This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Please see the note from AWS below. The instance-id length is changing from 10 to 19. The FortiGate-VM in AWS use the instance id as the password for initial login to the device.
As of March 7, 2016, newly created AWS accounts will use longer EC2 instance and reservation IDs by default in the following regions: US East (Northern Virginia), US West (Oregon), US West (Northern California), EU (Ireland), and EU (Frankfurt). In other regions, new accounts will use longer EC2 instance and reservation IDs by default starting in mid-April 2016.
If you create a new AWS account on or after March 7, 2016, your new account will receive longer EC2 instance and reservation IDs by default in the regions noted above. We recommend testing longer IDs before transitioning; however, if you have not yet tested your systems for compatibility with the longer format, you still have the option to opt out and receive shorter IDs until early December 2016. Longer EBS volume and snapshot IDs will be available in April.
For more details, and for instructions on how to adjust your ID format settings, visit theAWS Blog, the EC2 FAQ, and the EC2 User Guide. If you have questions, contact the AWS support team.
Sincerely,
The Amazon Web Services Team
Based on this, there needs some changes to the way we can login to the FortiGate-VM in AWS.
Short instance-id(10 digits):
Use the instance-id to login to the AWS FortiGate-VM instances as always.
Long instance-id(19 digits):
For the long instance id, launch the instance with a AWS keypair. There are two ways to login to the the instance in this scenario.
1) Please use the first 11 characters of the instance id.
2) You can use the private key to login to the firewall through ssh. From there you can change the admin password to login through http/https through the GUI.
Example to login using private key of the firewall:
From a Linux console.
#ssh -i privatekey.pem admin@[ip of the firewall]
Great info, thank you!
I did find, however, that Option#2 does not seem to work. When the Fortigate first comes up it does not have all the CLI commands enabled (aka - "config system admin" missing).
FortiGate-VM64-AWS # config system ?
central-management Configure central management.
dns Configure DNS.
interface Configure interfaces.
settings Configure VDOM settings.
FortiGate-VM64-AWS #
Maybe if you register via cli (if possible) or via the central management options?
James,
Can you specify what region that you tried launching this in? Also let me know if this is BYOL or OnDemand.
James,
They ssh keypair method should work for FortiGate. Can you verify?
In Reply to Praveen Lokesh:
James,They ssh keypair method should work for FortiGate. Can you verify?
I can login but it is the same problem I mentioned above. There is not a way, that I can see, for me to change the admin password via SSH. I can get in but then I can only config the bare minumum. I suspect once I have a license loaded it opens up more.
ssh -i ~/.ssh/awskey.pem admin@ec2-54-174-198-63.compute-1.amazonaws.com
FortiGate-VM64-AWS # config system ?
autoupdate Configure automatic updates.
central-management Configure central management.
dns Configure DNS.
interface Configure interfaces.
settings Configure VDOM settings.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.