Basic Optimization

config system global
set admin-https-ssl-versions tlsv1-3
set admin-https-redirect enable
set admintimeout 60
set autorun-log-fsck enable
set gui-date-format dd/MM/yyyy
set gui-theme mariner
set gui-firmware-upgrade-warning disable
set gui-ipv6 disable
set tcp-option disable
set timezone 26
unset alias
end
config system email-server
set server "notification.fortinet.net"
set port 465
set security smtps
end
config system replacemsg-group
purge
y
end
config system auto-install
set auto-install-config disable
set auto-install-image disable
end
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set auto-firmware-upgrade-day sunday
set auto-firmware-upgrade-delay 0
end
config system settings
set gui-implicit-policy disable
set gui-multicast-policy disable
set gui-dns-database disable
end
config system admin
edit readadmin
set trusthost1 37.200.100.219 255.255.255.255
unset trusthost2
unset trusthost3
unset trusthost4
unset trusthost5
unset trusthost6
unset trusthost7
unset trusthost8
set accprofile "super_admin"
end
config system dns
set protocol cleartext
end
config system ntp
set ntpsync enable
set type custom
config ntpserver
edit 1
set server "time.cloudflare.com"
end
set server-mode enable
set interface "lan"
end
config log fortiguard setting
set status enable
set upload-option realtime
end

Optimiertes Dashboard Layout

FortiGate 40F

config system admin
edit "admin"
config gui-dashboard
delete 1
delete 2
delete 3
delete 4
delete 5
delete 6
delete 7
delete 8
delete 9
delete 10
delete 11
delete 12
delete 13
delete 14
delete 15
delete 16
delete 17
delete 18
delete 19
delete 20
delete 21
delete 22
delete 23
delete 24
edit 1
set name "Status"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type device-inventory
set x-pos 3
set width 1
set height 1
set table-visualization "charts"
set device-list-view-type "hardware_vendor"
next
edit 5
set type tr-history
set x-pos 4
set width 4
set height 1
set interface "wan"
next
edit 6
set type fortiview
set x-pos 5
set width 4
set height 1
set fortiview-type "destination"
set fortiview-sort-by "bytes"
set fortiview-timeframe "realtime"
set fortiview-visualization "table"
next
edit 7
set type fortiview
set x-pos 6
set width 4
set height 1
set fortiview-type "policy"
set fortiview-sort-by "bytes"
set fortiview-timeframe "realtime"
set fortiview-visualization "table"
next
edit 8
set type fortiview
set x-pos 7
set width 4
set height 1
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "day"
set fortiview-visualization "table"
next
edit 9
set type ipsec-vpn
set x-pos 8
set width 4
set height 1
next
end
end
end
end

FortiGate 60F und aufwärts

config system admin
edit "admin"
config gui-dashboard
delete 1
delete 2
delete 3
delete 4
delete 5
delete 6
delete 7
delete 8
delete 9
delete 10
delete 11
delete 12
delete 13
delete 14
delete 15
delete 16
delete 17
delete 18
delete 19
delete 20
delete 21
delete 22
delete 23
delete 24
edit 1
set name "Status"
set vdom "root"
set permanent enable
config widget
edit 1
set width 1
set height 1
next
edit 2
set type licinfo
set x-pos 1
set width 1
set height 1
next
edit 3
set type forticloud
set x-pos 2
set width 1
set height 1
next
edit 4
set type device-inventory
set x-pos 3
set width 1
set height 1
set table-visualization "charts"
set device-list-view-type "hardware_vendor"
next
edit 5
set type tr-history
set x-pos 4
set width 4
set height 1
set interface "wan1"
next
edit 6
set type tr-history
set x-pos 4
set width 4
set height 1
set interface "wan2"
next
edit 7
set type fortiview
set x-pos 5
set width 4
set height 1
set fortiview-type "destination"
set fortiview-sort-by "bytes"
set fortiview-timeframe "realtime"
set fortiview-visualization "table"
next
edit 8
set type fortiview
set x-pos 6
set width 4
set height 1
set fortiview-type "policy"
set fortiview-sort-by "bytes"
set fortiview-timeframe "realtime"
set fortiview-visualization "table"
next
edit 9
set type fortiview
set x-pos 7
set width 4
set height 1
set fortiview-type "systemEvents"
set fortiview-sort-by "eventLevel"
set fortiview-timeframe "day"
set fortiview-visualization "table"
next
edit 10
set type ipsec-vpn
set x-pos 8
set width 4
set height 1
next
end
end
end
end

CWA allow Rule

Diese Policy muss am ende ganz nach oben gereiht werden 
config firewall service custom

edit "CWA"
    set category "Remote Access"
    set color 16
    set fqdn "dashboard.automate-it.pro"
    set tcp-portrange 8040-8041 443 80
    set udp-portrange 75
end

config firewall address

edit "CWA"
    set type fqdn
    set color 16
    set fqdn "dashboard.automate-it.pro"
end

config firewall policy

edit 500
    set name "CWA"
    set srcintf "lan"
    set dstintf "wan"
    set action accept
    set srcaddr "all"
    set dstaddr "CWA"
    set schedule "always"
    set service "CWA"
    set nat enable
end

SIP QoS

Die IP-Range der Telefone gehört unter Addresses angepasst und die Policy über die Internet gelegt 
config firewall address
edit "ip-phones"
set type iprange
set start-ip 192.168.0.160
set end-ip 192.168.0.169
end

config firewall shaper traffic-shaper
edit "voip-qos"
set guaranteed-bandwidth 512
set maximum-bandwidth 2000
set diffserv enable
set diffservcode 101110
end

config firewall shaping-policy
edit 5060
set name "voip-qos"
set service "SIP"
set app-category 3
set srcintf "lan"
set dstintf "wan1"
set traffic-shaper "voip-qos"
set traffic-shaper-reverse "voip-qos"
set srcaddr "ip-phones"
set dstaddr "all"
end

config firewall policy
edit 5060
set name "internet-voip"
set srcintf "lan"
set dstintf "wan1"
set action accept
set srcaddr "ip-phones"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set inspection-mode proxy
set ssl-ssh-profile "certificate-inspection"
set application-list "default"
set voip-profile "default"
set logtraffic all
set nat enable
end