Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 25.4.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide
    25.4.0
    26.1.0
    25.4.0
    25.3.0
    25.2.0

    FortiAppSec contracts

    FortiAppSec contracts

    What features are included in a FortiAppSec Cloud Contract, and can services be purchased separately?

    The FortiAppSec Fortinet Contract is a comprehensive solution designed to enhance application security and optimize performance. The contract includes the following features:

    • Web Application Firewall (WAF): Requires both website and bandwidth contracts to ensure proper protection and performance. The available features vary based on Standard and Advanced plans.

    • Dynamic Application Security Testing (DAST): Supports a defined number of assets for security testing.

    • Global Server Load Balancing (GSLB): Includes features such as Queries Per Second (QPS) and health checks to maintain server efficiency.

    • Advanced Bot Protection (ABP): Provides robust defenses against malicious bot activity.

    • Threat Analytics: Delivers real-time visibility, actionable insights, and advanced reporting on application-layer security events for proactive threat detection and response.

    • Security Operations Center (SOC): Offers managed security monitoring and incident response services for comprehensive threat management.

    What are the different WAF plans in FortiAppSec Cloud Contracts?

    There are three tiers of FortiAppSec Cloud contracts:

    • Standard: Focuses on core protections, including negative security model policies, default configurations such as signatures, request limits, and more.

      This plan requires separate licenses for the number of applications and bandwidth.

    • Advanced: Includes all features of the Standard plan and adds advanced capabilities, such as machine learning for web/API/bot protection, Threat Analytics, and additional security enhancements.

      This plan requires separate licenses for the number of applications and bandwidth.

    • Enterprise: Includes all features of the Advanced plan, and also bundles services that are billed separately in the Standard and Advanced plans, such as Advanced Bot Protection, GSLB, and SOCaaS.

      • Each GSLB application includes a lifetime allocation of 10 GSLB health checks (HC).

      • For every 5 Mbps of licensed bandwidth, the system allows a monthly average of up to 20 queries per second (QPS).

      This plan is charged as an annual subscription, with pricing based on bandwidth limit.

    For a detailed comparison of the Standard, Advanced, and Enterprise plans, please visit the FortiAppSec Cloud Plan Comparison.

    Please note that the features and usage limits of these plans are fixed and cannot be customized. For example, you cannot "mix and match" the bandwidth limit of the standard plan with the application limit of the Advanced plan.

    Can I have multiple license types active in my account at the same time?

    No, only one primary license type can be active at a time within a single account. Inactive licenses cannot be used while another license type is active.

    Exception: Gateway licenses remain active regardless of which other license type is in use. This is because they provide essential services, such as traffic routing, load balancing, and secure application delivery, which are critical for maintaining uninterrupted operations. By staying active, gateway licenses ensure that core functionality continues seamlessly, even when other licenses are inactive or switched.

    How do I check my current active license type?

    You can check your current active license by navigating to General > Contracts in the FortiAppSec Cloud web portal. On this page, you will see all your contracts along with their statuses, including an indication of which license type is currently active.

    If you do not see your license or encounter any issues, please contact Fortinet Support.

    How do I switch my current license to a newly purchased license?

    Log into the FortiAppSec Cloud web management console, navigate to General > Contracts, select the desired license type you wish to activate, and follow the on-screen prompts to confirm the switch.

    How can I increase the number of applications supported by my FortiAppSec Cloud contract?

    FortiAppSec Cloud contracts are seat-based and, unlike legacy FortiWeb Cloud contracts, do not support stacking or overlapping multiple contracts. When a new contract is registered, it is automatically scheduled to begin after the current contract expires.

    If you need to increase the number of applications (seats) before the current contract ends, contact your Fortinet sales representative and request a contract adjustment via co-term to reflect the increased seat count.

    What happens when my current license expires?

    When your current license expires, FortiAppSec Cloud will continue protecting your applications for 21 days.

    During this 21-day grace period:

    • Your applications remain protected.

    • However, you cannot edit the configurations for your applications unless the contract is renewed.

    After the 21-day extension:

    • Your applications will be deleted from your FortiAppSec Cloud account.

