Fortinet black logo

Best Practices

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
6.0.0

Administrative settings

Administrative settings

The following general administrative settings are recommended:

  • Set the idle timeout time for administrators to a low value, preferably less that ten minutes.

  • Use non-standard HTTPS and SSH ports for administrative access.

  • Disable weak encryption protocols.

  • Replace the certificate that is offered for HTTPS access with a trusted certificate that has the FQDN or IP address of the FortiGate.

  • Configure the Fortinet Security Fabric when multiple FortiGates and fabric devices are used. It provides a single-pane-of-glass administration, allowing administrators access to each device in the fabric using SSO.

    A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet fabric devices. A maximum of 35 downstream FortiGates is recommended.

Note

In FortiOS 7.4.1, as part of improvements to reducing memory usage, FortiGate models with 2 GB RAM cannot be the root of the Security Fabric topology or any mid-tier part of the topology. They can only be configured as downstream devices in a Security Fabric or standalone devices.

To use FortiGate models with 2 GB RAM as a Fabric root, upgrade to FortiOS 7.4.2 or later, which supports up to five downstream devices.

The affected models are the FortiGate 40F, 60E, 60F, 80E and 90E series devices and their variants.

Note

The maintainer account has been removed in FortiOS 7.2.4 and later.
Previous
Next

Administrative settings

The following general administrative settings are recommended:

  • Set the idle timeout time for administrators to a low value, preferably less that ten minutes.

  • Use non-standard HTTPS and SSH ports for administrative access.

  • Disable weak encryption protocols.

  • Replace the certificate that is offered for HTTPS access with a trusted certificate that has the FQDN or IP address of the FortiGate.

  • Configure the Fortinet Security Fabric when multiple FortiGates and fabric devices are used. It provides a single-pane-of-glass administration, allowing administrators access to each device in the fabric using SSO.

    A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet fabric devices. A maximum of 35 downstream FortiGates is recommended.

Note

In FortiOS 7.4.1, as part of improvements to reducing memory usage, FortiGate models with 2 GB RAM cannot be the root of the Security Fabric topology or any mid-tier part of the topology. They can only be configured as downstream devices in a Security Fabric or standalone devices.

To use FortiGate models with 2 GB RAM as a Fabric root, upgrade to FortiOS 7.4.2 or later, which supports up to five downstream devices.

The affected models are the FortiGate 40F, 60E, 60F, 80E and 90E series devices and their variants.

Note

The maintainer account has been removed in FortiOS 7.2.4 and later.
Previous
Next