Fortinet black logo

Administration Guide

System security tuning

System security tuning

  • Enable administrative access only to the network interfaces (located in System > Network > Interface) through which legitimate FortiMail administrators will connect.
  • Restrict administrative access to trusted hosts/networks (located in System > Administrator > Administrator) from which legitimate FortiMail administrators will connect.
  • Create additional system- and domain-level administrators with limited permissions for less-demanding management tasks.
  • Administrator passwords should be at least six characters long, use both numbers and letters, and be changed regularly. Administrator passwords can be changed by going to System > Administrator > Administrator and selecting the Edit icon for the login to be modified.
  • If your FortiMail unit has an LCD panel, restrict access to the control buttons and LCD by requiring a personal identification number (PIN, located in System > Configuration > Option).
  • Do not increase the administrator idle time-out (located in System > Configuration > Option) from the default of five minutes.
  • Verify that the system time and time zone (located in System > Configuration > Time) are correct. Many features, including FortiGuard updates, SSL connections, log timestamps and scheduled reports, rely on a correct system time.

System security tuning

  • Enable administrative access only to the network interfaces (located in System > Network > Interface) through which legitimate FortiMail administrators will connect.
  • Restrict administrative access to trusted hosts/networks (located in System > Administrator > Administrator) from which legitimate FortiMail administrators will connect.
  • Create additional system- and domain-level administrators with limited permissions for less-demanding management tasks.
  • Administrator passwords should be at least six characters long, use both numbers and letters, and be changed regularly. Administrator passwords can be changed by going to System > Administrator > Administrator and selecting the Edit icon for the login to be modified.
  • If your FortiMail unit has an LCD panel, restrict access to the control buttons and LCD by requiring a personal identification number (PIN, located in System > Configuration > Option).
  • Do not increase the administrator idle time-out (located in System > Configuration > Option) from the default of five minutes.
  • Verify that the system time and time zone (located in System > Configuration > Time) are correct. Many features, including FortiGuard updates, SSL connections, log timestamps and scheduled reports, rely on a correct system time.