Fortinet black logo

Best Practices

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0

Administrative settings

Administrative settings

The following general administrative settings are recommended:

  • Set the idle timeout time for administrators to a low value, preferably less that ten minutes.

  • Use non-standard HTTPS and SSH ports for administrative access.

  • Disable weak encryption protocols.

  • Disable the maintainer account if the FortiGate device's physical security cannot be guaranteed.

    The built-in maintainer account is used to log in to the FortiGate if you have lost all administrator credentials. Physical access to the FortiGate device is required. If maintainer account is disabled and you lose all of your administrator credentials, then you will no longer be able to access to access the FortiGate and it will need to be reset to factory default settings.

  • Replace the certificate that is offered for HTTPS access with a trusted certificate that has the FQDN or IP address of the FortiGate.

  • Configure the Fortinet Security Fabric when multiple FortiGates and fabric devices are used. It provides a single-pane-of-glass administration, allowing administrators access to each device in the fabric using SSO.

    A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet fabric devices. A maximum of 35 downstream FortiGates is recommended.

Previous
Next

Administrative settings

The following general administrative settings are recommended:

  • Set the idle timeout time for administrators to a low value, preferably less that ten minutes.

  • Use non-standard HTTPS and SSH ports for administrative access.

  • Disable weak encryption protocols.

  • Disable the maintainer account if the FortiGate device's physical security cannot be guaranteed.

    The built-in maintainer account is used to log in to the FortiGate if you have lost all administrator credentials. Physical access to the FortiGate device is required. If maintainer account is disabled and you lose all of your administrator credentials, then you will no longer be able to access to access the FortiGate and it will need to be reset to factory default settings.

  • Replace the certificate that is offered for HTTPS access with a trusted certificate that has the FQDN or IP address of the FortiGate.

  • Configure the Fortinet Security Fabric when multiple FortiGates and fabric devices are used. It provides a single-pane-of-glass administration, allowing administrators access to each device in the fabric using SSO.

    A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet fabric devices. A maximum of 35 downstream FortiGates is recommended.

Previous
Next