Connecting to the master FortiGate-VM instance
To connect to the master FortiGate-VM instance, you will need:
- a login URL
- a username (admin)
- a password (the InstanceID of the master FortiGate-VM instance)
The initial password for all FortiGate-VM instances is the instanceID of the master FortiGate-VM. This is the instanceID you noted in the section To verify the master election:. It is also stored in the DynamoDB table <ResourceTagPrefix>-Settings.
For details on locating the DynamoDB table <ResourceTagPrefix>-Settings, refer to the section Locating deployed resources.
As the master FortiGate-VM propagates the password to all secondary FortiGate-VM instances, this is the initial password for all FortiGate-VM instances.
You will need this initial password if failover occurs prior to the password being changed, as the newly elected master FortiGate-VM will still have the initial password of the previous master.
To construct the login URL of the master FortiGate-VM instance:
- Look up the Auto Scaling group(s) as described in steps 6 and 7 of the ASG portion of the section Verifying the deployment.
- Select the Auto Scaling group.
- In the lower pane, select the Instances tab and then click the master instance. This is the instance with the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
- Make note of the IPv4 Public IP in the lower pane.
- Construct a login URL in this way: https://<IPAddress>:<Port>/, where:
- IPAddress refers to the IPv4 Public IP of the FortiGate-VM.
- Port refers to the Admin port specified in the section FortiGate-VM configuration.
To connect to the master FortiGate-VM instance:
- Open an HTTPS session in your browser and go to the login URL.
- Your browser will display a certificate error message. This is normal because the default FortiGate certificate is self-signed and not recognized by browsers. Proceed past this error. At a later time, you can upload a publicly signed certificate to avoid this error.
- Log into the master FortiGate-VM instance with the username admin and the instanceID you noted in the section To verify the master election: or retrieved from the DynamoDB table <ResourceTagPrefix>-Settings in the section To obtain the password:.
- You are prompted to change the default password at the first-time login. It is recommended that you do so at this time.
You should only change the password on the master FortiGate-VM instance. The master FortiGate-VM instance will propagate the password to all FortiGate-VMs in the Auto Scaling group. Any attempt to change the password on a secondary FortiGate-VM is overwritten with the primary FortiGate-VM’s password.
- You will now see the FortiGate-VM dashboard. The information displayed in the license widget of the dashboard depends on your license type.
Follow the same steps to log into any other FortiGate-VM in the Auto Scaling group as needed.