Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Legacy Administration Guide

    Home FortiGate Cloud 25.2.a Legacy Administration Guide
    25.2.a
    25.2.a
    25.2.0
    25.1.a

    Frequently asked questions

    Frequently asked questions

    What do I do if FortiOS returns an Invalid Username or Password/FortiCloud Internal Error/HTTP 400 error when activating FortiGate Cloud on the FortiOS GUI?

    1. Ensure that you can log into FortiGate Cloud via a web browser using the same username and password that you attempted to activate FortiGate Cloud with on the FortiOS GUI.
    2. Confirm that the FortiGate can ping logctrl1.fortinet.com or globallogctrl.fortinet.net.
    3. Connect via Telnet to the resolved IP address from step 2 using port 443.
    4. Ensure that the FortiGate Cloud account password length is fewer than 20 characters.
    5. If running FortiOS 5.4 or older versions, ensure that the FortiGate Cloud account password does not include special characters as these FortiOS versions do not support this.
    6. If the FortiGate is a member of a high availability (HA) pair, ensure that you activate FortiGate Cloud on the primary device. Activate FortiGate Cloud on the primary FortiGate as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes. FortiGate Cloud activation on the primary FortiGate activates FortiGate Cloud on the secondary FortiGate. Local FortiGate Cloud activation on the secondary FortiGate fails.
    7. Enable FortiGate Cloud debug in the CLI. The get command displays the device timezone, while the diagnose debug console timestamp enable command shows the date timestamp for the debug logs.

      config system global

      get

      end

      diagnose debug console timestamp enable

      execute fortiguard-log domain

      diagnose debug application forticldd -1

      diagnose debug enable

      execute fortiguard-log login email password

      Email any debug output to admin@forticloud.com.

    8. If you see the HTTP 400 error, enable HTTP debug with the diagnose debug application httpsd -1 command.

    Why can I log into the FortiGate Cloud but not activate the FortiGate Cloud account in FortiOS with the same credentials?

    FortiOS 5.4 and older versions do not support passwords with special characters. If you are running FortiOS 5.4 or an older version and attempting to activate a FortiGate Cloud account with a password that includes special characters, the activation fails. You must remove special characters from the password, or upgrade to FortiOS 5.6 or a later version.

    How can I move a FortiGate from account A to account B in the same region?

    See To move a FortiGate/FortiWifi deployed to FortiGate Cloud to another account:.

    How can I activate my FortiGate Cloud on HA-paired FortiGates?

    Activate FortiGate Cloud on the primary FortiGate as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes. FortiGate Cloud activation on the primary FortiGate activates FortiGate Cloud on the secondary FortiGate. Local FortiGate Cloud activation on the secondary FortiGate fails.

    You can also disable HA on both devices, activate FortiGate Cloud on each device, then enable HA.

    How can I establish a management tunnel connection between my FortiGate and FortiGate Cloud?

    Do one of the following:

    • If you have not activated FortiGate Cloud in FortiOS for the first time, follow the steps in FortiCare and FortiGate Cloud login.
    • Otherwise, if you have already activated FortiGate Cloud, run the following commands in FortiOS to establish a connection manually:

      config system central-management

      set type fortiguard

      end

      diagnose fdsm contract-controller-update

      fnsysctl killall fgfmd

    What do I do if a FortiGate added by its cloud key stays in an inactive state for more than 24 hours?

    1. Check the FortiGate network settings and ensure that port 443 is not blocked.
    2. Connect via Telnet to logctrl1.fortinet.com or globallogctrl.fortinet.net (if FortiOS supports Anycast) through port 443.
    3. In the FortiOS GUI, activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes.

    What do I do if the "Device is already in inventory" message appears when importing a FortiGate by key?

    This message means that the device has already been added to an account inventory. Another user may have tried to add the device to another account. If you cannot find the device on the Inventory page, contact cs@fortinet.com.

    What do I do if the invalid key message appears when importing a FortiGate by key?

    The FortiCloud key is for one-time use only. Log into the FortiGate and activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes instead. If you cannot connect to the FortiOS GUI, contact cs@fortinet.com to reenable the key.

    What do I do if FortiGate Cloud activation via the FortiOS GUI succeeds, but I cannot find the FortiGate in the FortiGate Cloud portal?

