Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.4.0
Download PDF
Copy Link

Connecting to the master FortiGate-VM instance

To connect to the master FortiGate-VM instance, you will need:

  • a login URL
  • a username (admin)
  • a password (the InstanceID of the master FortiGate-VM instance)
To obtain the password:

The initial password for all FortiGate-VM instances is the instanceID of the master FortiGate-VM. This is the instanceID you noted in the section To verify the master election:. It is also stored in the DynamoDB table <ResourceTagPrefix>-Settings.

For details on locating the DynamoDB table <ResourceTagPrefix>-Settings, refer to the section Locating deployed resources.

Initial password

Note

As the master FortiGate-VM propagates the password to all secondary FortiGate-VM instances, this is the initial password for all FortiGate-VM instances.

You will need this initial password if failover occurs prior to the password being changed, as the newly elected master FortiGate-VM will still have the initial password of the previous master.

To construct the login URL of the master FortiGate-VM instance:
  1. Look up the Auto Scaling group(s) as described in steps 6 and 7 of the ASG portion of the section Verifying the deployment.
  2. Select the Auto Scaling group.

    Obtain the IPv4 Public IP address

  3. In the lower pane, select the Instances tab and then click the master instance. This is the instance with the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
  4. Make note of the IPv4 Public IP in the lower pane.

    Obtain the IPv4 Public IP address

  5. Construct a login URL in this way: https://<IPAddress>:<Port>/, where:
    • IPAddress refers to the IPv4 Public IP of the FortiGate-VM.
    • Port refers to the Admin port specified in the section FortiGate-VM configuration.
To connect to the master FortiGate-VM instance:
  1. Open an HTTPS session in your browser and go to the login URL.
    • Your browser will display a certificate error message. This is normal because the default FortiGate certificate is self-signed and not recognized by browsers. Proceed past this error. At a later time, you can upload a publicly signed certificate to avoid this error.

    Login Disclaimer

  2. Log into the master FortiGate-VM instance with the username admin and the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
  3. You are prompted to change the default password at the first-time login. It is recommended that you do so at this time.

    FortiGate change password prompt

    Note

    You should only change the password on the master FortiGate-VM instance. The master FortiGate-VM instance will propagate the password to all FortiGate-VMs in the Auto Scaling group. Any attempt to change the password on a secondary FortiGate-VM is overwritten with the primary FortiGate-VM’s password.

  4. You will now see the FortiGate-VM dashboard. The information displayed in the license widget of the dashboard depends on your license type.

    FortiGate dashboard

Follow the same steps to log into any other FortiGate-VM in the Auto Scaling group as needed.

Resources

Connecting to the master FortiGate-VM instance

To connect to the master FortiGate-VM instance, you will need:

  • a login URL
  • a username (admin)
  • a password (the InstanceID of the master FortiGate-VM instance)
To obtain the password:

The initial password for all FortiGate-VM instances is the instanceID of the master FortiGate-VM. This is the instanceID you noted in the section To verify the master election:. It is also stored in the DynamoDB table <ResourceTagPrefix>-Settings.

For details on locating the DynamoDB table <ResourceTagPrefix>-Settings, refer to the section Locating deployed resources.

Initial password

Note

As the master FortiGate-VM propagates the password to all secondary FortiGate-VM instances, this is the initial password for all FortiGate-VM instances.

You will need this initial password if failover occurs prior to the password being changed, as the newly elected master FortiGate-VM will still have the initial password of the previous master.

To construct the login URL of the master FortiGate-VM instance:
  1. Look up the Auto Scaling group(s) as described in steps 6 and 7 of the ASG portion of the section Verifying the deployment.
  2. Select the Auto Scaling group.

    Obtain the IPv4 Public IP address

  3. In the lower pane, select the Instances tab and then click the master instance. This is the instance with the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
  4. Make note of the IPv4 Public IP in the lower pane.

    Obtain the IPv4 Public IP address

  5. Construct a login URL in this way: https://<IPAddress>:<Port>/, where:
    • IPAddress refers to the IPv4 Public IP of the FortiGate-VM.
    • Port refers to the Admin port specified in the section FortiGate-VM configuration.
To connect to the master FortiGate-VM instance:
  1. Open an HTTPS session in your browser and go to the login URL.
    • Your browser will display a certificate error message. This is normal because the default FortiGate certificate is self-signed and not recognized by browsers. Proceed past this error. At a later time, you can upload a publicly signed certificate to avoid this error.

    Login Disclaimer

  2. Log into the master FortiGate-VM instance with the username admin and the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
  3. You are prompted to change the default password at the first-time login. It is recommended that you do so at this time.

    FortiGate change password prompt

    Note

    You should only change the password on the master FortiGate-VM instance. The master FortiGate-VM instance will propagate the password to all FortiGate-VMs in the Auto Scaling group. Any attempt to change the password on a secondary FortiGate-VM is overwritten with the primary FortiGate-VM’s password.

  4. You will now see the FortiGate-VM dashboard. The information displayed in the license widget of the dashboard depends on your license type.

    FortiGate dashboard

Follow the same steps to log into any other FortiGate-VM in the Auto Scaling group as needed.