Fortinet black logo

New Features

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Support for GCP shielded and confidential VM service 7.2.4

Support for GCP shielded and confidential VM service 7.2.4

FortiGate-VM for GCP supports shielded and confidential VM modes where a UEFI VM image is used for secure boot and data-in-use is encrypted during processing. These flavors use AMD EPYC Rome CPUs with vTPM. Using UEFI support with a signed bootloader ensures that the FortiGate-VM for GCP can be validated and verified to use the confidential and shielded VM flavors and modes. This allows you to encrypt your data during CPU processing. See What is Shielded VM? and Confidential Computing concepts.

You can directly deploy a FortiGate-VM in shielded or confidential VM mode by using the premade marketplace image onto cvm and shielded-vm flavors/modes. Running get hardware cpu on an instance in shielded or confidential mode outputs the following:

processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 23
model           : 49
model name      : AMD EPYC 7B12
stepping        : 0
microcode       : 0x1000065
cpu MHz         : 2249.998
cache size      : 512 KB
physical id     : 0
siblings        : 8
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 clzero xsaveerptr arat npt nrip_save umip rdpi
Previous
Next

Support for GCP shielded and confidential VM service 7.2.4

FortiGate-VM for GCP supports shielded and confidential VM modes where a UEFI VM image is used for secure boot and data-in-use is encrypted during processing. These flavors use AMD EPYC Rome CPUs with vTPM. Using UEFI support with a signed bootloader ensures that the FortiGate-VM for GCP can be validated and verified to use the confidential and shielded VM flavors and modes. This allows you to encrypt your data during CPU processing. See What is Shielded VM? and Confidential Computing concepts.

You can directly deploy a FortiGate-VM in shielded or confidential VM mode by using the premade marketplace image onto cvm and shielded-vm flavors/modes. Running get hardware cpu on an instance in shielded or confidential mode outputs the following:

processor       : 0
vendor_id       : AuthenticAMD
cpu family      : 23
model           : 49
model name      : AMD EPYC 7B12
stepping        : 0
microcode       : 0x1000065
cpu MHz         : 2249.998
cache size      : 512 KB
physical id     : 0
siblings        : 8
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 13
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 clzero xsaveerptr arat npt nrip_save umip rdpi
Previous
Next