Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Fortinet Managed Rules for AWS WAF Classic - Complete OWASP Top 10

Fortinet Inc. | 1

Reviews from AWS Marketplace

4 AWS reviews

External reviews

11 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Truc N.

Great Ruleset to Protect Application from OWASP top 10

  • October 29, 2021
  • Review provided by G2

What do you like best about the product?
Fortinet Managed Rules for AWS WAF is a ruleset that we can use on AWS WAF after subscribing.
This ruleset is an excellent tool that we can use on AWS WAF to protect Applications easily from OWASP top 10 attacks.
What do you dislike about the product?
It does not provide many features like FortiWeb Appliance (such as Machine Learning to detect Anomaly and Bot Traffic)
What problems is the product solving and how is that benefiting you?
Protect Application from the OWASP top 10

    Amoreno

Easy to setup and use

  • May 20, 2020
  • Review verified by AWS Marketplace

Got the rules up and running in no time.
Excellent value for money, not sure why other reviewers are complaining given how cheap these rules are

    Warren Mc

Lack of visibility limits usability

  • March 06, 2018
  • Review verified by AWS Marketplace

I agree with other reviewers that the ability to understand why a request is counted or blocked is paramount.

In the current scenario we will be required to create custom rules to detect and allow any false positives, in order to have working solution. It would be much more useful to at least output the rule and condition that was triggers, along with the request. It would be good to be able to disable a specific rule if it was triggered.

I understand that we should not be able to list the actual rule details, but not having a list of the rule coverage also seems bad.

This box is just a bit too black for my liking. Knowing what protection is in place is a cornerstone of good security. I don't have that with this offering.

    Jonathan Le

Same considerations as last reviewer

  • March 05, 2018
  • Review verified by AWS Marketplace

Same considerations as last reviewer, however, you can do an "Override to Count" and see request samples, to find things to white list. However, you don't know which condition triggered the "block".

Very much a Black box.

For our testing with "Override to count" in Production, I only found it blocking valid transactions for us.

    anand

Not able to see conditions

  • December 28, 2017
  • Review verified by AWS Marketplace

- Not being able to see actual conditions defined in the ruleset makes it too hard to white list URLs for specific OWASP conditions. Wish there is a place to see all readonly conditions of this ruleset.
- We can see requests getting blocked but we don't know why. The samples just show the Ruleset name and not the actual reason for blocking the requests. Like "SQLi" or "XSS" or "Force browsing" etc.,

Overall, If I subscribe to this ruleset, all of it seems like a Blackbox and requests are getting magically blocked, which is not good.

showing 11 - 15