Fortinet black logo

New Features

Home FortiManager 6.4.0 New Features

IMDSv2 support for FortiManager-VM on OCI 6.4.4

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID b5bbfe47-438c-11ea-9384-00505692583a:805374
Download PDF

IMDSv2 support for FortiManager-VM on OCI 6.4.4

FortiManager-VM on OCI uses Oracle Instance Metadata Service version 2 (IMDSv2) to query and retrieve metadata from OCI cloud. IMDSv2 provides enhanced security compared to version 1.

With IMDSv2:

  • All requests to the IMDSv2 endpoints must include an authorization header. Requests that do not include the authorization header are rejected.

  • Requests that are forwarded using the HTTP headers Forwarded, X-Forwarded-For, or X-Forwarded-Host are rejected.

To upgrade the instance metadata service on an OCI compute instance:
  1. Verify that the instance uses an image that supports IMDSv2.
  2. Identify and migrate requests to the legacy IMDSv1 endpoints to support IMDSv2 endpoints.
  3. Disable all requests to the legacy IMDSv1 endpoints.
Previous
Next

IMDSv2 support for FortiManager-VM on OCI 6.4.4

FortiManager-VM on OCI uses Oracle Instance Metadata Service version 2 (IMDSv2) to query and retrieve metadata from OCI cloud. IMDSv2 provides enhanced security compared to version 1.

With IMDSv2:

  • All requests to the IMDSv2 endpoints must include an authorization header. Requests that do not include the authorization header are rejected.

  • Requests that are forwarded using the HTTP headers Forwarded, X-Forwarded-For, or X-Forwarded-Host are rejected.

To upgrade the instance metadata service on an OCI compute instance:
  1. Verify that the instance uses an image that supports IMDSv2.
  2. Identify and migrate requests to the legacy IMDSv1 endpoints to support IMDSv2 endpoints.
  3. Disable all requests to the legacy IMDSv1 endpoints.
Previous
Next