This article provides information on how to SSH access to FortiGate CLI on AWS with the key pair using Putty.

Prepare the private key used by the FortiGate EC2 instance. Configure Putty to use the private key for authentication.

1. Prepare the private key from AWS, which is used by the instance during the initial run. The private key is downloaded when one first creates it.
2. On the AWS console, go to EC2 -> Instances, select the instance (FortiGate). On the details tab, look for 'Key pair name' to identify the key pair being used. For example:

3. There are 2 formats of the key – '.pem' and '.ppk'.
4. For Putty, '.ppk' format is mandatory. If the key downloaded previously is in '.pem' format, then one has to convert to the right format using Puttygen by referring to the below: guide: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html
5. Once the '.ppk' is ready, run PuTTY.
6. For hostname/IP , put in the public IP of the FortiGate (this will be the elastic IP associated with the instance). The user can check for this under EC2 > Instances on the AWS console, under the Elastic IP column.
7. Verify that the Security Group associated with the FortiGate EC2 instance allows inbound SSH traffic on port 22 from the local machine's IP address trying to connect or a wider range if necessary.
8. Once the hostname/IP has been setup, go to SSH on the left side column on PuTTY.
9. Expand it and select 'Auth'.

10. Under 'Private key file for authentication:', browse and select the .ppk file.
11. Then select 'Open'.
12. The login will be prompted. Once the username is keyed in for the instance, authenticate with the private key, and the login will be successful.