    When a new FortiGate is added to FortiGate Cloud, FortiGate Cloud dispatches it to the global or Europe region based on its IP address geolocation. If the FortiGate warranty region is Japan, FortiGate Cloud dispatches it to the Japan region.

    How can I move a FortiGate from region A to region B?

    1. Log in to FortiGate Cloud region A.
    2. Undeploy the device.
    3. Verify that the device has returned to the Inventory page.
    4. Switch the portal to region B.
    5. Go to Inventory and deploy the device.

    How can I connect to FortiGate by remote access?

    You must set the FortiOS central management setting to FortiCloud. The management tunnel status must be up. See How can I establish a management tunnel connection between my FortiGate and FortiGate Cloud?. See To remotely access a device:.

    How can I activate FortiGate Cloud using a different email FortiCare account when FortiOS does not allow entering another email?

    execute fortiguard-log login <email> <password>

    What do I do if the migrate notice still appears after successful migration?

    The migrate notice appears when FortiOS detects different email addresses used for FortiCare and FortiGate Cloud. FortiOS has a known issue that it is case-sensitive when verifying an email address. For example, FortiOS may consider example@mail.com and Example@mail.com as different email addresses. Contact cs@fortinet.com to ensure both accounts use all lower-case letters.

    What do I do if FortiDeploy does not work?

    1. Ensure that the FortiManager settings are correct and the device can connect to FortiManager.
    2. Confirm that the central management setting on the device is set to FortiCloud.
    3. Ensure that the device can connect to logctrl1.fortinet.com via port 443.
    4. Import the device to the inventory by FortiCloud key. See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:.
    5. Deploy the device to FortiManager, then power up the device. If the device is already powered up, run execute fortiguard-log join.
    6. If the FortiCloud key has been used and is invalid for reuse, log into the device GUI and activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes.

    What do I do if FortiOS does not upload logs?

    Gather debug logs for the following commands, then send the debug output to fortigatecloud@forticloud.com. Check log upload settings on the FortiGate and ensure that it is configured to send logs to FortiGate Cloud:

    execute telnet <log server IP address> 514

    diagnose test application forticldd 1

    diagnose test application miglogd 6

    diagnose debug application miglogd -1

    diagnose debug enable

    What do I do if FortiGate Cloud cannot retrieve logs from FortiOS when data source is set as FortiGate Cloud?

    Ensure that you can see logs in the FortiGate Cloud portal.

    In poor network conditions, increase the timeout period to avoid connection timeout:

    config log fortiguard setting

    set conn-timeout 120

    end

    How can I export more than 1000 lines of logs?

    See To download logs:.

    Why does the FortiGate Cloud server drop some logs from my FortiGate?

    A FortiGate with implicit policy logging settings enabled uploads a large amount of redundant logs, causing processing delays and overloading on the log server. The amount of redundant logs uploaded can be large enough to block all log uploads from the FortiGate. Therefore, FortiGate Cloud drops logs matching the following conditions:

    • policyid=0
    • sentbyte=0
    • rcvdbyte=0
    • no crscore
    • subtype="local"

    How can I receive a daily report by email?

    Ensure that FortiGate Cloud generated the scheduled report and that you have added the email address. See Reports.

    Why does FortiGate not submit files for Sandbox scanning?

    Check the FortiGate settings:

    • For FortiOS 6.2 and later versions:
      • Ensure that FortiGate Cloud has been activated.
      • Go to Security Profiles > AntiVirus. Ensure that Suspicious Files Only or All Supported Files is enabled.
    • For FortiOS 6.0 and earlier versions:
      • Go to System > Feature Visibility, then enable FortiSandbox Cloud.
      • Go to Security Fabric > Settings. Enable Sandbox Inspection.
      • Go to Security Profiles > AntiVirus. Ensure that Suspicious Files Only or All Supported Files is enabled.
      • Go to Policy & Objects > IPv4 Policy. Enable antivirus for the policy in use.

    What backup retention does FortiGate Cloud provide?

    Backup does not have storage limits. For licensed devices, the retention period is one year.

    How does automatic backup work?

    Automatic backup is either per session or day. FortiGate setting changes from FortiOS or FortiGate Cloud trigger backup. If there is no changes to FortiGate settings, FortiGate Cloud does not perform a backup. See To enable auto backup:.

    What does it mean if a geolocation attribute configuration change log/alert is received?

