How Do I Used AWS

Before you start, here is what you should expect from the FortiManager Trial License:

• The FortiManager VM Trial license is great for learning, but please note it usually has limitations:
• Device Limit: You can typically manage only up to 3 devices/VDOMs.
• Features: Some advanced features like full FortiGuard updates or ADOM scaling might be restricted.
• Duration: Check the expiration date in the dashboard after uploading the license.

To deploy FortiManager in AWS using a trial license, follow these steps:

1. Subscribe via AWS Marketplace

• Go to the AWS Marketplace and search for "Fortinet FortiManager". Look for the "Bring Your Own License" (BYOL) version. This is the version required to use a trial license from Fortinet.

2. Launch the Instance

• Instance Type: Choose an instance size that meets the minimum requirements (typically at least 2 vCPUs and 4GB RAM, depending on the version).
• Networking: Ensure your Security Group allows access to ports 443 (HTTPS) for management and 541 (FGFM) for communication with FortiGate devices.

Tip: For security reasons, restrict access to port 443 to your own IP address only (My IP in the AWS console) instead of allowing 0.0.0.0/0.

3. Obtain the Trial License You cannot get the trial license directly from AWS. You need to:

• Register an account at the Fortinet Customer Service & Support portal (support.fortinet.com).
• Request a FortiManager VM Trial License.
• You will receive a .lic file or a registration code.

4. Upload the License Once your AWS instance is running:

• Access the FortiManager GUI via its Public IP address in your browser.
• Log in (default credentials usually involve the Instance ID as the password for the first login - check the Fortinet documentation for the specific version).
• Upload the .lic file when prompted during the initial setup.

Important Note: While the Fortinet license is a trial, AWS will still charge you for the EC2 instance and EBS storage unless you have active AWS Free Tier credits (though FortiManager requirements usually exceed the t2.micro free tier)

Before you start to deploy, please also have a look into "FortiManager Public Cloud - AWS Administration Guide:" -> https://docs.fortinet.com/document/fortimanager-public-cloud/7.6.0/aws-administration-guide/819045/about-fortimanager-for-aws , and into the "Fortinet FortiManager (BYOL) on the AWS Marketplace" https://aws.amazon.com/marketplace/pp/prodview-l6rxheua5mbls .

Official Documentation & Resources: For a detailed step-by-step walkthrough, please refer to the official Fortinet guides:

• Deployment Guide: FortiManager on AWS Administration Guide -> https://docs.fortinet.com/document/fortimanager-public-cloud/7.6.0/aws-administration-guide/391685/deploying-fortimanager-on-aws
• Licensing Guide: How to activate the FortiManager VM Trial License -> https://docs.fortinet.com/document/fortimanager/7.6.0/vm-trial-license-guide/200800/introduction

Quick Tip: When you first log in to the FortiManager GUI on AWS, the default username is admin and the initial password is your AWS Instance ID. In my experience, it helps not to move too far ahead before contacting the local FortiGate account manager or FortiGate sales partner through whom the on-premises license was purchased, in order to find a BYOL solution for this AWS Marketplace product.

For production FortiGate environments in AWS, I followed the guides below:

• https://www.fortinet.com/blog/business-and-technology/highly-scalable-fortigate-next-generation-firewall-security-on-aws-gateway-load-balancer-service
• https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-gateway-load-balancer-supported-architecture-patterns/

Additional Info for FortiGate on AWS::

• https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-aws-reference-architecture.pdf
• https://aws.amazon.com/blogs/apn/how-to-quickly-and-securely-connect-to-aws-using-fortinet-sd-wan/