Chapter 10 Install and System Administration for FortiOS 5.0 : Best practices : Security
  
Security
Use NTP to synchronize time on the FortiGate and the core network systems, such as email servers, web servers, and logging services.
Enable log rules to match corporate policy. For example, log administration authentication events and access to systems from untrusted interfaces.
Minimize adhoc changes to live systems, if possible, to minimize interruptions to the network. When not possible, create backup configurations and implement sound audit systems using FortiAnalyzer and FortiManager.
If you only need to allow access to a system on a specific port, limit the access by creating the strictest rule possible.
See Also
Best practices