Chapter 11 – Hardening
This document describes a series of techniques used to improve the security of administrative access to a FortiGate device.
The following sections are included:
- Install the FortiGate unit in a physically secure location
- Maintain the firmware
- Add new administrator accounts
- Change the admin account name and limit access to this account
- Only allow administrative access to the external interface when needed
- When enabling remote access, configure Trusted Hosts and Two-factor Authentication
- Change the default administrative port to a non-standard port
- Modify the device name Register with support services Maintain short login timeouts
- Enable automatic clock synchronization
- Enable Password Policy
- Modify administrator account Lockout Duration and Threshold values
- Disable auto installation via USB Configure auditing and logging