You absolutely MUST harden administrative access on your FortiGate if you want to remain secure and prepared. There are a lot of ways to help reduce the attack surface and make things as secure as possible.
- Remove Administrative Access from any interface that absolutely is NOT necessary.
- Remove the default admin account and create non-standard ones
- Add Trusted Hosts to your administrative accounts
- Add multi-factor authentication to your admin accounts
- Utilize Local-In-Policy configurations to shrink your attack surface