Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Does the FortiWeb WAF support Application learning positive security?

Hello to Everyone,



Does the FortiWeb WAF support Application learning (AL) / traffic learning positive security?



From the article I see that there is an ML option but I couldn't find anything about AL as every other major WAF vendor has AL and most now also have ML as it is great to combine AL with the ML learning as ML can stop or change the score of some signatures/violations after the AL is done with learning good URL/cookies/parameters/file types/http headers and methods as to clear false positives.

Community Manager
Community Manager


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Anthony-Fortinet Community Team.

Hello filiaks1,


We are still looking for an answer to your question.


We will come back to you ASAP.




Jean-Philippe - Fortinet Community Team




FortiWeb’s AI-based machine learning evaluates application requests to determine if they are normal, benign anomalies, or anomalies that are threats and this way it nearly eliminates false positive detections and hence the need to manually fine tune WAF rules. 


The anomaly detection model of machine learning feature observes the URLs, parameters, and HTTP Method of HTTP and/or HTTPS sessions passing to your web servers and builds mathematical models to detect abnormal traffic. 


Machine learning | FortiWeb 7.0.0 (


Compared to other vendor which uses positive security model to Learn known good, and fine tune policy around it, FortiWEB help you perform these tasks using its advanced AI-Based Machine learning model.

On top this, FortiWeb has "Monitor Mode" option under Server policy which will help Alert Traffic violation and not actually block them during the initial deployment or testing phase. This is to ensure that your Legitimate traffic is allowed while it still block the real attack.


Best Regards,

Top Kudoed Authors