2023 年云安全报告
《2023 年云安全报告》明确指出,保护云中的应用程序仍然是组织在 2023 年的首要任务。
Web 应用防火墙
FortiWeb 保护业务关键型 Web 应用程序和 API,防御新出现的针对已知和未知的漏洞发起攻击的网络威胁
免费产品演示 下载技术参数表
概述
保护 Web 应用程序和 API 免受 OWASP 十大威胁、复杂机器人程序和 DDoS 攻击的侵害
FortiWeb 具备异常行为检测、API 发现与防护、机器人程序缓解及客户端安全等功能。它利用 AI 检测零日漏洞、提供高级威胁分析,并内置 SOC 代理。通过这种方式,FortiWeb 可降低本地、混合和云部署的管理开销及总体拥有成本 (TCO)。作为 FortiFlex 计划的一部分,还能优化云服务规模和支出。
Web 应用安全
检测并阻止新出现的威胁,包括针对应用程序的 AI 生成零日攻击,同时保障合法用户的安全。FortiWeb 采用双层机器学习法,消除了传统应用程序学习所需的繁重管理开销。通过运用机器学习为每个应用程序建立行为模型,FortiWeb 能够识别恶意攻击模式、最大限度减少误报,并根据上下文优先处理修复措施,从而降低管理开销。
机器人程序防御
阻止机器人程序恶意活动的同时,不拦截支持合法业务需求的机器人程序,例如搜索引擎、运行状况检查和性能监控工具。减少对会降低用户体验的过时技术的依赖,并利用机器人程序欺骗、生物特征识别检测和机器学习等先进技术,准确识别和管理机器人程序流量。FortiWeb 机器人程序防护功能为您提供所需的可见性和控制能力,避免因不必要的验证码或挑战而降低用户体验。
API 发现和保护
保护支持 B2B 通信和移动应用的 API。FortiWeb API 发现与防护功能通过机器学习算法,持续评估应用程序流量以自动发现 API。FortiWeb 提供开箱即用的策略,为每种架构规范(OpenAPI、XML、JSON)自动生成正向安全模型策略,从而有效防止 API 漏洞攻击。它保护 API,并将 API 安全无缝集成到 CI/CD 管道中。
客户端保护
FortiWeb 满足一项关键的 PCI DSS 一项关键合规要求,即监控支付页面上的脚本运行情况。客户端保护将 FortiWeb 的功能扩展至浏览器环境,针对内容交付至客户端后出现的现代威胁提供防护。这是一项基于策略的功能,可在用户浏览器内检测并阻止未经授权的活动,例如第三方脚本注入、DOM 操作以及表单劫持。此功能对于防御能够规避传统请求/响应检测手段的高级客户端攻击至关重要。
功能与优势
FortiWeb 具备保护现代 Web 应用程序所需的性能、可管理性和全面防护能力。它提供硬件、虚拟机及 SaaS 等多种部署形态,并可通过公有云市场获取。
Web 应用程序与 API 安全
防范所有 OWASP 十大威胁、分布式拒绝服务 (DDOS) 攻击、机器人程序攻击、盗刷行为等威胁
零日保护
实时精确检测并缓解未知攻击和零日攻击
集成 Security Fabric 平台
与 FortiGate NGFW 下一代防火墙和 FortiSandbox 集成,高效抵御高级持续性威胁(APT)
高级分析
利用推荐的 Playbook 和威胁猎捕功能简化工作流程
FortiAI-Assist
加速取证与基于上下文的决策过程,提升整体运营效率
基于硬件的性能加速
提供行业领先的受保护 WAF 吞吐量和快速流量加/解密优势
FortiWeb 应用场景
Web 应用安全
拦截针对应用程序的各类已知和零日威胁,而不拦截合法用户。
机器人程序防御
防范机器人程序恶意活动的同时,不拦截支持合法业务需求的机器人程序。
API 发现和保护
保护支持 B2B 通信和移动应用的 API。
威胁检测和响应
使用威胁分析将原始事件数据整合至重大威胁清晰描述之中。
监管合规性
满足与面向公众的应用程序相关的监管合规性要求,包括 PCI-DSS 要求。
SOC 即服务
通过 Fortinet 安全运营中心提升安全性,实现全天候监控、分级处理及安全事件报告。
第三方权威认可
《2025 年 SecureIQLab 云 WAAP 网络风险对比供应商报告》
Fortinet 在独立测试中被评为领导者,在安全性和运营效率方面领跑行业
FortiWeb 作为顶级解决方案脱颖而出,展现出无与伦比的防护能力,在 2025 年 SecureIQLab 报告中其安全效能 (92.39%) 与运行效率 (96.2%) 均位居榜首。该报告基于对每项技术在多种常见及复杂场景下的实际测试结果。FortiWeb 在阻断高级威胁、减少误报以及简化部署与管理方面表现卓越,从而确保在不增加运维负担的前提下实现强劲的安全防护。
下载报告 »
FortiGuard AI 驱动的安全服务
FortiWeb 内置多种 FortiGuard 安全服务,全方位保护 Web 应用程序免受攻击侵袭。年度订阅服务支持单独购买,也可与 FortiWeb 解决方案捆绑购买。
显示全部服务
Content Security
Web Security
Device Security
Application Security
SOC / NOC
FortiGuard AI-based Inline Malware Prevention Service
Performs AI-powered real-time inspection of files for protection against unknown threats, zero-days, and sophisticated file-based attacks.
