IMDSv2 support for FortiManager-VM on OCI 6.4.4
FortiManager-VM on OCI uses Oracle Instance Metadata Service version 2 (IMDSv2) to query and retrieve metadata from OCI cloud. IMDSv2 provides enhanced security compared to version 1.
With IMDSv2:
-
All requests to the IMDSv2 endpoints must include an authorization header. Requests that do not include the authorization header are rejected.
-
Requests that are forwarded using the HTTP headers
Forwarded
,X-Forwarded-For
, orX-Forwarded-Host
are rejected.
To upgrade the instance metadata service on an OCI compute instance:
- Verify that the instance uses an image that supports IMDSv2.
- Identify and migrate requests to the legacy IMDSv1 endpoints to support IMDSv2 endpoints.
- Disable all requests to the legacy IMDSv1 endpoints.