Products
FortiGate
FortiGate v3.0
FortiGate v4.0
Description
This article describes FortiGate administrative access security best practices.
For security reasons you may opt to change the administrative lockout duration to a higher value (listed in seconds) or
change the lockout threshold to a lower value (attempts).
Solution
For example, if you changed the lockout threshold to 1, with a lockout duration of 120 seconds, if someone entered an
incorrect user name and password once they would have to wait 120 seconds before they could attempt to enter again
the user name and password.
It is best practice to only allow external access to the device when needed (system->network). If you need to keep this
access "open", if possible assign trusted hosts (system->admin) to the account so that only users coming from those
specific IP's can access. If you are unable to do either of the last two, you may opt to change the default port for access
to a non-standard port (port scanners usually do not scan high value ports) to help secure the device (system->admin-
>settings).
To Summarize:
Related Articles
Configuring Administrator access to a FortiGate unit using Trusted Hosts
http://kb.fortinet.com/kb/viewContent.do?externalId=FD30016&sliceId=1 31/01/2011