Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Acceptance test procedure For FortiGate infrastructure.

Hi community, I am supporting a FortiGate infrastructure managing 36 FSW and several VPN tunnels. Could you help me finding what are the test I need to perform to certificate the system is stable before going to production?   


Hi Juan

Some suggestions (this is just overall):

Physical installation:

  • Check proper rack mounting
  • Clean cabling
  • Cable category
  • Labeling is ok and follows convention
  • Power redundancy
  • ...

Appliance configuration:

  • Check firmware version is mature and recommended
  • Firmware of FGT and FSW is the recommended in compatibility matrix
  • Licensing
  • NTP
  • DNS
  • Access to FortiGuard
  • Signature updates
  • Network interfaces
  • SMTP config
  • SNMP
  • Syslog
  • Mail notification
  • Log settings and retention
  • HA tests
  • No existing alarm
  • ...

Appliance hardening:

  • Check if the latest patch of the used firmware version is installed
  • SSL certificate for GUI access
  • Trusted hosts enabled
  • Password policy enabled
  • Nominative users
  • Users are assigned the right profiles
  • Admin access is disabled on WAN interfaces and DMZ
  • Any unused admin access protocol is disabled
  • Strong cypher
  • ...

Firewall policy:

  • Check rules naming convention
  • Rules are hardened (no any to any, no service any and so)
  • Rules are using security profiles
  • Logging enabled
  • Test if attack is blocked by UTM
  • Test if malware is blocked
  • Perform all possible traffic tests (this will also test the network layer, routing and so)
  • ...


  • Test SSL VPN connection
  • IPsec VPN connection
  • ...


Top Kudoed Authors