Overview
FortiAppSec Cloud: Security, Availability, Performance
FortiAppSec Cloud simplifies and strengthens application security and delivery across hybrid and cloud environments. This SaaS platform secures network availability and accelerates application performance while delivering consistent security. The AI-driven engine detects zero-day exploits and separates benign users from potential threats, maximizing detection accuracy while minimizing false positives.
Comprehensive Application Protection
FortiAppSec Cloud consolidates web application and API security, advanced bot protection, threat analytics, and DDoS mitigation into a single, unified management interface. Using real-time threat detection covering the OWASP Top 10, it protects web applications and APIs from known attacks and AI-generated zero-days. Machine learning is also used to analyze and prioritize threats and to monitor sophisticated, human-like, bot behaviors. This is complemented by network and application layer DDoS protection and threat intelligence from FortiGuard Labs.
Optimized Availability and Performance
To enhance continuous application availability and user experience, FortiAppSec includes:
- Global server load balancing (GSLB) to ensure business continuity via intelligent traffic routing for optimal application performance
- Content delivery network (CDN) with caching, content routing, and service acceleration using a network of images on globally distributed servers
- DDoS protection to mitigate network and application layer attacks, featuring real-time customizations, automation, and a 24/7 SOC
Features and Benefits
AI-Ready Application Protection
Web application and API security with ML engine that detects zero-day threats at maximum accuracy
Bot Management
ML-driven modeling of bot behaviors to distinguish between humans, good bots, and malicious ones
DDoS Protection
Real-time customizations, automation, and a 24/7 SOC to mitigate network and application layer attacks
Content Delivery Network
Caching, content routing, and acceleration using a network of images on globally distributed servers
Global Server Load Balancing
Intelligent traffic routing for optimal application performance using DNS-based load balancing
Threat Analytics
Alert fatigue reduction with ML-based traffic analysis to detect and prioritize application security events
Use Cases
Always-On Application Service
Fend off DDoS attacks and ensure intelligent traffic management to balance server workloads globally, deploying underutilized resources.
Simplifying Multi-Cloud Operations
Maintain up-to-date and consistent policies in all environments with a unified, scalable platform providing centralized management and control.
API Discovery and Protection
Discover and catalog API endpoints, enforce schemas and protocols, detect anomalous behaviors in HTTP traffic and API calls.
Bot Management
Protect your cloud-hosted assets, user accounts, intellectual property, and online revenue from sophisticated, human-like bot behaviors.
GenAI-driven Protection
Fight AI with AI to detect and mitigate zero-days while minimizing false positives.
Reduced Alert Fatigue
Focus, prioritize, and remediate high-severity threats by cutting the noise caused by too many alerts.
Models & Licensing
FortiAppSec Cloud License Plan Options
FortiAppSec is offered in three tiers to fit a range of customer needs:
- Standard Plan: Includes core WAF and API security features to protect against common threats.
- Advanced Plan: Offers advanced machine learning based WAF and API security features, Web Vulnerability Scanning (DAST), and Threat Analytics.
- Enterprise Plan: Adds Advanced Bot Protection, Global Server LB, additional custom rules, and SOC-as-a-Service.
- Customers can also purchase additional Cloud WAF add-ons or choose Standalone services that do not require the Cloud WAF purchase.
