Best practices and next steps
Not publishing management interfaces on the public Internet is recommended. If using a public IP address, use cloud firewall rules to restrict access from trusted IP addresses ranges only.
By default, FortiGate-VM instances assigned to the Compute Engine default service account. Creating a dedicated service account and assigning it a custom role with minimum required permissions is recommended. See Creating a GCP service account.