FortiWeb Cloud (FortiAppSec) —
managed SaaS WAF for India
Fortinet's SaaS-delivered WAF, sized and run by Ogma. Change DNS / CNAME, and FortiAppSec Cloud sits inline as a multi-region, multi-tenant WAF. Three plan tiers (Standard, Advanced, Enterprise) priced by bandwidth and application count. Zero infrastructure to operate.
DNS / CNAME
Onboarding
Change the DNS record, FortiAppSec sits inline. No appliance, no agent, no VPC peering.
Multi-region
Global delivery
PoPs across regions. CDN caching + compression bundled at Standard tier.
25 Mbps / seat
Bandwidth model
Bandwidth seats + Application seats. Combined SKUs.
3 plans
Std / Adv / Ent
Tier features per the FortiWeb Ordering Guide.
Plan comparison — Standard / Advanced / Enterprise
| Capability | Standard | Advanced | Enterprise |
|---|---|---|---|
| OWASP Top 10, WAF signatures, threat intel, custom rules | ✓ | ✓ | ✓ |
| Sandboxing | — | ✓ | ✓ |
| ML-based anomaly detection | — | ✓ | ✓ |
| AI Threat Analytics | — | ✓ | ✓ |
| API Gateway + API Discovery | — | ✓ | ✓ |
| Account Takeover protection | — | ✓ | ✓ |
| Bot Defense — IP-based, thresholds | ✓ | ✓ | ✓ |
| Behavioral Intent Analysis (ML) | — | — | ✓ |
| Client-Side Security (PCI DSS 4.0) | — | — | ✓ |
| DDoS L3-L7 | ✓ | ✓ | ✓ |
| SSL inspection + Health monitoring | ✓ | ✓ | ✓ |
| Client Authentication + Content Routing | — | ✓ | ✓ |
| CDN caching + compression | ✓ | ✓ | ✓ |
| DAST runtime vuln. scans | — | ✓ | ✓ |
| FortiAI Assist | ✓ | ✓ | ✓ |
| SOCaaS (monitoring, triage, escalation) | Add-on | Add-on | Included |
| 24×7 Support | ✓ | ✓ | ✓ |
Source: FortiWeb Ordering Guide, FWEB-OG-R25-20260318. Bandwidth SKU is required separately from Application SKU. 25 Mbps per Bandwidth seat; 1 web app per Application seat.
When FortiAppSec Cloud is the right answer
Zero appetite for infra
No VM to size, patch, or HA-pair. No FortiManager to operate. Fortinet runs everything; you set policy.
Multi-region delivery built-in
PoPs distributed globally for low-latency inspection. CDN + compression at Standard. DDoS protection bundled.
Public-facing apps
Marketing sites, e-commerce, public APIs — anywhere DNS / CNAME swap is acceptable.
Bursty / unpredictable traffic
Per-seat scaling means you don't have to pre-buy peak capacity. Add seats as traffic grows.
Multi-app workloads
25-app, 100-app portfolios — Application seats scale linearly. No HW or VM tier to rebuy.
Pair with appliance / VM
Hybrid: FortiAppSec for public-facing + appliance/VM for internal apps. Same FortiCloud account, unified Threat Analytics.
What Ogma does
- Sizing — work out the right Bandwidth + Application seat count from your traffic profile and app count. Avoid over-buying.
- Plan selection — Standard / Advanced / Enterprise based on PCI scope, bot exposure, and API surface.
- Onboarding — CNAME cutover orchestrated against a maintenance window; rollback plan documented.
- Policy tuning — initial 30-day policy tuning to bring false-positive rate to operational floor.
- Renewal management — INR-billed with GST. Renewal quoted 60-90 days before expiry.
- SOCaaS pairing — Enterprise tier includes SOCaaS; Standard/Advanced can add it.
FAQ
How is FortiAppSec different from FortiWeb-VM?
Can FortiAppSec see traffic for internal apps behind VPN?
Are PoPs available in India?
How quickly can we go live?
Can we add SOCaaS to Standard/Advanced?
FCx-10-UCAPF-464-02-DD, priced per application). It comes included in the Enterprise plan.What's the renewal cycle?
Get a sized FortiAppSec Cloud quote
Ogma sizes Bandwidth + Application seats and the right plan tier against your app portfolio. INR + GST. Quote returned in 2 working days.
Request the sizing + quote