ML-Powered Protection Zero False-Positive SLA

FortiWeb Implementation &
ML Tuning Services in India

A deployed FortiWeb blocking OWASP signatures is the beginning, not the end. Without ML learning-mode tuning, auto-learned allow lists, and API schema validation, your WAF either blocks legitimate traffic or misses targeted attacks. Ogma's implementation service turns a basic FortiWeb install into a production-hardened, low-noise WAF that your development team won't fight against.

View Services
50+
Applications ML-tuned
2–4 Weeks
ML learning period
95%+
Bot traffic correctly classified
OWASP API 10
API threat coverage

Implementation Services

Modular services — engage the ones your application requires.

ML Learning Mode & Allow-List Generation

FortiWeb's ML engine builds a behavioural model of your application — what URLs exist, what parameters are expected, what values are normal — and auto-generates an allow list. Ogma runs the 2–4 week learning cycle, reviews the generated model, removes ML errors, and promotes it to enforcement. Result: application-aware protection with near-zero false positives.

  • ML learning mode configuration and monitoring
  • Generated model review and false-positive pruning
  • URL and parameter allow list generation
  • Threshold tuning for anomaly scoring
Competitive · per application
OpenAPI / Swagger Schema Import

For REST API applications, ML learning is supplemented or replaced by OpenAPI 3.0 / Swagger 2.0 schema import. FortiWeb validates every API request against the schema — blocking calls to undocumented endpoints, invalid parameter types, excessive payload sizes, or missing required headers. This is the most precise API protection method available.

  • OpenAPI 3.0 / Swagger 2.0 schema import
  • Endpoint allow-listing (block undocumented routes)
  • Schema validation: parameter type, length, pattern
  • OWASP API Security Top 10 coverage mapping
Competitive · per API
Bot Mitigation (Real Browser Enforcement)

FortiWeb's Real Browser Enforcement (RBE) uses JavaScript challenges to verify that traffic originates from a real browser rather than a bot or automation tool. Combined with bot reputation lists (FortiGuard), rate limiting, and CAPTCHA integration, Ogma configures layered bot mitigation that stops credential stuffing, scraping, and checkout abuse without challenging legitimate users.

  • Real Browser Enforcement (JavaScript challenge) setup
  • FortiGuard Bot Reputation database activation
  • Rate limiting per source IP and session
  • Good bot allow-listing (Googlebot, Bingbot)
Competitive · per app
DevSecOps / CI-CD Pipeline Integration

For development teams deploying frequently, manual WAF rule updates create a constant bottleneck. Ogma integrates FortiWeb with your CI/CD pipeline (Jenkins, GitHub Actions, GitLab CI) so that OpenAPI schema updates are automatically pushed to FortiWeb on every deployment — and WAF policy tests are run as a pipeline stage before production promotion.

  • FortiWeb REST API integration with CI/CD tool
  • Schema auto-push on deployment pipeline
  • WAF policy smoke tests in pipeline
  • Slack/Teams alert integration for WAF blocks
Competitive · fixed-scope project

Why Ogma for FortiWeb Implementation?

Application Security Expertise

Our engineers hold NSE 7 (Web Application Security) certification and have implemented FortiWeb for banking portals, e-commerce platforms, government web properties, and SaaS applications in India.

Zero False-Positive SLA

We commit to resolving any false-positive block caused by our WAF configuration within 4 business hours during the 90-day post-implementation period. Developer frustration with WAF false positives is the #1 reason WAF projects fail — we eliminate this.

Dev-Friendly Approach

We collaborate with your development team — not around them. API schema documentation, CI/CD integration, and direct Slack/Teams channels mean developers get WAF exclusions approved and deployed within hours, not weeks.

Delivery Process

From alert-only installation to production-hardened WAF in 4–6 weeks.

1
Application Profiling (Week 1)

We document every application protected by FortiWeb: URL structures, API endpoints, authentication mechanisms, file upload paths, and any non-standard HTTP headers or cookie formats. This profile drives all ML configuration decisions and prevents common false positives.

2
ML Learning Mode Activation (Weeks 1–3)

We enable FortiWeb's ML learning mode, confirm it's receiving real traffic (not crawler traffic), and monitor learning progress daily. At 80%+ traffic coverage and stable model convergence, we export and review the generated model — pruning ML mis-classifications and errors.

3
OpenAPI Schema & Bot Config (Week 2–3, parallel)

For API-driven applications, we import the OpenAPI schema and validate it against live traffic to confirm coverage. Bot mitigation (RBE, rate limiting, reputation lists) is configured and tested in alert mode, with good bots allowlisted to prevent SEO impact.