IP 信誉 & 反僵尸安全服务
通过 Fortinet 分布式威胁传感器网络、CERT、MITRE 及其他资源,收集恶意来源 IP 数据,合力提供最新威胁情报。
FortiGuard 防病毒服务
全面防御最新多态攻击、病毒、恶意软件(包括勒索软件)和其他威胁。
案例研究
Fundación Dondé
Mexican Non-Profit Relies on Fortinet Security Fabric to Consolidate Security Strategy for 400 Remote Locations
Majestic Resorts
Caribbean Luxury Hotel Chain Builds an Optimized and Secure Wireless Infrastructure to Support Over 15,000 Simultaneous Device Connections
The Elite Flower
Fortinet Helps a Colombian Flower Exporter Implement an Integrated Platform to Connect and Secure Its Network of 52 Remote Farms
Mississippi Department of Employment Security
Fortinet Gets the Job Done Securely and Efficiently for the Mississippi Department of Employment Security
型号与规格
FortiWeb 支持多种型号和规格,满足您对入门级硬件设备以及支持最新云环境的复杂虚拟机的多样化产品需求。
View by:
FortiWeb 设备采用多核处理器技术,结合基于硬件的 SSL 工具,提供超快速受保护 WAF 吞吐量。
吞吐量 |
100 Mbps |
| 接口 | 4 GE RJ45 |
吞吐量 |
500 Mbps |
| 接口 | 4 GE RJ45,4 SFP GE |
吞吐量 |
750 Mbps |
| 接口 | 4 GE RJ45(2 条旁路),4 SFP GE |
吞吐量 |
1 Gbps |
| 接口 | 4 GE RJ45(2 条旁路),4 SFP GE |
吞吐量 |
2.5 Gbps |
| 接口 | 8 条旁路,4x SFP GE(非旁路) |
吞吐量 |
5 Gbps |
| 接口 | 4GE(4 条旁路),4 SFP GE |
吞吐量 |
10 Gbps |
| 接口 | 8GE(8 条旁路) |
吞吐量 |
70 Gbps |
| 接口 | 8GE(8 条旁路) |
FortiWeb 虚拟版本可部署至 VMware、Microsoft Hyper-V、Citrix XenServer、Open Source Xen、VirtualBox、KVM 和 Docker 平台。
相关支持版本,请查阅 FortiWeb VM 安装指南。
吞吐量 |
25 Mbps |
| vCPU | 1 |
吞吐量 |
100 Mbps |
| vCPU | 2 |
吞吐量 |
500 Mbps |
| vCPU | 4 |
吞吐量 |
3 Gbps |
| vCPU | 8 |
吞吐量 |
6Gbps |
| vCPU | 16 |
实际性能值可能因网络流量和系统配置而异。产品性能指标使用 Dell PowerEdge R710 服务器(2x Intel Xeon E5504 2.0 GHz 4 MB 高速缓冲内存)运行 VMware ESXi 5.5,由搭载 4 vCPU 与 8 vCPU 的 FortiWeb 虚拟设备分配 4 GB vRAM,并由搭载 2 vCPU 的 FortiWeb 虚拟设备分配 4 GB vRAM 获得。
FortiWeb 支持所有主流公有云供应商,包括 Amazon Web Services(AWS)、Microsoft Azure、Oracle 和 Google。 Amazon Web Services(AWS)和 Microsoft Azure 支持自带许可 (BYOL) 和即用即付(PAYG)型许可两种方式。参阅 Cloud Marketplace 列表,了解更多信息:
FortiWeb 容器设备支持您高效保护容器化环境中的工作负载和数据。
吞吐量 |
25 Mbps |
吞吐量 |
100 Mbps |
吞吐量 |
500 Mbps |
吞吐量 |
3 Gbps |
吞吐量和其他指标为每个版本允许的最大值。实际性能值可能因网络流量和系统配置而异。
FortiWeb Cloud WAF 即服务是一种基于云的 SaaS Web 应用防火墙(WAF),可保护公有云托管的 Web 应用免受 OWASP 十大安全威胁、零日威胁和其他应用层攻击。
FortiWeb Cloud WAF 即服务无需硬件或软件支持,可利用在大多数 AWS 区域运行的网关,为您清理应用程序所在区域内的应用流量。区域内流量清理,有助于解决性能和监管问题,并将流量成本降至最低。
FortiWeb Cloud WAF 即服务无需硬件或软件支持,可利用在大多数 AWS 区域运行的网关,为您清理应用程序所在区域内的应用流量。区域内流量清理,有助于解决性能和监管问题,并将流量成本降至最低。
通过产品内置的快捷设置向导和预定义策略,仅需几分钟,FortiWeb Cloud 即可为您提供所需安全防护,避免以往繁琐的 WAF设置操作。更高级别用户可按需快捷免费启用其他安全模块。
