Skip to content
สอบถามสินค้าและบริการ LINE: @monsterconnect
สอบถามสินค้าและบริการ LINE: @monsterconnect

FortiWeb 400E

Original price 584,000.00 ฿ - Original price 584,000.00 ฿
Original price
584,000.00 ฿
584,000.00 ฿ - 584,000.00 ฿
Current price 584,000.00 ฿

FortiWeb 400E



FortiWeb is a web application firewall (WAF) that protects hosted web applications and API from attacks that target known and unknown exploits. Using machine learning to model each application, FortiWeb defends applications from known vulnerabilities and from zero-day threats.

Acceleration and Performance

Multi-core processor technology combined with hardware-based SSL tools deliver blazing fast protected WAF throughput.

Application Protection

Protection from the OWASP Top Ten application attacks including Cross Site Scripting and SQL Injection.

AI-based Machine Learning Threat Detection

FortiWeb uses machine learning to continuously model each application to detect anomalies and identify threats.

API Protection

Protect your API interfaces from malicious traffic by parsing the contents of each API call. Supports APIs implemented using XML, JSON API, and RESTful API.

Bot Mitigation

Protect websites, mobile applications, and APIs from automated threats by activating bot mitigation feature including thresholds, biometric bot detection, and bot deception.


  • Machine learning that detects and blocks threats while minimizing false positives
  • Up to 20 Gbps protected WAF throughput
  • Bot mitigation
  • Protection for APIs, including those used to support mobile applications
  • Enhanced protection with Fortinet Security Fabric integration
  • Visual analytics tools for advanced threat insights
  • Third-party integration and virtual patching


Comprehensive Web Application Security with FortiWeb

Using an advanced multi-layered and correlated approach, FortiWeb provides complete security for your web-based applications from the OWASP Top 10 and many other threats. FortiWeb’s first layer of defense uses traditional WAF detection engines (e.g. attack signatures, IP reputation, protocol validation, and more) to identify and block malicious traffic, powered by intelligence from Fortinet’s industry-leading security research from FortiGuard Labs. FortiWeb’s machine learning detection engine then examines traffic that passes this first layer, using a continuously updated model of your application to identify malicious anomalies and block them as well.


Machine Learning Improves Detection and Drives Operational Efficiency

FortiWeb’s multi-layer approach provides two key benefits: superior threat detection and improved operational efficiency.

FortiWeb’s ability to detect anomalous behavior relative to the specific application being protected enables the solution to block unknown, never-before-seen exploits, providing your best protection against zero-day attacks targeting your application.

Operationally, FortiWeb machine learning relieves you of time-consuming tasks such as remediating false positives or manually tuning WAF rules. FortiWeb continually updates the model as your application evolves, so there is no need to manually update rules every time you update your application. FortiWeb enables you to get your code into production faster, eliminating the need for time-consuming manual WAF rules tuning and troubleshooting the false positives that plague less advanced WAFs.

FortiWeb’s machine learning accurately detects anomalies and identifies which are threats. Unlike prevailing auto-learning detection models used by other WAF vendors that treat every anomaly as a threat, FortiWeb’s precision nearly eliminates false positive detections and catches attack types that others cannot.



Deep Integration into the Fortinet Security Fabric and Third-Party Scanners

As the threat landscape evolves, many new threats require a multi-pronged approach for protecting web-based applications. Advanced Persistent Threats that target users can take many different forms than traditional single-vector attack types and can evade protections offered only by a single device. FortiWeb’s integration with FortiGate and FortiSandbox extend basic WAF protections through synchronization and sharing of threat information to both deeply scan suspicious files and share infected internal sources.

FortiWeb also provides integration with leading third-party vulnerability scanners including Acunetix, HP WebInspect, IBM AppScan, Qualys, IBM QRadar, and WhiteHat to provide dynamic virtual patches to security issues in application environments. Vulnerabilities found by the scanner are quickly and automatically turned into security rules by FortiWeb to protect the application until developers can address them in the application code.


Solving the Challenge of False Threat Detections

False positive threat detections can be very disruptive and force many administrators to loosen security rules on their web application firewalls to the point where many often become a monitoring tool rather than a trusted threat avoidance platform. The installation of a WAF may take only minutes, however fine-tuning can take days, or even weeks. Even after setup, a WAF can require regular checkups and tweaks as applications and the environment change.

FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies. With near 100% accuracy, the dual layer machine learning engines detect anomalies and then determine if they are threats unlike other methods that block all anomalies regardless of their intent. When combined with other tools, including user tracking, device fingerprinting, and threat weighting, FortiWeb virtually eliminates all false detection scenarios.

