Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Connecting to the master FortiGate-VM instance

To connect to the master FortiGate-VM instance, you will need:

  • a login URL
  • a username (admin)
  • a password (the InstanceID of the master FortiGate-VM instance)

Deployments with both BYOL and PAYG instances, also need the scalingGroupName of the master FortiGate-VM. This name is listed in the master record. For details on how to locate the master record, refer to the end of the section Verifying the deployment.

To obtain the password:

The initial password for all FortiGate-VM instances is the instanceID of the master FortiGate-VM. This instanceID is stored in the master record and in the DynamoDB table <ResourceTagPrefix>-Settings.

For details on how to locate the master record, refer to the end of the section Verifying the deployment.

For details on locating the DynamoDB table <ResourceTagPrefix>-Settings, refer to the section Locating deployed resources.

Initial password

Note

As the master FortiGate-VM propagates the password to all secondary FortiGate-VM instances, this is the initial password for all FortiGate-VM instances.

You will need this initial password if failover occurs prior to the password being changed, as the newly elected master FortiGate-VM will still have the initial password of the previous master.

To construct the login URL of the master FortiGate-VM instance:
  1. Look up the Auto Scaling group(s) as described in steps 6-8 of the section To verify the Auto Scaling group:.
  2. Select the Auto Scaling group that contains the master instance. If you have more than one instance type, two groups will be listed. The group containing the master instance is the group with the scalingGroupName listed in the master record.

    Open the master instance

  3. In the lower pane, select the Instances tab and then click the master instance. This is the instance with the instanceID you obtained in the section To obtain the password:.
  4. Make note of the IPv4 Public IP in the lower pane.

    Obtain the IPv4 Public IP address

  5. Construct a login URL in this way: https://<IPAddress>:<Port>/, where:
    • IPAddress refers to the IPv4 Public IP of the FortiGate-VM.
    • Port refers to the Admin port specified in the section FortiGate-VM configuration.
To connect to the master FortiGate-VM instance:
  1. Open an HTTPS session in your browser and go to the login URL.
    • Your browser will display a certificate error message. This is normal because the default FortiGate-VM certificate is self-signed and not recognized by browsers. Proceed past this error. At a later time, you can upload a publicly signed certificate to avoid this error.

    Login Disclaimer

  2. Log into the master FortiGate-VM instance with the username admin and the instanceID you obtained in the section To obtain the password:.
  3. You are prompted to change the default password at the first-time login. It is recommended that you do so at this time.

    FortiGate change password prompt

    Note

    You should only change the password on the master FortiGate-VM instance. The master FortiGate-VM instance will propagate the password to all slave FortiGate-VMs. Any attempt to change the password on a slave FortiGate-VM is overwritten with the master FortiGate-VM's password.

  4. You will now see the FortiGate-VM dashboard. The information displayed in the license widget of the dashboard depends on your license type.

    FortiGate-VM dashboard

Follow the same steps to log into any other FortiGate-VM in the Auto Scaling group(s) as needed.

Resources

Connecting to the master FortiGate-VM instance

To connect to the master FortiGate-VM instance, you will need:

  • a login URL
  • a username (admin)
  • a password (the InstanceID of the master FortiGate-VM instance)

Deployments with both BYOL and PAYG instances, also need the scalingGroupName of the master FortiGate-VM. This name is listed in the master record. For details on how to locate the master record, refer to the end of the section Verifying the deployment.

To obtain the password:

The initial password for all FortiGate-VM instances is the instanceID of the master FortiGate-VM. This instanceID is stored in the master record and in the DynamoDB table <ResourceTagPrefix>-Settings.

For details on how to locate the master record, refer to the end of the section Verifying the deployment.

For details on locating the DynamoDB table <ResourceTagPrefix>-Settings, refer to the section Locating deployed resources.

Initial password

Note

As the master FortiGate-VM propagates the password to all secondary FortiGate-VM instances, this is the initial password for all FortiGate-VM instances.

You will need this initial password if failover occurs prior to the password being changed, as the newly elected master FortiGate-VM will still have the initial password of the previous master.

To construct the login URL of the master FortiGate-VM instance:
  1. Look up the Auto Scaling group(s) as described in steps 6-8 of the section To verify the Auto Scaling group:.
  2. Select the Auto Scaling group that contains the master instance. If you have more than one instance type, two groups will be listed. The group containing the master instance is the group with the scalingGroupName listed in the master record.

    Open the master instance

  3. In the lower pane, select the Instances tab and then click the master instance. This is the instance with the instanceID you obtained in the section To obtain the password:.
  4. Make note of the IPv4 Public IP in the lower pane.

    Obtain the IPv4 Public IP address

  5. Construct a login URL in this way: https://<IPAddress>:<Port>/, where:
    • IPAddress refers to the IPv4 Public IP of the FortiGate-VM.
    • Port refers to the Admin port specified in the section FortiGate-VM configuration.
To connect to the master FortiGate-VM instance:
  1. Open an HTTPS session in your browser and go to the login URL.
    • Your browser will display a certificate error message. This is normal because the default FortiGate-VM certificate is self-signed and not recognized by browsers. Proceed past this error. At a later time, you can upload a publicly signed certificate to avoid this error.

    Login Disclaimer

  2. Log into the master FortiGate-VM instance with the username admin and the instanceID you obtained in the section To obtain the password:.
  3. You are prompted to change the default password at the first-time login. It is recommended that you do so at this time.

    FortiGate change password prompt

    Note

    You should only change the password on the master FortiGate-VM instance. The master FortiGate-VM instance will propagate the password to all slave FortiGate-VMs. Any attempt to change the password on a slave FortiGate-VM is overwritten with the master FortiGate-VM's password.

  4. You will now see the FortiGate-VM dashboard. The information displayed in the license widget of the dashboard depends on your license type.

    FortiGate-VM dashboard

Follow the same steps to log into any other FortiGate-VM in the Auto Scaling group(s) as needed.