点击此处获取更多信息。
FortiCare 支持和专业服务
Fortinet 致力于助力广大客户赢得商业成功,FortiCare 服务每年赋能成千上万的组织充分利用其 Fortinet 产品和服务投资。为此,FortiCare 基于生命周期理念,为广大用户提供业内卓越的安全服务,助力用户持续拥抱商业成功。
技术支持服务
各种基于设备的选项支持高效操作。FortiCare Elite 选项为关键产品提供 15 分钟的响应时间。
高级支持
通过指定专家的运营审查,可提供各种基于客户的白手套服务,以减少干扰并提高生产力。
专业服务
我们的多供应商专家可以设计和部署基于最佳实践的完整解决方案,帮助您实现网络或安全目标并采用新功能。
RMA
整个产品系列均提供 Premium RMA 选项,加急更换有缺陷的硬件,以满足您的可用性目标。
资源
技术参数表
分析师报告
检查清单
电子书
解决方案简报
视频
网络研讨会
白皮书
Protect your web applications and APIs from known and unknown threats with Fortinet and AWS »
Safeguard your dynamic surfaces with security that innovates faster than attackers
Secure Web Applications and APIs with Fortinet FortiWeb »
Fortinet FortiWeb, in its various forms (hardware, virtual machine, or SaaS), simplifies application security and overcomes the above challenges. Using machine learning (ML) algorithms, it protects applications and APIs from inherent risks, exploitable vulnerabilities, and malicious bots
Cloud-Native Solution for Web Application Security »
FortiWeb-Cloud WAF-as-a-Service (WaaS) delivers full-featured, cost-effective security for web applications with a minimum of configuration and management.
FortiADC and FortiWeb Architecture »
In this video, we will cover the different types of reference architectures based on FortiADC and FortiWeb Solutions.
FortiADC and FortiWeb Fabric Integration »
In this video, we will focus on how FortiADC and FortiWeb solutions can integrated with Fortinet Security Fabric. We will be covering different types of Fortinet products that will enhance the application security platform.
Protecting Web Applications with FortiWeb »
Mark Byers, Director of Product Marketing, provides an overview on how to protect web applications from code-based vulnerabilities with FortiWeb Web Application Firewalls.
Fortinet Web Application Security »
Dynamic patching of web-based applications to defend against threats that target known and unknown vulnerabilities.
FortiWeb Manager video »
A short overview of FortiWeb’s VM-based central management tools.
FortiWeb Manager Demo »
FortiWeb Manager Demo
Revolutionizing Application Security: From Complexity to Clarity »
Discover how a new approach, centered on integrating security, analytics, and performance optimization into one unified platform, simplifies operations and enhances clarity in your security strategy.
