downtime, and fraud. By blocking web attacks like SQL injection and cross-site scripting before they reach the application, we are now stopping attacks at the WAF. The organization can avoid financial losses from regulatory penalties and operational disruption. This significantly reduces the overall cost of security incidents compared to the cost of deploying the WAF.

Compared to other vendors, the price is reasonable.

I would recommend that others go for Fortinet Managed Rules for AWS WAF as it is a very reliable solution.

I give this product a review rating of 8 out of 10.

Fortinet Managed Rules for AWS WAF is used for security purposes. My major use case is API management these days.

What really stands out for me in Fortinet Managed Rules for AWS WAF is that it is good and meets our requirements. We are getting everything we need from it. The interface is straightforward with a very good GUI. It is a stateful firewall with identity-based access control. Policy-based traffic management can be done, and there is also packet inspection and application-aware traffic filtering.

Fortinet Managed Rules for AWS WAF has a very complex configuration. It has a dependency on its license for IPS signatures and web filtering, and it is resource-intensive with large requirements in very large network environments. Managing multiple firewalls, log storage, and analytics can be challenging. There are also upgrade issues and very limited third-party integrations.

The price is very high. The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it.

Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.

I have been using it for two and a half years.

I do not see any issues with the stability of the solution; it is reliable and performs well.

It is a scalable product.

I like the technical support from Fortinet.

Positive

I have never used anything similar to this product from other vendors.

Regarding installation, there are some challenges, such as setting the internal network IP and configuring it. You can deploy it on a VM, but it can be difficult to manage during the initial period.

The investment is an issue because a small company cannot afford it, but organizations with the capability are adopting it.

The price is very high.

I have never used anything similar to this product from other vendors. I have not heard of or used tools such as Coralogix, Axway, Traffic, Tyk, Apollo, Gluu Platform, or Sensedia API management.

Analytics is helpful to me, including bandwidth usage per application or user consuming the bandwidth, traffic from the source IP or destination IP, and DNS information. Fortinet Managed Rules for AWS WAF has custom security policies which we can customize based on source or destination IP, users or groups, applications, service ports, and schedules based on time. We can also customize our application controls to detect priority applications, block applications, limit applications, apply bandwidth on applications, and use custom IPS signatures to detect specific attack patterns, block unusual traffic behaviors, and protect internal applications. Custom web filtering categories can be created to allow or block specific websites, and we can control web access by users, determining which users can access which sites.

We get the benefits of continuous threat intelligence updates with very strong network security. We can integrate it with security platforms, and it offers high performance, centralized management, and advanced threat intelligence. We can access it securely with remote access, and it provides improved network visibility and cost efficiency.

The built-in analytics for real-time attack insights is good because we are using it. If I were to rate support from zero to ten points, I would give eight and a half points for their support. For Fortinet Managed Rules for AWS WAF, I would rate it the same, eight and a half points. I believe the overall solution would be closer to eight points. I would rate this product eight out of ten.

I work with Fortinet Managed Rules for AWS WAF and have been using it for the last eight months. I am using it for Web Application Firewall and API protection.

What stands out for me about Fortinet Managed Rules for AWS WAF is that it implements protection against OWASP Top 10 application security threats.

In the financial segment, I am able to protect the Payment Card Industry Data Security Standards, and this PCI DSS compliance helps me configure payment gateway integrations while also protecting against bot mitigations and utilizing the machine learning capabilities of FortiWeb.

I am using customizable rule sets. Normally, what I do is first put the application in learning mode to observe the application traffic, identify vulnerabilities, and understand what zero-day protections are missing in the current application. FortiAI assist provides contextual decision-making for integrating policy fine-tuning. After observing traffic for 15 days, I then switch to blocking mode on the application front. Built-in analytics for real-time attacks include machine learning capabilities, which is why I opted for Fortinet Managed Rules for AWS WAF to protect against bot attacks, skimming, and DDoS attacks, along with API protection.

Continuous threat intelligence updates provide real-time protection, which has a significant impact on my web application security. FortiCare Elite solution options enable me to get immediate support, typically within 15 minutes, for any challenges I face with web application integration on the platform. I am utilizing real-time threat intelligence updates as a default configuration.

Fortinet Managed Rules for AWS WAF provides positive feedback by protecting web applications and API protection while blocking advanced threats. The purpose of implementing this application protection is working fine.

The basic functionality of protecting against OWASP Top 10 vulnerabilities is standard for any WAF solution; however, I am concerned about Fortinet's effectiveness with modern web applications since it protects not only monolithic applications but also Kubernetes applications.

My core concern regarding the product lies in the reporting functions, where I face limitations, particularly tenant-wise. I cannot generate individual reports for multiple tenants.

I have only been using Fortinet Managed Rules for AWS WAF for the past eight months.

Stability for Fortinet Managed Rules for AWS WAF is good; there were issues during implementation, but the product has stabilized after that.

Fortinet Managed Rules for AWS WAF is a scalable product, especially since it is currently running in the cloud.

I have dealt with Fortinet support, and I would say their technical support is good.

I have taken FortiCare Elite, which allows me to receive support within 15 minutes.

I would rate the support an eight out of ten.

As of now, I am not facing many issues that they need to improve upon to reach a ten.

Positive

Earlier, I previously used F5 and Check Point due to multiple requirements, including multiple tenants, so I decided to avoid a single point of failure for every company and thus chose multiple products.

The installation process for Fortinet Managed Rules for AWS WAF is usually straightforward and easy.

I used a partner to deploy it, not in-house.

I have only been using Fortinet Managed Rules for AWS WAF for the past eight months, so I believe I would need a year to comment on return on investment.

I would say the price for Fortinet Managed Rules for AWS WAF is somewhat reasonable compared to Check Point web application firewall and F5, making it an acceptable option.

In terms of the technical side, the primary difference I notice is that FortiWeb has fewer false positives compared to Check Point and F5. This efficiency is due to their threat intelligence sharing across platforms, including Fortinet firewall and all EDR solutions, which leverage threat intelligence from FortiGuard to easily identify bad actors.

The AWS Marketplace is very new to me; I did not buy Fortinet Managed Rules for AWS WAF from there.

Some issues during implementation included signature blocking and other typical challenges that arise with application protection on any web application tool, which requires time to understand the operating system and backend environment.

I would rate this product closer to nine out of ten.