    To avoid service interruptions and potential data loss, ensure your contract is renewed before the grace period ends. For assistance, please contact Fortinet Sales.

    How is the number of WAF sites and bandwidth calculated in FortiAppSec Cloud Contracts?

    The number of WAF sites and the allocated bandwidth are determined by the specific SKU purchased. Each SKU defines the allowed number of application sites and the corresponding bandwidth allocation per seat.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How do I extend a FortiAppSec Cloud Fortinet Contract?

    To extend your FortiAppSec Cloud Fortinet Contract, contact your sales representative (SE) to adjust the quantity or expiration date of your existing contract instead of purchasing a new one.

    If you would like to change contract types, (eg. from Standard to Advanced) you may also purchase a new FortiAppSec Cloud Fortinet Contract with an effective date at the end of your current contract, rather than extending the current contract’s duration.

    You will receive an email notification as your license approaches its expiration date.

    How does GSLB QPS and health check work?

    GSLB QPS (Queries Per Second) and health checks in FortiAppSec Cloud Contracts are managed based on the license's specifications. The GSLB QPS determines the number of queries your Global Server Load Balancing can handle per second, while health checks monitor the availability and performance of your services. These parameters are defined in your contract and are enforced to ensure optimal load balancing and service reliability.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How does the Advanced Bot Protection (ABP) quota work?

    The Advanced Bot Protection (ABP) quota in FortiAppSec Cloud Contracts defines the number of bot queries your system can handle per month. This quota ensures that the ABP features are used within the licensed limits. If the quota is exceeded, additional bot traffic may be restricted unless the license allows for overuse or an upgrade is performed.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    What are the SOCaaS features available?

    SOCaaS (Security Operations Center as a Service) features include real-time security monitoring, event response, and threat analysis. SOCaaS helps in identifying, analyzing, and mitigating security threats to protect your applications and data, providing an added layer of security management.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How does the DAST scanning quota work?

    The DAST (Dynamic Application Security Testing) scanning quota specifies the number of assets that can be scanned for vulnerabilities. This quota ensures that security testing is conducted within the licensed limits. The exact number of assets that can be scanned depends on the specific FortiAppSec Cloud Contract SKU you have purchased.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    Can I buy WAF features A-La-Carte?

    No, you can only choose between the Standard, Advanced and Enterprise plans.

    What should I do if my account is in read-only mode?

    Your account may enter read-only mode due to one of the following reasons. The next steps depend on the cause:

    • Bandwidth Overage

      If your bandwidth usage exceeds your quota limits for two consecutive months, your account will enter read-only mode.

      To regain full access:

      • Increase your bandwidth limit

        Contact your sales representative to adjust the quantity on your existing contract.

      • Wait for the next billing cycle

        The 95th percentile bandwidth usage resets at the start of each billing cycle. If your usage remains within the quota throughout the next billing cycle, access will be automatically restored at the start of the following cycle.

    • Application Overage

      If you have more applications than is supported by your contract, your account will enter read-only mode.

      To regain full access:

      • Increase your application limit

        Contact your sales representative to adjust the quantity on your existing contract.

      • Decrease number of applications

        Delete applications until the number of applications falls under your contract quota.

    • Expired Contract

      When your contract expires, your account enters a 21-day grace period during which it remains in read-only mode.

      To regain full access:

      • Purchase additional contracts

        You can purchase additional FortiAppSec Cloud contracts through any supported platform.

      • Extend expiration date

        Contact your sales representative to extend your current contract.

    Does the FortiAppSec Cloud serial number change when the license is replaced?

    It depends on the type of license change.

    • If you upgrade within the same license type (for example, from Standard to Advanced or Enterprise), the serial number remains the same.

    • If you switch from a FortiAppSec Cloud license to a FortiFlex or Public Cloud Marketplace subscription, the serial number will change.

    How will I know if my service has entered the grace period?

    When a change occurs that affects your level of access to applications, the FortiAppSec Cloud web portal displays an alert banner upon login. You also receive a corresponding email notification.

