Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Fortinet Launches New Web Application Firewall Appliances

Fortinet Logo

Fortinet, a provider of network security solutions, today introduced three new appliances to its line of Web application firewalls designed to address the needs of businesses ranging from mid-sized organizations up through large enterprises and service providers.

Fortinet Logo

Fortinet, a provider of network security solutions, today introduced three new appliances to its line of Web application firewalls designed to address the needs of businesses ranging from mid-sized organizations up through large enterprises and service providers.

Sunnyvale, California-based Fortinet also introduced enhancements to the FortiWeb 4.0 MR3 operating system, including new logging and reporting, ease-of-use and security and configuration capabilities.

The new Web application firewall lineup includes the FortiWeb-4000C, FortiWeb-3000C FSX and FortiWeb-400C.


The new high performance FortiWeb-4000C targets large data centers that need to protect Web applications such as those containing data subject to PCI-DSS guidelines. This enterprise-grade Web application firewall appliance supports 70,000 transactions-per-second and 2 Gbps throughput.

FortiWeb-4000CThe FortiWeb-4000C makes use of hardware-based acceleration to improve enforcement of data loss prevention (DLP) policies. Due to the intense scanning required for outgoing data and information accessed by users, DLP policies typically require significant CPU power. With hardware dedicated to DLP processes, the FortiWeb-4000C is able to deliver high performance while freeing up core CPU resources for other tasks.

FortiWeb-3000C FSX

The FortiWeb-3000C FSX retains all of the features and benefits of the FortiWeb-3000C appliance with the addition of a fiber bypass card to support large data centers requiring fiber support. The new appliance features an additional fiber bypass interface supporting fiber SX interfaces. The FortiWeb-3000C, FSX offers flexible deployment options with layer-seven load balancing and hardware- and software-based acceleration to improve resource utilization and application stability, while reducing server response times.


The FortiWeb-400C replaces the FortiWeb-400B and is offered as a cost-effective Web application firewall appliance designed to secure Web applications and protect sensitive database content by blocking threats such as cross-site scripting, SQL injection, buffer overflows, file inclusion, denial-of-service and cookie poisoning. The FortiWeb-400C and other FortiWeb appliances also feature a Web vulnerability scanner and aid in PCI DSS 6.6 compliance by protecting against the Open Web Application Security Project’s (OWASP) Top 10 Web Application Vulnerabilities.

Updated FortiWeb 4.0 MR3 
Operating System

That latest version of FortiWeb 4.0 MR3, the core operating system that powers the FortiWeb product family, brings enhancements focusing on three key areas: logging and reporting, security and configuration, and ease-of-use.

In terms of logging and reporting, FortiWeb 4.0 MR3 provides integration with Fortinet’s FortiAnalyzer, offering an easy way to centrally manage logs and reports from multiple FortiWeb physical or virtual appliances, as well as other Fortinet products. A new FortiWeb analytics interface makes real-time data analysis easier and enables organizations to analyze Web server usage from a Hit, Flow and Attack point of view. In addition, security administrators can map these requests based on their geographic point of origin to have a better understanding of server behavior and identify potential threats, the company said.

To defend against denial-of-service (DoS) attacks, FortiWeb 4.0 MR3 features a new protection layer that provides network and application DoS policies. Leveraging new algorithms contained in these DoS policies, the FortiWeb product family can now analyze requests originating from users to determine their legitimacy or if they are being triggered by automated attacks associated with Advanced Persistent Threats (APT) or news strains of malware. The new operating software also provides period blocking, which enhances protection by enabling administrators to block individual users for specified periods of time instead of just a specific connection. It also supports advanced compression for more efficient bandwidth utilization and improved user response time. In addition, new load balancing enhancements provide content-based health checks and new alerts in the event of server failures.

The new lineup of Fortinet appliances are available immediately

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Application security startup ArmorCode today announced that it has received $8 million in additional seed funding, which brings the total raised by the company...