API Security

The use of APIs has become increasingly popular in recent years to help speed application delivery and to provide simplified application-to-application accessibility. As APIs are part of many applications, they have become a new vector for application layer attacks and exploits, similar to traditional web-based applications.

FortiWeb provides an easy-to-deploy solution to protect your API with attack signatures, parameter enforcement and many other tools. With FortiWeb you can easily publish your applications and their APIs knowing they are both protected.

Advanced Graphical Analysis and Reporting

FortiWeb includes a suite of graphical analysis tools called FortiView. Similar to other Fortinet products such as FortiGate, FortiWeb gives administrators the ability to visualize and drill-down into key elements of FortiWeb such as server/IP configurations, attack and traffic logs, attack maps, OWASP Top 10 attack categorization, and user activity. FortiView for FortiWeb lets administrators quickly identify suspicious activity in real time and address critical use cases such as origin of threats, common violations, and client/device risks.

Secured by FortiGuard

Fortinet’s Award-winning FortiGuard Labs is the backbone for many of FortiWeb’s layers in its approach to application security. Offered as 5 separate options, you can choose the FortiGuard services you need to protect your web applications. FortiWeb IP Reputation service protects you from known attack sources like botnets, spammers, anonymous proxies, and sources known to be infected with malicious software. FortiWeb Security Service is designed just for FortiWeb including items such as application layer signatures, machine learning threat models, malicious robots, suspicious URL patterns and web vulnerability scanner updates. Credential Stuffing Defense checks login attempts against FortiGuard’s list of compromised credentials and can take actions ranging from alerts to blocking logins from suspected stolen user ids and passwords. The FortiSandbox Cloud subscription enables FortiWeb to integrate with Fortinet’s cloud-sandbox service. Finally, FortiWeb offers FortiGuard’s top-rated antivirus engine that scans all file uploads for threats that can infect your servers or other network elements.

VM and Public Cloud Options

FortiWeb provides maximum flexibility in supporting your virtual and hybrid environments. The virtual versions of FortiWeb support all the same features as our hardware-based devices and can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM and Docker platforms. FortiWeb is also available for AWS, Azure, Google Cloud, and Oracle Cloud as a VM, and as WAF as a Service on AWS, Azure, and Google Cloud. For more information, see


Deployment options

  • Reverse Proxy
  • Inline Transparent
  • True Transparent Proxy
  • Offline Sniffing
  • WCCP

Web Security

  • AI-based Machine Learning
  • Automatic profiling (white list)
  • Web server and application signatures (black list)
  • IP Reputation
  • IP Geolocation
  • HTTP RFC compliance
  • Native support for HTTP/2
  • OpenAPI 3.0 verification
  • WebSocket protection and signature enforcement
  • Man in the Brower (MiTB) protection

Application Attack Protection

  • OWASP Top 10
  • Cross Site Scripting
  • SQL Injection
  • Cross Site Request Forgery
  • Session Hijacking
  • Built-in Vulnerability Scanner
  • Third-party scanner integration (virtual patching)
  • File upload scanning with AV and sandbox

Security Services

  • Web services signatures
  • XML and JSON protocol conformance
  • Malware detection
  • Virtual patching
  • Protocol validation
  • Brute force protection
  • Cookie signing and encryption
  • Threat scoring and weighting
  • Syntax-based SQLi detection
  • HTTP Header Security
  • Custom error message and error code handling
  • Operating system intrusion signatures
  • Known threat and zero-day attack protection
  • L4 Stateful Network Firewall
  • DoS prevention
  • Advanced correlation protection using multiple security elements
  • Data leak prevention
  • Web Defacement Protection

Application Delivery

  • Layer 7 server load balancing
  • URL Rewriting
  • Content Routing
  • HTTPS/SSL Offloading
  • HTTP Compression
  • Caching


  • Active and passive authentication
  • Site Publishing and SSO
  • RSA Access for 2-factor authentication
  • LDAP, RADIUS, and SAML support
  • SSL client certificate support
  • CAPTCHA and Real Browser Enforcement (RBE)

Management and Reporting

  • Web user interface
  • Command line interface
  • FortiView graphical analysis and reporting tools
  • Central management for multiple FortiWeb devices
  • Active/Active HA Clustering
  • Centralized logging and reporting
  • User/device tracking
  • Real-time dashboards
  • Bot dashboard
  • OWASP Top 10 attack categorization
  • Geo IP Analytics
  • SNMP, Syslog and Email Logging/Monitoring
  • Administrative Domains with full RBAC


