Web Application Firewall (WAF): FortiWeb

FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations

Using machine learning to model each application, FortiWeb defends applications from known vulnerabilities and from zero-day threats. High performance physical, virtual appliances and containers deploy on-site or in the public cloud to serve any size of the organization — from small businesses to service providers, carriers, and large enterprises.

FEATURES

Deployment Options

  • Reverse Proxy
  • Inline Transparent
  • True Transparent Proxy § Offline Sniffing
  • WCCP

Web Security

  • AI-based Machine Learning
  • Automatic profiling (white list)
  • Web server and application signatures (black list)
  • IP address reputation
  • IP address geolocation
  • HTTP RFC compliance
  • Native support for HTTP/2
  • OpenAPI 3.0 verification
  • WebSocket protection and signature enforcement
  • Man in the Browser (MiTB) protection

Application Attack Protection

  • OWASP Top 10
  • Cross Site Scripting
  • SQL Injection
  • Cross Site Request Forgery
  • Session Hijacking
  • Built-in Vulnerability Scanner
  • Third-party scanner integration (virtual patching) § File upload scanning with AV and sandbox

Application Delivery

  • Layer 7 server load balancing § URL Rewriting
  • Content Routing
  • HTTPS/SSL Offloading
  • HTTP Compression
  • Caching

Authentication

  • Active and passive authentication
  • Site Publishing and SSO
  • RSA Access for 2-factor authentication
  • LDAP, RADIUS, and SAML support
  • SSL client certificate support
  • CAPTCHA and Real Browser Enforcement (RBE)

Security Services

  • Web services signatures
  • XML and JSON protocol conformance
  • Malware detection
  • Virtual patching
  • Protocol validation
  • Brute force protection
  • Cookie signing and encryption
  • Threat scoring and weighting
  • Syntax-based SQLi detection
  • HTTP Header Security
  • Custom error message and error code handling
  • Operating system intrusion signatures
  • Known threat and zero-day attack protection
  • L4 Stateful Network Firewall
  • DoS prevention
  • Advanced correlation protection using multiple security elements
  • Data leak prevention
  • Web Defacement Protection

Leave a comment

Hey, so you decided to leave a comment! That's great. Just fill in the required fields and hit submit. Note that your comment will need to be reviewed before its published.