Fortinet black logo

AWS Administration Guide

Connecting to the FortiGate-VM

Copy Link
Copy Doc ID 9e3b59dc-ba0b-11e9-a989-00505692583a:828256
Download PDF

Connecting to the FortiGate-VM

To connect to the FortiGate-VM, you need your login credentials, the FortiGate-VM's EIP, SSH client, and an FTP server.

The default username is admin and the default password is the instance ID.

  1. You can find the public IP address in the EC2 management console. Select Instances and look at the Public IP field in the lower pane.

  2. Each public IP address in China should obtain an ICP license. Otherwise it cannot be visited by ports 80, 443, and 8080. You cannot initially access the FortiGate-VM web GUI via the default HTTPS port. You can access the FortiGate-VM via SSH, then upload a BYOL license to the FortiGate-VM via FTP or TFTP. After activating the FortiGate-VM, you can modify the default admin HTTPS port to any port, such as 8443. Then you can navigate to the FortiGate-VM via https://<FortiGate-VM EIP>:8443.

    The default password is the instance ID as seen below.

  3. Set up an FTP/TFTP server and ensure the FortiGate can log onto and download a BYOL license from it.
  4. On the FortiGate, use one of the following CLI commands to restore the VM license.

    exec restore vmlicense tftp <license file name> <IP address>

    exec restore vmlicense ftp <license name (path) on the remote server> <ftp server address>[:ftp port]

    If the license installation is successful, the FortiGate-VM reboots automatically. After it restarts, log in.

  5. Change the default port to any port, such as 8443. Do not use ports 443, 8080, or 80.

  6. You will now see the FortiGate-VM dashboard. Depending on your license type, the information in the license widget on the dashboard may vary.

  7. Select Network > Interfaces, and edit the interfaces, if required. If the IP address or subnet mask is missing for port 1 or port 2, configure these values.

Connecting to the FortiGate-VM

To connect to the FortiGate-VM, you need your login credentials, the FortiGate-VM's EIP, SSH client, and an FTP server.

The default username is admin and the default password is the instance ID.

  1. You can find the public IP address in the EC2 management console. Select Instances and look at the Public IP field in the lower pane.

  2. Each public IP address in China should obtain an ICP license. Otherwise it cannot be visited by ports 80, 443, and 8080. You cannot initially access the FortiGate-VM web GUI via the default HTTPS port. You can access the FortiGate-VM via SSH, then upload a BYOL license to the FortiGate-VM via FTP or TFTP. After activating the FortiGate-VM, you can modify the default admin HTTPS port to any port, such as 8443. Then you can navigate to the FortiGate-VM via https://<FortiGate-VM EIP>:8443.

    The default password is the instance ID as seen below.

  3. Set up an FTP/TFTP server and ensure the FortiGate can log onto and download a BYOL license from it.
  4. On the FortiGate, use one of the following CLI commands to restore the VM license.

    exec restore vmlicense tftp <license file name> <IP address>

    exec restore vmlicense ftp <license name (path) on the remote server> <ftp server address>[:ftp port]

    If the license installation is successful, the FortiGate-VM reboots automatically. After it restarts, log in.

  5. Change the default port to any port, such as 8443. Do not use ports 443, 8080, or 80.

  6. You will now see the FortiGate-VM dashboard. Depending on your license type, the information in the license widget on the dashboard may vary.

  7. Select Network > Interfaces, and edit the interfaces, if required. If the IP address or subnet mask is missing for port 1 or port 2, configure these values.