4
Enforcement & False-Positive Sprint (Weeks 3–4)

ML model and API schema are promoted to enforcement mode. We monitor for false-positive blocks in real time — typically 3–5 working days of intensive monitoring and tuning. Any genuine false positives are resolved within 4 business hours.

5
Hardening & CI/CD Integration (Week 4–6)

Custom signatures for application-specific threats are added. CI/CD integration is configured if in scope. A final WAF health report is delivered covering: protection coverage, blocked attacks by category, false-positive resolution log, and recommended next steps.

Engagement Tiers

Services can be bundled for project discount. Tell us your application footprint and we'll quote within 2 hours.

WAF Tuning
Competitive · fixed-scope project
1–2 applications · ML tuning + bot mitigation
  • ML learning mode + model generation
  • Bot mitigation (RBE + rate limiting)
  • OWASP signature tuning
  • 4-week false-positive sprint
  • 90-day post-implementation SLA
RECOMMENDED
Full Implementation
Competitive · fixed-scope project
3–5 applications · ML + API schema + bots
  • ML learning mode for all applications
  • OpenAPI schema import (up to 2 APIs)
  • Full bot mitigation stack
  • OWASP Top 10 + OWASP API Top 10 coverage
  • 4-week false-positive sprint
  • WAF health report + coverage summary
  • 90-day post-implementation SLA
DevSecOps Add-on
Competitive · add-on
Add-on to Full Implementation
  • FortiWeb REST API CI/CD integration
  • OpenAPI schema auto-push pipeline
  • Pipeline smoke tests for WAF policy
  • Developer Slack/Teams alert channel
  • WAF exception fast-track process

Frequently Asked Questions

The ML learning period is 2–4 weeks of real traffic analysis. Your application is fully live and serving users during this time — FortiWeb runs in alert (detection-only) mode. Your users experience zero impact. We promote the ML model to enforcement only after validating it against live traffic. Many customers run alert mode indefinitely for low-risk applications and only enforce on specific high-risk paths.

With CI/CD integration, the FortiWeb OpenAPI schema is automatically updated on every API deployment using the FortiWeb REST API. Without CI/CD integration, we provide a documented procedure for your team to re-import the schema via the FortiWeb GUI or CLI. Re-import takes under 5 minutes for most schemas. Schema drift (deploying API changes without updating WAF) is the most common source of post-implementation false positives — CI/CD integration eliminates this.

RBE (JavaScript challenge) only applies to browser-based traffic. API clients, mobile apps, and non-browser HTTP clients are explicitly excluded from RBE and instead protected by API schema validation, rate limiting, and IP reputation checks. We configure RBE selectively on login pages, registration flows, and other human-facing endpoints — not on REST API paths.

During the 90-day post-implementation period, if any legitimate user request is blocked by a FortiWeb rule Ogma configured (not a Fortinet signature the customer independently enabled), we commit to resolving it within 4 business hours. Resolution means either adding a WAF exclusion, tuning the ML threshold, or adding an URL exception — whichever is most appropriate. If we miss the 4-hour window, the cost of the resolution is credited to future work.

Yes. The OWASP API Security Top 10 (2023 edition) includes threats like BOLA (Broken Object Level Authorisation), Mass Assignment, and unrestricted resource consumption. FortiWeb's OpenAPI schema import addresses many of these directly: endpoint enumeration is blocked (covers BOLA to some extent), parameter validation covers mass assignment, and rate limiting covers resource consumption. For BOLA specifically — a business-logic vulnerability — we recommend complementing FortiWeb with application-layer controls.

Yes. FortiWeb is available as a marketplace VM on AWS, Azure, and GCP, and as FortiWeb Cloud (SaaS WAF). For cloud deployments, we configure DNS-based traffic redirection (CNAME to FortiWeb VIP), SSL certificate management within the cloud WAF, and integrate with cloud-native services (AWS CloudWatch, Azure Monitor) for logging. The ML tuning and API schema implementation process is identical regardless of deployment platform.

FortiWeb's rate limiting and bot mitigation protect against application-layer DDoS (Layer 7) attacks — HTTP floods, slowloris, credential stuffing at scale. For volumetric network DDoS (Layers 3/4), FortiWeb is not the right tool — FortiDDoS or an upstream scrubbing service (Cloudflare, Akamai) is needed. We clearly scope what FortiWeb covers and recommend complementary controls where gaps exist.

Stop Blocking Legitimate Users. Start Blocking Real Attacks.

Tell us about your application stack, whether you have an OpenAPI spec, and what your main concern is — false positives, bot traffic, or API abuse. We'll scope a tuning engagement with a fixed timeline and zero-FP commitment.