  • IPv6 Ready
  • HTTP/2 to HTTP 1.1 translation
  • HSM Integration
  • Seamless PKI integration
  • Attachment scanning for ActiveSync/MAPI applications, OWA, and FTP
  • High Availability with Config-sync for syncing across multiple active appliances
  • Auto setup and default configuration settings for simplified deployment
  • Setup Wizards for common applications and databases
  • Preconfigured for common Microsoft applications; Exchange, SharePoint, OWA
  • OpenStack support for FortiWeb VMs
  • Predefined security policies for Drupal and Wordpress applications
  • WebSockets support


  FortiWeb 100D FortiWeb 400E FortiWeb 600E FortiWeb 1000D FortiWeb 2000E FortiWeb 3000E FortiWeb 3010E FortiWeb 4000E
10/100/1000 Interfaces (RJ-45 ports) 4 4 GE RJ45, 4 SFP GE 4 GE RJ45 (2 bypass), 4 SFP GE 6 (4 bypass), 2x SFP GE (non-bypass) 4 bypass, 4 SFP GE (non-bypass) 8 bypass, 4 SFP GE (non-bypass) 8 bypass, 4 SFP GE (non-bypass) 8 bypass, 4 SFP GE (non-bypass)
10G BASE-SR SFP+ Ports 0 0 0 0 2 4 4 (2 bypass) 4 (2 bypass)
SSL/TLS Processing Software Software Hardware Hardware Hardware Hardware Hardware Hardware
USB Interfaces 2 2 2 2 2 2 2 2
Storage 16 GB 480 GB SSD 480 GB SSD 2x 2 TB 2x 1 TB 2x 2 TB 2x 2 TB 2x 2 TB
Form Factor Desktop 1U 1U 2U 2U 2U 2U 2U
Power Supply Single Single Dual Dual Hot Swappable Dual Hot Swappable Dual Hot Swappable Dual Hot Swappable Dual Hot Swappable
System Performance                                                                                                                                                                                                                                                     
Throughput 25 Mbps 250 Mbps 750 Mbps 1 Gbps 2 Gbps 5 Gbps 5 Gbps 20 Gbps
Latency Sub-ms Sub-ms Sub-ms Sub-ms Sub-ms Sub-ms   Sub-ms
High Availability Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering Active/Passive, Active/Active Clustering
Application Licenses Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
Administrative Domains 0 32 32 64 64 64 64 64
All performance values are “up to” and vary depending on the system configuration.
Height x Width x Length (inches) 1.61 x 8.27 x 5.24 1.73 x 17.24 x 16.38 1.73 x 17.24 x 16.38 3.50 x 17.24 x 14.49 3.5 x 17.2 x 20.8 3.5 x 17.5 x 22.6 3.5 x 17.5 x 22.6 3.5 x 17.5 x 22.6
Height x Width x Length (mm) 41 x 210 x 133 44 x 438 x 416 44 x 438 x 416 88 x 438 x 368 88 x 438 x 530 88 x 444 x 574 88 x 444 x 574 88 x 444 x 574
Weight 2.3 lbs
(1.1 kg)
22 lbs 
(9.97 kg)
22 lbs
(9.97 kg)
27.6 lbs
(12.5 kg)
33 lbs
(15 kg)
56.2 lbs
(22.5 kg)
56.2 lbs
(22.5 kg)
56.2 lbs
(22.5 kg)
Rack Mountable Optional Yes Yes Yes, with flanges Yes Yes Yes Yes
Power Required 100–240V AC, 50–60 Hz 100–240V AC, 50–60 Hz 100–240V AC, 50–60 Hz 100–240V AC, 50–60 Hz 100–240V AC, 60–50 Hz 100–240V AC, 60–50 Hz 100–240V AC, 60–50 Hz 100–240V AC, 60–50 Hz
Maximum Current 110V/1.2A, 220V/1.2A 100V/5A, 240V/3A 100V/5A, 240V/3A 100V/5A, 240V/3A 120V/6A, 240V/3A 120V/2.6A, 240V/1.3A 120V/2.6A, 240V/1.3A 120V/3A, 240V/1.5A
Power Consumption (Average) 18 W 109 W 109 W 115 W 200 W 200 W 200 W 248.5 W
Heat Dissipation 74 BTU/h 446.3 BTU/h 446.3 BTU/h 471 BTU/h 1433 BTU/h 1045.5 BTU/h 1045.5 BTU/h 1219.8 BTU/h
Operating Temperature 32–104°F (0–40°C)
Storage Temperature -13–158°F (-25–70°C)
Humidity 10–90% non-condensing 5–95% non-condensing
Safety Certifications FCC Class A Part 15, C-Tick, VCCI, CE, UL/cUL, CB FCC Class A Part 15, C-Tick, VCCI, CE, UL/CB/cUL