Audit web facing administration interfaces. By default, FortiGate logs all deny actions. You can check these actions by going to Log & Report > Event Log > System. This default behavior should not be changed. Also secure log files in a central location such as FortiCloud and configure alert email which provides an efficient and direct method of notifying an administrator of events. You can configure log settings by going to Log & Report > Log Config.
An auditing schedule should be established to routinely inspect logs for signs of intrusion and probing.