Web Application Firewall
WAF 2017 Test Report: Fortinet FortiWeb-3000E

WAF 2017 Test Report: Fortinet FortiWeb-3000E

Web Application Firewall (WAF) Test Report: Fortinet FortiWeb-3000E v5.5.5?



Matthew Chips


NSS Labs defines web application firewalls (WAFs) as network-based products designed to alter, monitor, and block HTTP, HTTPS, and HTTP/2 conversation from web applications and protect against web-based attacks.



NSS Labs performed an independent test of the Fortinet FortiWeb-3000E v5.5.5. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Web Application Firewall Methodology v2.1, which is available at www.nsslabs.com. This test was conducted free of charge and NSS did not receive any compensation in return for Fortinet’s inclusion.



  • Security Effectiveness – Ability to detect, prevent, and log attack attempts accurately, while remaining resistant to false positives
  • Performance – Performance using real-world protocol traffic mix seen in a web hosting data center
  • Stability and Reliability – Ability to maintain security effectiveness while under normal load and while passing non-malicious traffic
  • Total Cost of Ownership – Overall cost of deployment, maintenance, and upkeep ?


As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.