Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mtogo_FTNT
Staff
Staff

Created on ‎08-07-2016 07:14 PM Edited on ‎05-26-2022 09:06 AM By Anonymous

Article Id 191143

Technical Note: How Fortinet AWS instances manege Amazon EC2 key-pair

Description

This article explains how Fortinet VM products manage SSH public key encryption in Amazon Web Services.  


Solution

FortiGate-VM supports the user login account and password method as default for the WEB GUI.  The default administrator account is "admin" and its default password is its instance ID.

Amazon EC2 services also use public key cryptography to encrypt and decrypt login information for SSH sessions.

When you assigned a key pair during instance creation, to log in to an instance, you can use the key pair. The public key is stored in the instance and its private key is required when you connect to the instance over SSH.

The following URL describes Amazon E2C key pairs in detail.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

There are several differences between Fortinet-VM products in how they handle keypairs. Even though a public key of a key pair is stored in an instance, it is inaccessible from its user interfaces regardless of the Web GUI or CLI.

FortiGate-VM (At the time of writing 5.4.1 is the current version)
You can proceed without a keypair during instance creation, and use the default FortiGate username / password.

When a key pair is assigned, you can use it or also username / password for SSH login.

The web GUI accepts the default account and password.

FortiWeb-VM (At the time of writing 5.5.3 is a current version)
You must assign the key pair during instance creation.  Without the key pair, you cannot login to a SSH session.

The web GUI accepts the default account and password.

FortiMail-VM  (At the time of writing 5.3.1 is a current version)
You must assign a key pair during instance creation.  Without the key pair, you cannot login to a SSH session.

The web GUI accepts the default account and password.

FortiAnalyzer-VM and FortiManager-VM (At the time of writing 5.2.2 is a current version)
You can proceed without a key pair and use the default FortiGate username / password during instance creation.

Even though a key pair is assigned, the public key is not stored in the instance. You can login to a SSH session with username / password.

The web GUI accepts the default account and password.
2354
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.