Top Requirements to Set Up Your Fortinet Firewall

Had my third coffee there—so let’s bang this out. If you’ve been in IT as long as I have (I started as a network admin back in ’93), then you know that firewalls aren’t just a checkbox on a compliance audit. They are the backbone of server security. And yet, so many businesses still get the basics wrong.

For most of my career, I’ve been in the business of securing networks — from well after the worm called Slammer inflamed the late 2000s (that was a doozy) to working with banks last month to overhaul their zero-trust architectures. And if I’ve learned anything, it’s that a firewall is only as good as its configuration.

So let’s dig into the essential Fortinet firewall settings today which will keep your servers safe from cyber attacks.

Do You Know Why Proper Firewall Settings Matter

Here’s the thing — your firewall is not this mystical box behind which hackers can’t touch you. Most firewalls are not configured for security out-of-the-box. These require customization as they:

• Implement access control before the attack on your web servers.
• Log and monitor suspicious traffic, so you know when something is amiss.
• Segment networks to limit potential harm if an intruder does access a network.

Misconfigurations spell disaster. Too many times: Businesses get a Fortinet firewall, throw it up, assume the default settings are good enough, and a few months later they’re compensating on data breaches or ransomware.

Don’t be that company.

Important Fortinet Firewall Settings

Okay, let’s talk nuts and bolts. In this article, we will discuss the required Fortinet firewall settings for every business.

1. Disable Services and Interfaces You Don’t Use

An essential class yet overlooked step. Firewalls such as Fortinet ship by default with lots of features. Some of them? You’ll never use.

• If you don’t need an interface, bring it down.
• Restrict administrative access from untrusted networks
• Disable services such as Telnet (don’t use Telnet anyways, it is a bad practice; SSH exists for a reason).

2. Enforce Geo-IP Restrictions

Does it matter if you have traffic from every country? Probably not. Geo-IP filtering can help limit traffic coming from high-risk geo-political regions and significantly reduce your attack surface.

I’ve done this for clients several times, and every time, the volume of malicious traffic blocked was jaw-dropping.

3. Establish Robust Access Controls & Firewall Policies

We don’t just use firewalls to block external attacks.

• Implement role-based access controls (RBAC). Access should never be more than what’s needed.
• Implement least privilege, particularly for SSH & RDP
• Ensure you have explicit deny rules for all traffic not needed (no allow all anywhere).

4. Scale Perf Data Up To October 2023

Fortinet’s SSL Deep Inspection allows you to view the encrypted traffic. Sounds invasive? Maybe. Necessary? Absolutely.

In fact, much modern malware is hiding inside HTTPS sessions — if you aren’t inspecting that traffic, you’re blind to threats inside your own network.

Tip: Whitelist only necessary domains for SSL exemptions or perform cert validation to prevent breakage.

5. Develop Basic Monitoring & Alerts

The logging everywhere is one of the first things I do on firewall setup. Because if you don’t log it — it didn’t happen.

• Setup remote logging to a secured SIEM
• Set up real-time anomaly alerts (which is something ForteAnalytics does pretty well).
• Use log retention policy—critical for compliance-heavy sectors—like banking.

6. Deploy an Intrusion Prevention System (IPS)

IPS is an absolute must. Fortinet’s FortiGuard IPS is designed to block known exploits before they ever reach your servers. Configuration must-haves:

• Deploy IPS profiles on internet-facing interfaces.
• Enable signature & anomaly detection.
• Regularly update IPS signatures: signatures become outdated very quickly and they’re useless unless you’re keeping them up to date.

Best Practices for Security

Beyond simply configuring the firewall, you require habits and policies that will keep your security unmoving.

• Regular Firmware Updates – You installed a FortiGate last year? Doesn’t matter—update. Old firmware = vulnerabilities known and waiting to be exploited.
• Protect Admin Access with MFA — The management interface of your firewall needs to be protected with MFA. Always.
• Zero Trust Where Applicable — Trust must be earned by every device, user and connection.
• Automate Security Audits – Without the regular auditing your firewall config, attackers will exploit your gaps before you do.

One of my clients thought their firewall was properly configured—they had an open RDP port hanging live on the internet. We discovered it in a routine review, just in time. Mistakes like this are costing businesses millions every year.

Configuration Services for PJ Networks

Firewall security doesn’t come second at PJ Networks — it’s pivotal.

Our work has ranged from providing robust firewall configurations for startups to providing modern firewalls for three major banks.

What We Offer:

• Fortinet Firewall Hardening.
• Design of zero-trust network architecture
• Continuous firewall monitoring & SIEM deployment
• Firewall compromise incident response.

Every deployment we build is designed specifically for your business—because there are no two networks. Security is never a one size fits all solution.

Conclusion

Look, I get it. Doing firewalls right isn’t easy — then again, neither is recovering from a ransomware attack.

Avoiding security today is an expense tomorrow. And believe me — you don’t want to be the business that is scrambling to remedy a breach once had occurred.

So if you find that your Fortinet firewall isn’t hardened, secured, and monitored, now’s the time to make it right.

Lock down your infrastructure now — before your enemies pick them apart for you.