Hardening the Fortinet
I have been working on the Security Fabric -Security Rating area. It covers all aspects of hardening down your Fortinet.
1.) Setup the Wireless Access Points to be outward facing. They can’t access the internal network.
2.) I moved the TV and other AV components to a separate subnet and interface and made it outward facing only.
3.) Interfaces: Remove everything including ping from WAN1 and WAN2. This will prevent anyone from the outside access to the admin console.
4.) Removing unused policies and created new policy groups based on interfaces.
5.) Setting up IPv6 policies.
Only allow HTTPS and SSH on the other interfaces. System – Settings: Choose redirect to https.
6.) System – Settings: Change the https port to something other than 443.
7.) Fortinet has 2FA on administrator users
8.) SSH 2FA on all Ubuntu servers
9.) Configuring IPV6 on all interfaces and WAP SSIDs