- Cloud WAF Add-ons: SOC-as-a-Service (for Standard and Advanced Plans)
- Standalone service: Global Server LB (DNS QPS, Health Check)
| Standard | Advanced | Enterprise | |
|---|---|---|---|
| Web Application Protection | |||
| Signature based Protection | ✔ | ✔ | ✔ |
| IP Threat Intelligence | ✔ | ✔ | ✔ |
| GEO-IP Intelligence | ✔ | ✔ | ✔ |
| Custom Security Rules | ✔ | ✔ | ✔ |
| HTTP Compliance | ✔ | ✔ | ✔ |
| URL, Parameter and CORS Protection | ✔ | ✔ | ✔ |
| Cookie Protection | ✔ | ✔ | ✔ |
| Information Leakage | ✔ | ✔ | ✔ |
| AV for File Uploads | ✔ | ✔ | ✔ |
| Sandboxing for File Uploads | — | ✔ | ✔ |
| Zero Day Attack Protection (Machine Learning) | — | ✔ | ✔ |
| API Security | |||
| Schema Enforcement (OpenAPI, XML, JSON) | ✔ | ✔ | ✔ |
| API Gateway | — | ✔ | ✔ |
| Mobile API Protection | — | ✔ | ✔ |
| Machine Learning - Discovery, PII Catalog, Protection | — | ✔ | ✔ |
| Client Security | |||
| HTTP Header Protection | ✔ | ✔ | ✔ |
| CSRF and MiTB Protection | ✔ | ✔ | ✔ |
| Bot Defense | |||
| Signature, Threshold, Biometric, Deception | ✔ | ✔ | ✔ |
| Machine Learning based Bot Defense | — | ✔ | ✔ |
| Advanced Bot Protection | — | — | ✔ |
| Account Takeover | |||
| User Tracking | — | ✔ | ✔ |
| Session Fixation Protection | — | ✔ | ✔ |
| Credential Stuffing Defense | — | ✔ | ✔ |
| DDoS Protection | |||
| Layer 3–4 DDoS Mitigation | ✔ | ✔ | ✔ |
| Layer 7 DDoS Mitigation | ✔ | ✔ | ✔ |
| Application Delivery | |||
| SSL Certificates - Automatic and Custom | ✔ | ✔ | ✔ |
| Client Authentication / Mutual TLS | — | ✔ | ✔ |
| Content Delivery Network (CDN) | ✔ | ✔ | ✔ |
| Limited GEO CDN | ✔ | ✔ | ✔ |
| Load Balancing and Server Health Monitoring | ✔ | ✔ | ✔ |
| Origin Server Content Routing | — | ✔ | ✔ |
| Waiting Room | — | ✔ | ✔ |
| Global Server LB | — | — | ✔ |
| DNS Load Balancing | Available Separately | Available Separately | ✔ |
| DNS Services + DNSSEC | Available Separately | Available Separately | ✔ |
| Health Check (Synthetic Testing) | Available Separately | Available Separately | ✔ |
| DAST Scanning | |||
| Vulnerability Assessment | — | ✔ | ✔ |
| API Scanning | — | ✔ | ✔ |
| Reporting and Analytics | |||
| Attack Logs | ✔ | ✔ | ✔ |
| Alert Notifications | ✔ | ✔ | ✔ |
| SIEM Integration | ✔ | ✔ | ✔ |
| Log Sensitive Data Masking | ✔ | ✔ | ✔ |
| FortiView - Realtime & Historical Log Analysis | ✔ | ✔ | ✔ |
| Dashboards and Reports | ✔ | ✔ | ✔ |
| Traffic Logs* | — | ✔ | ✔ |
| Threat Analytics AI | — | ✔ | ✔ |
| Management | |||
| Role Based Access Control | ✔ | ✔ | ✔ |
| Single-Sign-On Support | ✔ | ✔ | ✔ |
| API Support | ✔ | ✔ | ✔ |
| Services | |||
| 24x7 Support | ✔ | ✔ | ✔ |
| SOCaaS** | Available Separately | Available Separately | ✔ |
Ordering Information
When purchasing Cloud WAF pick Bandwidth and Applications SKUs. Make sure to choose Standard, Advanced, or Enterprise plan for both SKUs. Mix and match is not allowed, read more in the FAQ below.
| SKU | Solution Group | Plan | Tier (Bandwidth/Apps) | Description |
|---|---|---|---|---|
| FC1-10-UCAPF-1114-02-DD | FortiAppSec Cloud WAF – Bandwidth | Standard | 25 Mbps | Cloud WAF, 25 Mbps Standard Plan (Use seat 1). Includes FortiCare premium support. |
| FC2-10-UCAPF-1114-02-DD | FortiAppSec Cloud WAF – Bandwidth | Standard | 50-99 Mbps | Cloud WAF, 50-99 Mbps Standard Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC3-10-UCAPF-1114-02-DD | FortiAppSec Cloud WAF – Bandwidth | Standard | 100+ Mbps | Cloud WAF, 100+ Mbps Standard Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC1-10-UCAPF-1115-02-DD | FortiAppSec Cloud WAF – Bandwidth | Advanced | 25 Mbps | Cloud WAF, 25 Mbps Advanced Plan (Use seat 1). Includes FortiCare premium support. |