    Previous
    Next

    FortiAppSec contracts

    FortiAppSec contracts

    What features are included in a FortiAppSec Cloud Contract, and can services be purchased separately?

    The FortiAppSec Fortinet Contract is a comprehensive solution designed to enhance application security and optimize performance. The contract includes the following features:

    • Web Application Firewall (WAF): Requires both website and bandwidth contracts to ensure proper protection and performance. The available features vary based on Standard and Advanced plans.

    • Dynamic Application Security Testing (DAST): Supports a defined number of assets for security testing.

    • Global Server Load Balancing (GSLB): Includes features such as Queries Per Second (QPS) and health checks to maintain server efficiency.

    • Advanced Bot Protection (ABP): Provides robust defenses against malicious bot activity.

    • Threat Analytics: Delivers real-time visibility, actionable insights, and advanced reporting on application-layer security events for proactive threat detection and response.

    • Security Operations Center (SOC): Offers managed security monitoring and incident response services for comprehensive threat management.

    What are the different WAF plans in FortiAppSec Cloud Contracts?

    There are three tiers of FortiAppSec Cloud contracts:

    • Standard: Focuses on core protections, including negative security model policies, default configurations such as signatures, request limits, and more.

      This plan requires separate licenses for the number of applications and bandwidth.

    • Advanced: Includes all features of the Standard plan and adds advanced capabilities, such as machine learning for web/API/bot protection, Threat Analytics, and additional security enhancements.

      This plan requires separate licenses for the number of applications and bandwidth.

    • Enterprise: Includes all features of the Advanced plan, and also bundles services that are billed separately in the Standard and Advanced plans, such as Advanced Bot Protection, GSLB, and SOCaaS.

      • Each GSLB application includes a lifetime allocation of 10 GSLB health checks (HC).

      • For every 5 Mbps of licensed bandwidth, the system allows a monthly average of up to 20 queries per second (QPS).

      This plan is charged as an annual subscription, with pricing based on bandwidth limit.

    For a detailed comparison of the Standard, Advanced, and Enterprise plans, please visit the FortiAppSec Cloud Plan Comparison.

    Please note that the features and usage limits of these plans are fixed and cannot be customized. For example, you cannot "mix and match" the bandwidth limit of the standard plan with the application limit of the Advanced plan.

    Can I have multiple license types active in my account at the same time?

    No, only one primary license type can be active at a time within a single account. Inactive licenses cannot be used while another license type is active.

    Exception: Gateway licenses remain active regardless of which other license type is in use. This is because they provide essential services, such as traffic routing, load balancing, and secure application delivery, which are critical for maintaining uninterrupted operations. By staying active, gateway licenses ensure that core functionality continues seamlessly, even when other licenses are inactive or switched.

    How do I check my current active license type?

    You can check your current active license by navigating to General > Contracts in the FortiAppSec Cloud web portal. On this page, you will see all your contracts along with their statuses, including an indication of which license type is currently active.

    If you do not see your license or encounter any issues, please contact Fortinet Support.

    How do I switch my current license to a newly purchased license?

    Log into the FortiAppSec Cloud web management console, navigate to General > Contracts, select the desired license type you wish to activate, and follow the on-screen prompts to confirm the switch.

    How can I increase the number of applications supported by my FortiAppSec Cloud contract?

    FortiAppSec Cloud contracts are seat-based and, unlike legacy FortiWeb Cloud contracts, do not support stacking or overlapping multiple contracts. When a new contract is registered, it is automatically scheduled to begin after the current contract expires.

    If you need to increase the number of applications (seats) before the current contract ends, contact your Fortinet sales representative and request a contract adjustment via co-term to reflect the increased seat count.

    What happens when my current license expires?

    When your current license expires, FortiAppSec Cloud will continue protecting your applications for 21 days.

    During this 21-day grace period:

    • Your applications remain protected.

    • However, you cannot edit the configurations for your applications unless the contract is renewed.

    After the 21-day extension:

    • Your applications will be deleted from your FortiAppSec Cloud account.

