Technical Tip: How to deal with GCP (Google Cloud Platform) error messages 'GCP get public certificates failed, 28' 'GCP instance check failed'

This error message is linked to the 'instance check', which is executed after the initial deployment: the check fails because it cannot call API to Google API.

Failing in this step will cause an instance shutdown.
And the check will be executed every time the instance is restarted: the symptoms are a FortiGate VM starting and showing an error message just before shutting down within five minutes after booting.

The key to allowing the mandatory 'instance check' pass is to make sure that 'port1' has a public IP address or its subnet is enabled. 'Google Private Access': The API will be called via port1 as the HA is not formed yet at that moment.

As a wrap-up of best practices, when an administrator is deploying a FortiGate VM in GCP using a Terraform script, it requires:

• port1 has Internet access.
• port1 has 'Google Private Access' enabled using the GCP administration panel.
• The HA management interface has Internet Access.
• The HA management interface has 'Google Private Access' enabled using the GCP administration panel.

Related documents:

• fortinet/fortigate-terraform-deploy
• Private Google Access
• Technical Tip: How to deploy a FortiGate-VM BYOL on GCP