Inside the 2025 Web App Security Report: See What Your Tools Don't See »
In this webinar, application security experts from Fortinet and Cybersecurity Insiders will discuss the report’s key findings and share proven strategies for closing visibility gaps, hardening APIs, and stopping automated threats before they escalate.
Practical Tips for Application Security in the Age of AI »
Many web application firewalls rely on machine learning (ML) to secure digital assets. But ML has both benefits and limitations. Threat actors are adopting AI tools to create and launch attacks, so security teams must shore up their defenses.
生态系统
Alcide
Alcide is a cloud-native security leader with the mission to empower DevOps and security teams to manage application and networking security through the intelligent automation of security policies applied uniformly, regardless of the workload and infrastructure.
Amazon Web Services
AWS services are trusted by more than a million active customers around the world – including the fastest growing startups, largest enterprises, and leading government agencies – to power their infrastructures, make them more agile, and lower costs.
Learn more on the Fortinet-AWS alliance
Cubro
Cubro is a leading manufacturer and global supplier of IT Network TAPs, Advanced Network Packet Brokers and Bypass Switches. Together with Fortinet we enable total network visibility into your traffic, where we differentiate solutions for Telecommunications, ISP, Data Centre, Enterprise, and Government in virtualized or physical environments.
D3 Security
D3 Security's award-winning SOAR platform seamlessly combines security orchestration, automation and response with enterprise-grade investigation/case management, trend reporting and analytics. With D3's adaptable playbooks and scalable architecture, security teams can automate SOC use-cases to reduce MTTR by over 95%, and manage the full lifecycle of any incident or investigation.
DFLabs
DFLabs IncMan SOAR leverages existing security products to dramatically reduce the response and remediation gap caused by limited resources and the increasing volume of incidents. Together with Fortinet, IncMan allows joint customers to respond to security incidents in a faster, more informed and efficient manner.
ElevenPaths
At ElevenPaths, Telefónica Cyber Security Unit, we believe in the idea of challenging the current state of security, an attribute that must always be present in technology. We’re always redefining the relationship between security and people, with the aim of creating innovative security products which can transform the concept of security, thus keeping us one step ahead of attackers, who are increasingly present in our digital life.
- Fortinet-ElevenPaths Metashield for ICAP solution brief
- Fortinet-ElevenPaths Vamps solution brief
- Press Release
Gigamon
Gigamon provides active visibility into physical and virtual network traffic, enabling stronger security, and superior performance.
Google Cloud Platform
Google Cloud Platform is a secure, dedicated public cloud computing service operated by Google which provides a range of infrastructure and application services that enable deployments in the cloud. Fortinet provides critical firewalling, advanced security and scalable BYOL protection for elastic compute, container, and machine-learning workloads in Google’s innovative public cloud.
HashiCorp
HashiCorp is the leader in multi-cloud infrastructure automation software. The HashiCorp software suite enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded tens of millions of times each year and are broadly adopted by the Global 2000.
Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry-leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, HPE's technology and services help customers around the world make IT more efficient, more productive, and more secure.
- Fortinet-HPE Alliance Brief
- HPE Aruba Solution Brief
- HPE Aruba Technical Guide
- Fortinet and HPE-GreenLake Solution Brief
- Fortinet and HPE Edgeline Converged Edge Systems and OT Link Solution Brief
- Fortinet and HPE IT OT Convergence Security Solution White Paper
- Fortinet and HPE Proliant for Microsoft Azure Solution Brief
- Fortinet and HPE Proliant for Microsoft Azure White Paper
- Fortinet-HPE SDN Solution Brief
- Fortinet, HPE, and Pensando Innovative Edge-to-Core Solution Brief
- Fortinet, HPE, and Scality Distributed Object Storage Environment Solution Brief
- Fortinet and HPE Zerto Ransomware Protection Solution Brief
培训和认证
其他培训
Learn how to protect your organization and improve its security against advanced threats that bypass traditional security controls. You will also learn how other advanced threat protection (ATP) components—FortiGate, FortiMail, FortiWeb, and FortiClient—leverage this threat intelligence information to protect organizations from advanced threats.
In this course, you will explore web application threats and countermeasures focused on Fortinet Solution. You will learn the motivations of attacks on web applications through to understanding and executing attack techniques and then learn how to configure Fortinet Solution to mitigate them.