    To avoid service interruptions and potential data loss, ensure your contract is renewed before the grace period ends. For assistance, please contact Fortinet Sales.

    How is the number of WAF sites and bandwidth calculated in FortiAppSec Cloud Contracts?

    The number of WAF sites and the allocated bandwidth are determined by the specific SKU purchased. Each SKU defines the allowed number of application sites and the corresponding bandwidth allocation per seat.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How do I extend a FortiAppSec Cloud Fortinet Contract?

    To extend your FortiAppSec Cloud Fortinet Contract, contact your sales representative (SE) to adjust the quantity or expiration date of your existing contract instead of purchasing a new one.

    If you would like to change contract types, (eg. from Standard to Advanced) you may also purchase a new FortiAppSec Cloud Fortinet Contract with an effective date at the end of your current contract, rather than extending the current contract’s duration.

    You will receive an email notification as your license approaches its expiration date.

    How does GSLB QPS and health check work?

    GSLB QPS (Queries Per Second) and health checks in FortiAppSec Cloud Contracts are managed based on the license's specifications. The GSLB QPS determines the number of queries your Global Server Load Balancing can handle per second, while health checks monitor the availability and performance of your services. These parameters are defined in your contract and are enforced to ensure optimal load balancing and service reliability.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How does the Advanced Bot Protection (ABP) quota work?

    The Advanced Bot Protection (ABP) quota in FortiAppSec Cloud Contracts defines the number of bot queries your system can handle per month. This quota ensures that the ABP features are used within the licensed limits. If the quota is exceeded, additional bot traffic may be restricted unless the license allows for overuse or an upgrade is performed.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    What are the SOCaaS features available?

    SOCaaS (Security Operations Center as a Service) features include real-time security monitoring, event response, and threat analysis. SOCaaS helps in identifying, analyzing, and mitigating security threats to protect your applications and data, providing an added layer of security management.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    How does the DAST scanning quota work?

    The DAST (Dynamic Application Security Testing) scanning quota specifies the number of assets that can be scanned for vulnerabilities. This quota ensures that security testing is conducted within the licensed limits. The exact number of assets that can be scanned depends on the specific FortiAppSec Cloud Contract SKU you have purchased.

    For detailed contract information, refer to the FortiAppSec Cloud Ordering Guide.

    Can I buy WAF features A-La-Carte?

    No, you can only choose between the Standard, Advanced and Enterprise plans.

    What should I do if my account is in read-only mode?

    Your account may enter read-only mode due to one of the following reasons. The next steps depend on the cause:

    • Bandwidth Overage

      If your bandwidth usage exceeds your quota limits for two consecutive months, your account will enter read-only mode.

      To regain full access:

      • Increase your bandwidth limit

        Contact your sales representative to adjust the quantity on your existing contract.

      • Wait for the next billing cycle

        The 95th percentile bandwidth usage resets at the start of each billing cycle. If your usage remains within the quota throughout the next billing cycle, access will be automatically restored at the start of the following cycle.

    • Application Overage

      If you have more applications than is supported by your contract, your account will enter read-only mode.

      To regain full access:

      • Increase your application limit

        Contact your sales representative to adjust the quantity on your existing contract.

      • Decrease number of applications

        Delete applications until the number of applications falls under your contract quota.

    • Expired Contract

      When your contract expires, your account enters a 21-day grace period during which it remains in read-only mode.

      To regain full access:

      • Purchase additional contracts

        You can purchase additional FortiAppSec Cloud contracts through any supported platform.

      • Extend expiration date

        Contact your sales representative to extend your current contract.

    Does the FortiAppSec Cloud serial number change when the license is replaced?

    It depends on the type of license change.

    • If you upgrade within the same license type (for example, from Standard to Advanced or Enterprise), the serial number remains the same.

    • If you switch from a FortiAppSec Cloud license to a FortiFlex or Public Cloud Marketplace subscription, the serial number will change.

    How will I know if my service has entered the grace period?

    When a change occurs that affects your level of access to applications, the FortiAppSec Cloud web portal displays an alert banner upon login. You also receive a corresponding email notification.

    Previous
    Next