- Fortigate - AAA - LDAP server is trusted
- Fortigate - AAA - RADIUS server is trusted
- Fortigate - AAA - TACACS+ server is trusted
- Fortigate - Admin access - trusted hosts
- Fortigate - Admin password lockout >= 300 seconds
- Fortigate - Admin password lockout threshold - '1-3'
- Fortigate - Admin SCP - 'disabled'
- Fortigate - Alert Emails - 'admin address'
- Fortigate - Antispam License - Not Expired
- Fortigate - Auto backup is configured - 'FortiManager'
- Fortigate - AV Grayware
- Fortigate - AV Heuristic - 'block'
- Fortigate - AV License - Not Expired
- Fortigate - Close port TCP 113 on external interface
- Fortigate - Disable auto USB installation - 'config'
- Fortigate - Disable auto USB installation - 'image'
- Fortigate - Disable insecure services - HTTP
- Fortigate - Disable insecure services - TELNET
- Fortigate - Disable SSHv1 admin access
- Fortigate - DNS - primary server
- Fortigate - DNS - secondary server
- Fortigate - Does not use self-signed certificate - 'admin'
- Fortigate - Does not use self-signed certificate - 'user'
- Fortigate - Enable logs of failed connection attempts
- Fortigate - Encrypt logs sent to FortiAnalyzer/FortiManager
- Fortigate - Ensure default admin usernames are not used
- Fortigate - External Logging - 'fortianalyzer'
- Fortigate - External Logging - 'fortianalyzer2'
- Fortigate - External Logging - 'fortianalyzer3'
- Fortigate - External Logging - 'syslog2'
