{"id":4116,"date":"2019-05-10T04:41:43","date_gmt":"2019-05-10T04:41:43","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4116"},"modified":"2026-04-11T06:55:06","modified_gmt":"2026-04-11T06:55:06","slug":"fortigate-setup-best-practice","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/fortigate-setup-best-practice","title":{"rendered":"Fortigate Setup Best Practice"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.plasmaticsun.com\/blog\/fortigate-best-practices-baseline\">Fortigate best practices baseline \u2014 Plasmatic Sun<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/KevinGuenay\/fortigate-baseline\/blob\/main\/baseline.md#configure-and-use-threat-feeds-for-firewall-and-local-in-policies\">fortigate-baseline\/baseline.md at main \u00b7 KevinGuenay\/fortigate-baseline \u00b7 GitHub<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>config system global<\/strong><br>&nbsp;&nbsp;&nbsp; set admin-telnet disable<br>end<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>adding extended-log for traffic logs. This will enable traffic logs for errors such as missing reverse path (RPF), which greatly helps troubleshooting without having to resort to debug commands.<\/p>\n\n\n\n<p>In FortiOS &lt; 7.4 it was this:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">config log setting\n    set log-invalid-packet enable\nend<\/pre>\n\n\n\n<p>And in 7.4 and newer it was renamed to this:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">config log setting\n    set extended-log enable\nend<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>V7 &#8211; Set Memory HA Failover &#8211; <a href=\"https:\/\/docs.fortinet.com\/document\/fortigate\/7.0.0\/new-features\/823734\/ha-failover-due-to-memory-utilization\" target=\"_blank\" rel=\"noreferrer noopener\">New Features | FortiGate \/ FortiOS 7.0.0 | Fortinet Documentation Library<\/a><\/p>\n\n\n\n<p>Add Interface Bandwidth of Wan port to Dashboard<\/p>\n\n\n\n<p>Enable device detection on LAN interfaces<\/p>\n\n\n\n<p>Proxy based always<\/p>\n\n\n\n<p>Link Monitors for HA Links&nbsp;<\/p>\n\n\n\n<p>Remove Hardware Switch<\/p>\n\n\n\n<p>DOS Policies<\/p>\n\n\n\n<p>Enable Full Logging on every Policu<\/p>\n\n\n\n<p>System-&gt;Settings -&gt; Enable SNMP for Monitoring<\/p>\n\n\n\n<p>If there is an IPSec tunnel, there should be a higher distance blackhole route for all remote prefixes. Check with TSO prior to implementing.<br>https:\/\/community.fortinet.com\/t5\/FortiGate\/Technical-Note-Use-of-Black-hole-route-in-site-to-site-IPsec-VPN\/ta-p\/192526<\/p>\n\n\n\n<p>Activate License and Forticloud<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"334\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007d372a4.png\" alt=\"\" class=\"wp-image-4126 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007d372a4.png 700w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007d372a4-300x143.png 300w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"826\" height=\"456\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/05\/img_627c6efa023d1.png\" alt=\"\" class=\"wp-image-5768 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/05\/img_627c6efa023d1.png 826w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/05\/img_627c6efa023d1-300x166.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2022\/05\/img_627c6efa023d1-768x424.png 768w\" sizes=\"auto, (max-width: 826px) 100vw, 826px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1008\" height=\"644\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500f7d4d55.png\" alt=\"\" class=\"wp-image-4128 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500f7d4d55.png 1008w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500f7d4d55-300x192.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500f7d4d55-768x491.png 768w\" sizes=\"auto, (max-width: 1008px) 100vw, 1008px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"703\" height=\"482\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500a880eac.png\" alt=\"\" class=\"wp-image-4127 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500a880eac.png 703w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500a880eac-300x206.png 300w\" sizes=\"auto, (max-width: 703px) 100vw, 703px\" \/><\/figure>\n\n\n\n<p>Webfilter<\/p>\n\n\n\n<p>Peer-to-peer File Sharing in Bandwidth Consuming Block<\/p>\n\n\n\n<p>Adult Mature &#8211; Monitor Abortion \\ Gambling and Alchol&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"834\" height=\"671\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500732b2c5.png\" alt=\"\" class=\"wp-image-4123 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500732b2c5.png 834w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500732b2c5-300x241.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500732b2c5-768x618.png 768w\" sizes=\"auto, (max-width: 834px) 100vw, 834px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1225\" height=\"852\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500752bbe4.png\" alt=\"\" class=\"wp-image-4125 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500752bbe4.png 1225w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500752bbe4-300x209.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500752bbe4-768x534.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd500752bbe4-1024x712.png 1024w\" sizes=\"auto, (max-width: 1225px) 100vw, 1225px\" \/><\/figure>\n\n\n\n<p><strong>Feature List<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1206\" height=\"847\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd50073e1c47.png\" alt=\"\" class=\"wp-image-4124 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd50073e1c47.png 1206w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd50073e1c47-300x211.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd50073e1c47-768x539.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd50073e1c47-1024x719.png 1024w\" sizes=\"auto, (max-width: 1206px) 100vw, 1206px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1211\" height=\"510\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007218460.png\" alt=\"\" class=\"wp-image-4122 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007218460.png 1211w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007218460-300x126.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007218460-768x323.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2019\/05\/img_5cd5007218460-1024x431.png 1024w\" sizes=\"auto, (max-width: 1211px) 100vw, 1211px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1112\" height=\"802\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/12\/img_61b158ac31fcd.png\" alt=\"\" class=\"wp-image-5437 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/12\/img_61b158ac31fcd.png 1112w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/12\/img_61b158ac31fcd-300x216.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/12\/img_61b158ac31fcd-1024x739.png 1024w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2021\/12\/img_61b158ac31fcd-768x554.png 768w\" sizes=\"auto, (max-width: 1112px) 100vw, 1112px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Fortigate best practices baseline \u2014 Plasmatic Sun fortigate-baseline\/baseline.md at main \u00b7 KevinGuenay\/fortigate-baseline \u00b7 GitHub config system global&nbsp;&nbsp;&nbsp; set admin-telnet disableend adding extended-log for traffic logs. This will [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2962,1251,1250,2961],"class_list":["post-4116","post","type-post","status-publish","format-standard","hentry","category-research","tag-best-practices","tag-fortigate","tag-fortinet","tag-router"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4116"}],"version-history":[{"count":12,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4116\/revisions"}],"predecessor-version":[{"id":9558,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4116\/revisions\/9558"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}