System security tuning
- Enable administrative access only to the network interfaces (located in System > Network > Interface) through which legitimate FortiMail administrators will connect.
- Restrict administrative access to trusted hosts/networks (located in System > Administrator > Administrator) from which legitimate FortiMail administrators will connect.
- Create additional system- and domain-level administrators with limited permissions for less-demanding management tasks.
- Administrator passwords should be at least six characters long, use both numbers and letters, and be changed regularly. Administrator passwords can be changed by going to System > Administrator > Administrator and selecting the Edit icon for the login to be modified.
- If your FortiMail unit has an LCD panel, restrict access to the control buttons and LCD by requiring a personal identification number (PIN, located in System > Configuration > Option).
- Do not increase the administrator idle time-out (located in System > Configuration > Option) from the default of five minutes.
- Verify that the system time and time zone (located in System > Configuration > Time) are correct. Many features, including FortiGuard updates, SSL connections, log timestamps and scheduled reports, rely on a correct system time.