Solutions

FortiGate firewall hardening

Use this page for management-plane and baseline review: admin exposure, trusted hosts, interface management settings, certificates, and operational drift.

View Sample Reports View Security & Trust

Example hardening checks

Actual hardening areas shown in the sample engineer report

MFA charm representing administrator authentication hardening.

Administrator admin lacks MFA or approved external authentication

Administrative authentication is checked directly, including whether local administrator accounts still lack MFA or an approved external authentication path.

Shield charm representing default admin hardening review.

Default administrator account admin is still enabled

The sample report shows this as a concrete hardening finding rather than a generic recommendation.

Configuration charm representing trusted-host hardening.

Restrict administrator logins to trusted hosts

Trusted-host restrictions are reviewed so management access is not left open to wider source ranges than intended.

Risk finding charm representing password policy hardening.

Enforce a strong administrator password policy

The sample engineer report also checks whether the administrative password policy is enabled and enforcing expected complexity.

Report output charm representing interface management exposure.

The device exposes HTTP or Telnet management on interfaces

Management-plane exposure on interfaces is reviewed so insecure protocols are not left enabled for administration.

Configuration charm representing certificate expiry review.

Certificates expiring within 30 days

Certificate lifecycle is also covered, which helps teams catch operational security issues before they become an outage or a review finding.

What this review is looking for

Hardening is mostly about management exposure and baseline drift

MFA charm representing admin access drift.

Admin access drift

The sample findings show where MFA, trusted-host restrictions, or default-admin hygiene no longer match the intended management baseline.

Report output charm representing management-plane exposure.

Management-plane exposure

Hardening review is not only about firewall rules. Interface management settings such as HTTP or Telnet exposure matter directly.

Configuration file charm representing baseline drift.

Baseline drift over time

Certificate expiry, missing HA, and similar operational signals show how a once-acceptable baseline can drift into a review finding.

Why this matters

Hardening only holds if it is reviewed repeatedly

Hardening drifts through operational change, inherited rules, and support shortcuts.

ConfigSentry helps teams rerun the review and see whether management-plane controls, logging, and baseline settings are improving.

  • Reduce management-plane exposure
  • Review logging and policy hygiene together
  • Track change against a clearer baseline

Next step

Inspect the hardening output, then review the trust model

Use the sample reports to judge the finding format, then review the handling page if the next question is about sensitive configuration data.

View Sample ReportsReview Security & Trust