Chapter 11 – Hardening
This document describes a series of techniques used to improve the security of administrative access to a FortiGate device.
The following sections are included:
- Install the FortiGate unit in a physically secure location
- Maintain the firmware
- Add new administrator accounts
- Change the admin account name and limit access to this account
- Only allow administrative access to the external interface when needed
- When enabling remote access, configure Trusted Hosts and Two-factor Authentication
- Change the default administrative port to a non-standard port
- Modify the device name Register with support services Maintain short login timeouts
- Enable automatic clock synchronization
- Enable Password Policy
- Modify administrator account Lockout Duration and Threshold values
- Disable auto installation via USB Configure auditing and logging
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!