| FC2-10-UCAPF-1115-02-DD | FortiAppSec Cloud WAF – Bandwidth | Advanced | 50-99 Mbps | Cloud WAF, 50-99 Mbps Advanced Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC3-10-UCAPF-1115-02-DD | FortiAppSec Cloud WAF – Bandwidth | Advanced | 100+ Mbps | Cloud WAF, 100+ Mbps Advanced Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC1-10-UCAPF-1254-02-DD | FortiAppSec Cloud WAF – Bandwidth | Enterprise | 25 Mbps | Cloud WAF, 25 Mbps Enterprise Plan (Use seat 1). Includes FortiCare premium support. |
| FC2-10-UCAPF-1254-02-DD | FortiAppSec Cloud WAF – Bandwidth | Enterprise | 50-99 Mbps | Cloud WAF, 50-99 Mbps Enterprise Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC3-10-UCAPF-1254-02-DD | FortiAppSec Cloud WAF – Bandwidth | Enterprise | 100+ Mbps | Cloud WAF, 100+ Mbps Enterprise Plan (25Mbps/seat). Includes FortiCare premium support. |
| FC1-10-UCAPF-1116-02-DD | FortiAppSec Cloud WAF – Applications | Standard | 1-4 Applications | Cloud WAF, 1-4 Applications, Standard Plan. Must be combined with a Bandwidth Standard plan. Includes FortiCare premium support. |
| FC2-10-UCAPF-1116-02-DD | FortiAppSec Cloud WAF – Applications | Standard | 5-24 Applications | Cloud WAF, 5-24 Applications, Standard Plan. Must be combined with a Bandwidth Standard plan. Includes FortiCare premium support. |
| FC3-10-UCAPF-1116-02-DD | FortiAppSec Cloud WAF – Applications | Standard | 25-74 Applications | Cloud WAF, 25-74 Applications, Standard Plan. Must be combined with a Bandwidth Standard plan. Includes FortiCare premium support. |
| FC4-10-UCAPF-1116-02-DD | FortiAppSec Cloud WAF – Applications | Standard | 74+ Applications | Cloud WAF, 74+ Applications, Standard Plan. Must be combined with a Bandwidth Standard plan. Includes FortiCare premium support. |
| FC1-10-UCAPF-1257-02-DD | FortiAppSec Cloud WAF – Applications | Advanced | 1-4 Applications | Cloud WAF, 1-4 Applications, Advanced Plan. Must be combined with a Bandwidth Advanced plan. Includes FortiCare premium support. |
| FC2-10-UCAPF-1257-02-DD | FortiAppSec Cloud WAF – Applications | Advanced | 5-24 Applications | Cloud WAF, 5-24 Applications, Advanced Plan. Must be combined with a Bandwidth Advanced plan. Includes FortiCare premium support. |
| FC3-10-UCAPF-1257-02-DD | FortiAppSec Cloud WAF – Applications | Advanced | 25+ Applications | Cloud WAF, 25+ Applications, Advanced Plan. Must be combined with a Bandwidth Advanced plan. Includes FortiCare premium support. |
| FC1-10-UCAPF-1256-02-DD | FortiAppSec Cloud WAF – Applications | Enterprise | 1-4 Applications | Cloud WAF, 1-4 Applications, Enterprise Plan. Must be combined with a Bandwidth Enterprise plan. Includes FortiCare premium support. |
| FC2-10-UCAPF-1256-02-DD | FortiAppSec Cloud WAF – Applications | Enterprise | 5-24 Applications | Cloud WAF, 5-24 Applications, Enterprise Plan. Must be combined with a Bandwidth Enterprise plan. Includes FortiCare premium support. |
| FC3-10-UCAPF-1256-02-DD | FortiAppSec Cloud WAF – Applications | Enterprise | 25+ Applications | Cloud WAF, 25+ Applications, Enterprise Plan. Must be combined with a Bandwidth Enterprise plan. Includes FortiCare premium support. |
| FC1-10-UCAPF-464-02-DD | FortiAppSec Cloud Add-ons | SOCaaS | 1-4 Applications | 24x7 managed log monitoring, incident triage and SOC escalation for Cloud WAF. Price per application. Must purchase for all applications in account. |
| FC2-10-UCAPF-464-02-DD | FortiAppSec Cloud Add-ons | SOCaaS | 5+ Applications | 24x7 managed log monitoring, incident triage and SOC escalation for Cloud WAF. Price per application. Must purchase for all applications in account. |
| FC1-10-UCAPF-330-02-DD | FortiAppSec Cloud Standalone Services | GSLB | 100 QPS | Global Server Load Balancing, 100 QPS. Includes FortiCare premium support. |
| FC1-10-UCAPF-332-02-DD | FortiAppSec Cloud Standalone Services | GSLB | 10 Health Checks | Global Server Load Balancing, 10 Health Checks. Includes FortiCare premium support. |