SLA-Backed 24/7 WAF Operations

Managed FortiWeb WAF Services —
WAF-as-a-Service India

A WAF that's set up and forgotten is a WAF that becomes irrelevant. New application features break policy. New CVEs demand virtual patches before your dev team can deploy a fix. New bot campaigns need fresh rate-limiting rules. Ogma's managed FortiWeb service keeps your WAF tuned, current, and actually protecting your applications — every month, under SLA.

What's Included
50+
Applications under managed WAF
<4 Hours
False-positive resolution SLA
<2 Hours
Emergency virtual patch SLA
Monthly
WAF health reports delivered

What's Included

Core pillars of every managed WAF tier.

Policy Updates & Rule Tuning

Every time your application is updated — new endpoints, new parameters, new file upload paths — the FortiWeb WAF policy needs to be updated. Ogma reviews application change notifications, updates URL and parameter rules, and tests changes before deploying to production.

  • Application change-driven policy updates
  • Signature threshold tuning
  • Monthly FortiGuard signature review
False-Positive Management

When legitimate users are blocked, developers escalate urgently. Ogma investigates every false-positive report, determines root cause (signature over-match, ML model gap, application change), and deploys the appropriate fix — under a 4-hour SLA.

  • Dedicated escalation channel (Slack/Teams/email)
  • 4-hour resolution SLA during business hours
  • False-positive root cause documentation
Emergency Virtual Patching

When a critical CVE is disclosed for a technology your application uses (Log4Shell, Spring4Shell, Apache Struts), Ogma deploys a FortiWeb virtual patch (custom signature) within 2 hours — buying your dev team time to apply the real fix without exposure.

  • CVE monitoring for your application stack
  • Virtual patch deployment <2 hours (critical CVE)
  • Patch effectiveness validation and reporting
Bot Response Management

Bot campaigns evolve — attackers rotate IPs, change user agents, and use residential proxies. Ogma monitors bot traffic patterns and updates FortiGuard Bot Reputation rules, rate-limiting profiles, and RBE configuration monthly to stay ahead of evolving automation abuse.

  • Monthly bot campaign traffic review
  • Rate limiting profile updates
  • Good-bot allowlist maintenance
Monthly WAF Health Report

A management-level monthly report: top attack types blocked, top attacking source IPs, false-positive incidents resolved, virtual patches deployed, FortiGuard signature database version, and recommendations for next month. Useful for CISO reporting and PCI-DSS evidence.

  • Attack summary by OWASP category
  • False-positive and resolution log
  • Compliance evidence attachment
Platform Administration

FortiCare-backed FortiWeb firmware upgrades, certificate renewals before expiry, admin account hygiene, disk log rotation, and licence utilisation monitoring. We ensure your FortiWeb platform never becomes a security liability in its own right.

  • FortiWeb firmware patch management
  • SSL certificate renewal reminders and assistance
  • Admin audit log review

Service Tiers

Minimum 3-month initial term. Tell us your tier and application count and we'll quote within 2 hours.

Starter
Competitive · monthly subscription
1 application · Standard SLA
  • Monthly policy update (1 change batch)
  • False-positive resolution (8×5, 4-hour SLA)
  • Emergency virtual patching (business hours)
  • Monthly health report
  • Platform administration
MOST POPULAR
Professional
Competitive · monthly subscription
Up to 3 applications · Enhanced SLA
  • Fortnightly policy updates (2 change batches)
  • False-positive resolution (24×7, 4-hour SLA)
  • Emergency virtual patching 24×7 (<2 hours)
  • Monthly bot traffic review + response
  • Monthly health report + attack summary
  • Platform admin + certificate renewal management
  • Quarterly PCI-DSS WAF evidence report
Enterprise
Competitive · monthly subscription
Unlimited applications · Premium SLA
  • On-demand policy updates (no batch restriction)
  • False-positive resolution 24×7, <2 hours
  • Emergency virtual patching <1 hour (critical)
  • Weekly bot traffic review
  • Monthly health + CISO board report
  • Dedicated WAF engineer assigned
  • Monthly review call
  • All compliance evidence (PCI-DSS, ISO 27001)

Does not include FortiWeb platform licences, FortiGuard subscription fees, or infrastructure costs. Scope adjusted for environments with high application-change velocity.

