Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nathan_h
Staff & Editor
Staff & Editor

Created on ‎10-14-2024 05:20 AM Edited on ‎10-14-2024 05:20 AM By Community Manager

Article Id 348911

Technical Tip: How to change HA AutoScale PSK Secret when deployed from AWS CloudFormation

Description

 

This article describes how to change PSK Secret on AWS HA auto-scale FortiGate setup. This was initially deployed with AWS Cloud Formation. 

 

Scope

 

FortiGate VM on AWS.

 

Solution

 

  1. FortiGate auto scale is deployed using CloudFormation: Deploy FortiGate VM with auto-scale.

  2. Change HA auto-scale PSK Secret on FortiGate auto-scale Primary.

 

config system auto-scale

(auto-scale) #

(auto-scale) # set psksecret fortinetnew

end

 

  1. Change it on Dynamo DB via AWS Management Console. If this is not updated, the new FortiGate instance will not be synced when scale-out will be triggered.

     

    Dynamo DB -> Explore Items -> Select *-Settings -> Scroll down -> Select fortigate-psk-secret -> Enter new password -> Save and Close.

     

    2024-10-11 16 35 35.png

     

    2024-10-11 16 36 05.png

     

    2024-10-11 16 40 51.png

     

     

  2. Verify the auto-scale HA by terminating the Secondary FortiGate instance. A new FortiGate instance will be launched and will be synced with the Primary auto-scale FortiGate.

337
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.