Fortigate - Disable auto USB installation - 'image'

Information

If USB installation is enabled, an attacker with physical access to a FortiGate could load a new configuration or firmware on the FortiGate using the USB port.

Solution

You can disable USB installation by entering the following from the CLI:

config system auto-install
set auto-install-config disable
set auto-install-image disable
end

See Also

https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7

Plugin: FortiGate

Control ID: 86ee80f7972ab2943bb9253afddd324855ab55e13d5846a19eda97d892f5a5e1