Why Ogma for Managed WAF?

NSE 7 Certified Engineers

Our team holds NSE 7 Web Application Security certification with hands-on experience across banking portals, payment gateways, e-commerce platforms, and SaaS applications. We understand application context — not just WAF configuration.

Developer-Aligned Operations

We bridge the traditional security/dev divide. Our WAF engineers collaborate directly with your development team via Slack or Teams — false-positive escalations are handled like developer support tickets, not security incidents.

Virtual Patching Track Record

We've deployed emergency virtual patches for Log4Shell, Spring4Shell, Apache HTTP Server path traversal, and multiple critical web framework CVEs — often within 90 minutes of Fortinet releasing signature updates. Our CVE monitoring never sleeps.

Onboarding Process

From signed MSA to full managed WAF in 1 week.

1
MSA & Application Inventory

We sign the managed service agreement, document all applications in scope (names, URLs, backend IPs, SSL certificate expiry dates), and establish escalation contacts. Change notification process is agreed — how you'll inform us of upcoming application deployments.

2
WAF Audit & Handover

If FortiWeb was installed by another party, we conduct a 2-day audit: review existing policies, identify over-permissive exclusions, document certificate status, and baseline current false-positive rate. If Ogma installed FortiWeb, this step is skipped.

3
Escalation Channel Setup

We configure your preferred escalation channel (Slack workspace, Teams channel, or email alias) for false-positive reports and change requests. SLA clock starts from the moment a ticket is raised in the agreed channel.

4
First Monthly Cycle

Month one begins: policy review, any outstanding quick-win tuning, and first monthly health report at month-end. You'll receive a WAF state report showing current protection coverage, top blocked attack types, and any outstanding recommendations.

Frequently Asked Questions

No. Managed service fees cover Ogma's analyst and engineer labour for ongoing WAF operations. FortiWeb platform licences and FortiGuard Web Security Service subscriptions are separate costs purchased directly from Fortinet or an authorised reseller. We can advise on licence sizing and renewal timing.

You notify Ogma via the escalation channel at least 2 business days before a major application deployment. We review the release notes or change spec, update WAF policies in a staging/test profile, validate against the new application version (in your UAT environment if available), and deploy the updated policy to production at the same time as the application release. For minor updates, same-day policy updates are standard.

Yes. We onboard with a 2-day WAF audit to understand the existing configuration baseline. If we find the existing configuration is significantly under-tuned, we'll recommend a one-time tuning engagement (FortiWeb Implementation) before starting managed operations — this ensures we're managing from a solid baseline.

A virtual patch is a FortiWeb custom signature or rule that detects and blocks exploitation attempts targeting a specific CVE — without changing the underlying application code. For example, a Log4Shell virtual patch blocks requests containing the JNDI lookup string \${jndi:...} in HTTP headers, body, and URLs. The real patch is still needed (the application must be updated), but the virtual patch eliminates exposure while your dev team completes the real fix.

On the Professional and Enterprise tiers, we monitor certificate expiry dates for all certificates loaded in FortiWeb. We notify you 30 days before expiry and assist with the renewal process — whether that's importing a CA-signed certificate you provide, helping you generate a CSR, or configuring auto-renewal via Let's Encrypt for applicable deployments. Certificate expiry is a common WAF operational oversight that we proactively prevent.

Yes. Managed WAF operations for FortiWeb Cloud and on-premises FortiWeb are operationally identical from your perspective. The same escalation channels, SLAs, and deliverables apply. For FortiWeb Cloud, we access the SaaS management console using dedicated analyst credentials.

Yes — and this is recommended for comprehensive security operations. Managed FortiSIEM includes WAF log monitoring (FortiWeb sends events to FortiSIEM) as part of alert triage. When both services are managed by Ogma, WAF alerts are correlated with network and endpoint events — giving your SOC analyst full attack context rather than isolated WAF blocks. Ask about a bundled pricing discount for combined managed services.

Keep Your WAF Earning Its Licence Fee

Tell us how many applications you need covered, your deployment type (on-prem/cloud), and your biggest current pain point — false positives, CVE response speed, or compliance reporting. We'll scope the right service tier.