Fortinet FortiWeb 400F

Overview

The FortiWeb 400F is a high-performance Web Application Firewall (WAF) appliance designed to protect web applications and APIs from the full spectrum of attacks — from known vulnerabilities to zero-day exploits. It is suitable for data centres, enterprise applications, service providers and cloud-hybrid deployments. The appliance form-factor provides a rack-mountable 1U solution with multiple gigabit ports and high throughput performance. This makes it a strong choice for organisations seeking robust application-layer security combined with the breadth of features required for modern web and API-centric infrastructures.

Key Features

• Multi-layer web application protection: defends against OWASP Top 10 web application threats, unknown exploits and zero-day attacks.
• Machine-learning-based detection: models each application’s behaviour and helps reduce false positives while detecting anomalous behaviour.
• API protection: guards mobile-apps, public APIs and microservices with schema verification (JSON/XML), API gateway support and CI/CD pipeline integration.
• Advanced bot mitigation: differentiates legitimate bots from malicious ones, protects web assets without undue friction to legitimate users.
• High performance hardware platform: dedicated gigabit interfaces (4 × GE-RJ45 + 4 × GE-SFP) and throughput of about 500 Mbps in the 400F model.
• Flexible deployment modes: reverse proxy, inline transparent, true transparent proxy, offline sniffing and WCCP modes.
• Application delivery capabilities: layer-7 load balancing, URL rewriting, content routing, HTTPS/SSL off-loading, HTTP compression and caching.
• Authentication & access control: supports active/passive authentication, SSO site-publishing, LDAP, RADIUS, SSL client certificates, 2-factor authentication and browser-based enforcement.
• Management, monitoring & reporting: includes web-UI, CLI, REST API, FortiView dashboard, SNMP/Syslog/email logging, geo-IP analytics and OWASP categorisation.
• High availability and scalability: supports Active/Passive or Active/Active clustering, administrative domains (up to 32 in this model) and centralised management of multiple appliances.
• IPv6 and HTTP/2 support, SSL/TLS off-loading and full integration into the security fabric of the manufacturer for broader threat intelligence and security orchestration.

Specifications

• Form factor: 1U rack-mountable appliance.
• Interfaces (network): 4 × 10/100/1000Base-T RJ-45 + 4 × 1000Base-X SFP (mini-GBIC) ports.
• USB / Console: 2 × USB (Type-A) ports + 1 × console RJ-45 port.
• Storage: 480 GB SSD (single) in some bundles.
• Performance (throughput): Up to ~500 Mbps for the 400F model. Latency less than ~5 microseconds in test conditions.
• Dimensions & weight: Depth ~42 cm; Height ~4.4 cm (~1.73″); Width ~43.8 cm (~17.24″); Weight ~5.4 kg (~11.9 lb).
• Power consumption: Operational ~127.33 W; Voltage 100-240 V AC, 50/60 Hz.
• Operating environment: 0 °C to 40 °C temperature; humidity 5 %-90% non-condensing.
• High availability / domains: Supports up to 32 administrative domains in this model; application licenses are unlimited.
• Certifications & standards: Complies with UL, CB, cUL, FCC Part 15 A, VCCI, RCM.
• Deployments supported: On-premise appliance, virtual appliance (VM), container, SaaS model.