Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Connecting to the FortiGate

To connect to the FortiGate-VM, you need your login credentials, the FortiGate's elastic IP address, SSH client, and an FTP server.

The default username is admin and the default password is the instance ID.

  1. You can find the public IP address in the EC2 Management Console. Select Instances and look at the Public IP field in the lower pane.

  2. Each public IP address in China should obtain an ICP license. Otherwise it cannot be visited by ports 80, 443, and 8080. You cannot initially access the FortiGate web UI via the default HTTPS port. You can access FortiGate via SSH, then uploaded a BYOL license to FortiGate via FTP or TFTP. After activating FortiGate, you can modify the default admin HTTPS port to any port, such as 8443. Then you can navigate to the FortiGate via https://<FortiGate elastic IP address>:8443.

    The default password is the instance ID as seen below.

  3. Set up an FTP/TFTP server and ensure the FortiGate can log onto and download a BYOL license from it.
  4. On the FortiGate, use one of the following CLI commands to restore the VM license.

    exec restore vmlicense tftp <license file name> <IP address>

    exec restore vmlicense ftp <license name (path) on the remote server> <ftp server address>[:ftp port]

    If the license installation is successful, the FortiGate-VM reboots automatically. After it restarts, log in.

  5. Change the default port to any port, such as 8443. Do not use ports 443, 8080, or 80.

  6. You will now see the FortiGate-VM dashboard. Depending on your license type, the information in the license widget on the dashboard may vary.

  7. Select Network > Interfaces, and edit the interfaces, if required. If the IP address or subnet mask is missing for port 1 or port 2, configure these values.

Resources

Connecting to the FortiGate

To connect to the FortiGate-VM, you need your login credentials, the FortiGate's elastic IP address, SSH client, and an FTP server.

The default username is admin and the default password is the instance ID.

  1. You can find the public IP address in the EC2 Management Console. Select Instances and look at the Public IP field in the lower pane.

  2. Each public IP address in China should obtain an ICP license. Otherwise it cannot be visited by ports 80, 443, and 8080. You cannot initially access the FortiGate web UI via the default HTTPS port. You can access FortiGate via SSH, then uploaded a BYOL license to FortiGate via FTP or TFTP. After activating FortiGate, you can modify the default admin HTTPS port to any port, such as 8443. Then you can navigate to the FortiGate via https://<FortiGate elastic IP address>:8443.

    The default password is the instance ID as seen below.

  3. Set up an FTP/TFTP server and ensure the FortiGate can log onto and download a BYOL license from it.
  4. On the FortiGate, use one of the following CLI commands to restore the VM license.

    exec restore vmlicense tftp <license file name> <IP address>

    exec restore vmlicense ftp <license name (path) on the remote server> <ftp server address>[:ftp port]

    If the license installation is successful, the FortiGate-VM reboots automatically. After it restarts, log in.

  5. Change the default port to any port, such as 8443. Do not use ports 443, 8080, or 80.

  6. You will now see the FortiGate-VM dashboard. Depending on your license type, the information in the license widget on the dashboard may vary.

  7. Select Network > Interfaces, and edit the interfaces, if required. If the IP address or subnet mask is missing for port 1 or port 2, configure these values.