This article explains how to disable any non-essential features for a firewall-only FortiGate configuration.
config system global
set wireless-controller disable
end
config system fortiguard
set antispam-force-off enable
set antispam-cache disable
set avquery-force-off enable
set avquery-cache disable
set webfilter-force-off enable
set webfilter-cache disable
end
config webfilter fortiguard
set cache-mem-percent 1
end
config system autoupdate schedule
set status disable
end
config ips global
set socket-size 1
set engine-count 1
end
diagnose test application ipsmonitor 2
config system central-management
set status disable
end
config log memory global-setting
set max-size 65536
end
config system session-helper
delete <id>
end
config system session-ttl
set default 600
config port
edit 0
set protocol 17
set timeout 10
set end-port 53
set start-port 53
next
end
end
config log memory setting
set status disable
end
config log disk setting
set status disable
end