Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • NGFW Deployment

    7.0.0
    7.0.0

    Configuring system settings

    Configuring system settings

    Before configuring system settings, enable the certificates feature.

    To enable certificates:
    1. Go to System > Feature Visibility.
    2. Under Additional Features, enable Certificates, and click Apply.
    To configure system settings:
    1. Go to System > Settings.
    2. Set Time zone to reflect the location of the FortiGate.
    3. Change HTTPS port from 443 to an uncommon port number, such as, 9443.
    4. For HTTPS server certificate, use automated certificate enrollment to leverage the ACME protocol with the Let’s Encrypt service.
      1. Use the dropdown next to HTTPS server certificate to select +Create.
      2. Select Use Let’s Encrypt.
      3. Provide an appropriate name for the certificate.
      4. Set Domain to the public FQDN of the FortiGate.
      5. Set Email to a valid email address.
      6. Select Create.

        7. For further details on the process, see FortiOS 7.0 Administration Guide > ACME certificate support .

    5. Change the SSH port from 22 to an uncommon port number, such as, 9922.
    6. Ensure the Idle timeout is under 10 minutes. Five (5) minutes is recommended.

      A setting of 10 minutes or less minimizes the amount of time administrators can remain logged in when away from their computer.

    7. Enable a password policy for admin with the minimum following values:

      Password scopeAdmin
      Minimum length8
      Minimum number of new characters0
      Character requirementsEnable
      Upper case1
      Lower case1

      Number (0-9)

      1

      Special1
      Allow password reuseDisable

      Password expiration

      Disable

    8. Disable VLAN switch mode.
    9. Under Start Up Settings, disable Detect configuration.
    10. Disable Detect firmware.
    11. Click Apply.
    Previous
    Next

    Configuring system settings

    Configuring system settings

    Before configuring system settings, enable the certificates feature.

    To enable certificates:
    1. Go to System > Feature Visibility.
    2. Under Additional Features, enable Certificates, and click Apply.
    To configure system settings:
    1. Go to System > Settings.
    2. Set Time zone to reflect the location of the FortiGate.
    3. Change HTTPS port from 443 to an uncommon port number, such as, 9443.
    4. For HTTPS server certificate, use automated certificate enrollment to leverage the ACME protocol with the Let’s Encrypt service.
      1. Use the dropdown next to HTTPS server certificate to select +Create.
      2. Select Use Let’s Encrypt.
      3. Provide an appropriate name for the certificate.
      4. Set Domain to the public FQDN of the FortiGate.
      5. Set Email to a valid email address.
      6. Select Create.

        7. For further details on the process, see FortiOS 7.0 Administration Guide > ACME certificate support .

    5. Change the SSH port from 22 to an uncommon port number, such as, 9922.
    6. Ensure the Idle timeout is under 10 minutes. Five (5) minutes is recommended.

      A setting of 10 minutes or less minimizes the amount of time administrators can remain logged in when away from their computer.

    7. Enable a password policy for admin with the minimum following values:

      Password scopeAdmin
      Minimum length8
      Minimum number of new characters0
      Character requirementsEnable
      Upper case1
      Lower case1

      Number (0-9)

      1

      Special1
      Allow password reuseDisable

      Password expiration

      Disable

    8. Disable VLAN switch mode.
    9. Under Start Up Settings, disable Detect configuration.
    10. Disable Detect firmware.
    11. Click Apply.
    Previous
    Next