Fortinet Document Library

Version:

Version:


Table of Contents

Deploying FortiAuthenticator on AWS

About FortiAuthenticator for AWS

Related Videos

Deploying FortiAuthenticator in AWS

  • 1,388 views
  • 1 years ago
Download PDF
Copy Link

Connecting to FortiAuthenticator

To connect to the FortiAuthenticator-VM instance, you require the instance's elastic IP address, the key pair, and an SSH client.

Reviewing the FortiAuthenticator instance state

After launching the FortiAuthenticator-VM instance from the AWS Marketplace or EC2 Management Console, navigate to the EC2 Management Console and view the list of instances to confirm that the instance is provisioned and powered up. Take note of the instance's public IP address.

Connecting to FortiAuthenticator using SSH and key pair from a Linux environment

  1. Using SSH, initiate a connection to the FortiAuthenticator-VM with the following command:
    ssh -i "<keypair_file_location>" admin@<public_IP>

For additional information on connecting to your instance from a Linux environment, see Connecting to Your Linux Instance Using SSH.

Connecting to FortiAuthenticator using SSH and key pair from a Windows environment

This section details how to connect to the FortiAuthenticator-VM using PuTTY, a free SSH client. You can download and install PuTTY from the PuTTY download page. PuTTY does not support the private key format (.pem) provided by AWS. Before you can connect to the FortiAuthenticator instance, you must convert your private key to (.ppk) format required by PuTTY. For more information, see Convert Your Private Key Using PuTTYgen.

  1. Open PuTTY.
  2. In the Category pane, expand Connection, expand SSH, and then click Auth.
  3. Click Browse , select the .ppk file for your key pair, and then click Open.
  4. In the Category pane, click Session.
  5. For Host Name (or IP address), type admin@<ip_address>.
  6. Ensure Port is set to 22.

  7. Click Open.
  8. PuTTY displays a security alert that asks whether you trust the host you are connecting to. Click Yes.
    The PuTTY SSH terminal window opens.

For additional information on connecting to your FortiAuthenticator-VM instance from a Windows environment, see Connecting to Your Linux Instance from Windows Using PuTTY.

Change the FortiAuthenticator administrator password

Fortinet recommends changing the default admin password after successfully connecting to the FortiAuthenticator-VM. To change the admin password, execute the following command in the open SSH session:

execute restore-admin <new_password>

Configure FortiAuthenticator to allow access the UI

To enable access to the FortiAuthenticator UI, execute the following commands in the open SSH session:

config system global

set allowed-hosts <public_IP>

end


Connect to FortiAuthenticator UI

  1. In a web browser, navigate to https://<public_IP>.
  2. When you connect, your web browser might display a security warning related to the certificate not being trusted. This warning is normal and is due to the certificate being self-signed, rather than being signed by a valid certificate authority. Verify and accept the certificate, either permanently or temporarily, and proceed to https://<public_IP>.
  3. On the Login page, for Username, enter admin. For Password, enter the administrator password selected when you first connected to the FortiAuthenticator-VM.
  4. Click Login.

Related Videos

Deploying FortiAuthenticator in AWS

  • 1,388 views
  • 1 years ago

Connecting to FortiAuthenticator

To connect to the FortiAuthenticator-VM instance, you require the instance's elastic IP address, the key pair, and an SSH client.

Reviewing the FortiAuthenticator instance state

After launching the FortiAuthenticator-VM instance from the AWS Marketplace or EC2 Management Console, navigate to the EC2 Management Console and view the list of instances to confirm that the instance is provisioned and powered up. Take note of the instance's public IP address.

Connecting to FortiAuthenticator using SSH and key pair from a Linux environment

  1. Using SSH, initiate a connection to the FortiAuthenticator-VM with the following command:
    ssh -i "<keypair_file_location>" admin@<public_IP>

For additional information on connecting to your instance from a Linux environment, see Connecting to Your Linux Instance Using SSH.

Connecting to FortiAuthenticator using SSH and key pair from a Windows environment

This section details how to connect to the FortiAuthenticator-VM using PuTTY, a free SSH client. You can download and install PuTTY from the PuTTY download page. PuTTY does not support the private key format (.pem) provided by AWS. Before you can connect to the FortiAuthenticator instance, you must convert your private key to (.ppk) format required by PuTTY. For more information, see Convert Your Private Key Using PuTTYgen.

  1. Open PuTTY.
  2. In the Category pane, expand Connection, expand SSH, and then click Auth.
  3. Click Browse , select the .ppk file for your key pair, and then click Open.
  4. In the Category pane, click Session.
  5. For Host Name (or IP address), type admin@<ip_address>.
  6. Ensure Port is set to 22.

  7. Click Open.
  8. PuTTY displays a security alert that asks whether you trust the host you are connecting to. Click Yes.
    The PuTTY SSH terminal window opens.

For additional information on connecting to your FortiAuthenticator-VM instance from a Windows environment, see Connecting to Your Linux Instance from Windows Using PuTTY.

Change the FortiAuthenticator administrator password

Fortinet recommends changing the default admin password after successfully connecting to the FortiAuthenticator-VM. To change the admin password, execute the following command in the open SSH session:

execute restore-admin <new_password>

Configure FortiAuthenticator to allow access the UI

To enable access to the FortiAuthenticator UI, execute the following commands in the open SSH session:

config system global

set allowed-hosts <public_IP>

end


Connect to FortiAuthenticator UI

  1. In a web browser, navigate to https://<public_IP>.
  2. When you connect, your web browser might display a security warning related to the certificate not being trusted. This warning is normal and is due to the certificate being self-signed, rather than being signed by a valid certificate authority. Verify and accept the certificate, either permanently or temporarily, and proceed to https://<public_IP>.
  3. On the Login page, for Username, enter admin. For Password, enter the administrator password selected when you first connected to the FortiAuthenticator-VM.
  4. Click Login.