It is recommended that a clean installation is performed on all devices:

• Upgrade to the latest versions.
• Download firmware from the Fortinet Support site and validate the file hash using SHA512.
• Format the device's flash and perform a clean install. See Technical Tip: Loading a FortiGate firmware image using TFTP.
• After completing the TFTP firmware reload, proceed to format the disk partition. See Technical Tip: Standard procedure to format a FortiGate Log Disk.

Fortinet does not recommend using the existing configuration:

• Restore the configuration from a known good backup or create a clean configuration validating the content.
• Reset all admin, local users, and VPN users' credentials.
• Reset RADIUS secrets and IPSEC PSKs.
• Replace certificates and revoke the potentially stolen ones.
• Change the GUI administrative access to a non-default port.
• Restrict logins to trusted hosts. See System administrator best practices - FortiGate documentation.
• Disable administrative access to any external (Internet-facing) interface.
• Perform administrative tasks over an out-of-band network.
• Implement 2FA.
• Change the LDAP user credentials used for FortiGate LDAP authentication.
• Implement the recommendations in the FortiOS hardening guide.
• Upgrade FortiOS to the latest firmware right after restoration. Avoid running on a vulnerable version after the restoration.

Related article:

Technical Tip: Collect Indicators of Compromise (IoC) debugs on a FortiGate (VDOM and non-VDOM) manu...