• Enable administrative access only to the network interfaces (located in System > Network > Interface) through which legitimate FortiMail administrators will connect.

• Restrict administrative access to trusted hosts/networks (located in System > Administrator > Administrator) from which legitimate FortiMail administrators will connect.

• Create additional system- and domain-level administrators with limited permissions for less-demanding management tasks.

• Administrator passwords should be at least six characters long, use both numbers and letters, and be changed regularly. Administrator passwords can be changed by going to System > Administrator > Administrator and selecting the Edit icon for the login to be modified.

• If your FortiMail unit has an LCD panel, restrict access to the control buttons and LCD by requiring a personal identification number (PIN, located in System > Configuration > Options).

• Do not increase the administrator idle time-out (located in System > Configuration > Options) from the default of five minutes.

• Verify that the system time and time zone (located in System > Configuration > Time) are correct. Many features, including FortiGuard updates, SSL connections, log timestamps and scheduled reports, rely on a correct system time.