    This is a feature to sync a FortiGate device's geolocation information between the FortiOS GUI, FortiGate Cloud, and the Asset Management portal. When a new device is being provisioned, or there is a change in a provisioned device's IP address, or a user moves a device to another location on the map view, its new geolocation attributes are pushed to the device via the management tunnel with username as FortiGateCloud. Since the geolocation database may not be entirely accurate, it is possible that a device is placed at a wrong location on the map, but you can move the device to its correct location on Map View.

    What do I do if FortiGate Cloud does not reflect a new hostname on a FortiGate or FortiGate Cloud overwrites a new FortiGate hostname?

    To synchronize the local hostname on a FortiGate and in FortiGate Cloud, compare the times of the FortiGate Cloud portal change and the local hostname modification on the device GUI. Use whichever time is the latest.

    • When you change the hostname within the FortiGate Cloud portal, FortiGate Cloud pushes the change to the device via the management tunnel.
    • When you change the hostname within the device GUI, the device only sends the new hostname to FortiGate Cloud with its next FCP UpdateMgr request.

    To ensure that FortiGate Cloud can immediately reflect hostname changes, you can run the diagnose fdsm contract-controller-update command in the CLI after changing the hostname:

    Can I revert back from FortiGate Cloud 2.0 after upgrade?

    Once the upgrade to FortiGate Cloud 2.0 is complete, you cannot revert back within the FortiGate Cloud portal. If you want to revert your FortiGate Cloud environment, contact the support team as soon as possible.

    Why is my FortiGate deployed to a region other than global (U.S. or Europe)?

    There are several possible cases:

    • The FortiGate has a physical IP address outside of North America, and thus FortiGate Cloud's dispatcher server deploys the device according to its IP address's geolocation.
    • When activating FortiGate Cloud from the web UI, for some FortiOS versions, the user could choose a region to deploy the device. The default region is global, and the user could optionally select Europe or U.S.
    • For U.S. government orders, the FortiGate has a US-Government license key burnt in BIOS, and therefore such a device could only be provisioned to the US region of FortiGate Cloud. For a FortiGate VM instance, the default server location is usa, and therefore, to provision a VM instance to another region other than US, you must first change its server location configuration to 'automatic'.

    How do I check if my FortiGate has been preset for a specific server location?

    In CLI, browse for update-server-location under system fortiguard settings. For a device with a USG license key, update-server-location does not apply, so you can use the get system status to check for License Status: US-Government(USG).

    Can I change the server location configuration?

    Yes, for non-USG FortiGates, run the following commands in CLI to change this configuration:

    config system fortiguard

    set update-server-location <usa>|<automatic/any>|<eu>

    end

    If my FortiGate's server location is automatic/any, how do I deploy it to my preferred region?

    You may choose the preferred region from the web UI FortiGate Cloud activation page, or run the following commands in the CLI: exe fortiguard-log login <email> <password> <GLOBAL|EUROPE|US>.

    Can I migrate logs uploaded or reports generated to a different region?

    No, you cannot migrate existing data cannot to another region. FortiGate Cloud only uploads new data to the new region from the time that you updated the region settings.

    Why am I logging into the Premium Portal in one region and the Standard Portal in another?

    Upgrading to the Premium Portal is done on a region-by-region basis. If your account meets the upgrade requirements in another region, you see the Upgrade button after logging in and can upgrade to the Premium Portal for that region.

    How do I change my region in the FortiGate Cloud (Premium) portal?

    Migrating to another region for the same account is not permitted as the data cannot be allowed to move across the regions. Instead, creating a new account and reprovisioning the devices to the new account is recommended.

    How do I transfer a FortiGate to a FortiGate Cloud instance that is under the same FortiCloud account that it is registered to?

    See To transfer a FortiGate to a FortiGate Cloud instance that is under the same FortiCloud account that it is registered to:.

    What should I do if I accidentally upgrade FortiOS to 7.4.2 or higher on a FortiGate without a FortiGate Cloud Service subscription and remote access to the device becomes read-only?

    For the following FortiOS versions, the remote access feature requires a FortiGate Cloud Service subscription license on the FortiGate to have read and write access:

    • 7.6.0 and later versions
    • 7.4.2 and later versions
    • 7.2.8 and later versions
    • 7.0.14 and later versions

    If you are considering or in the process of purchasing the license, contact our Support team. They can apply a short-term trial license to your device to resolve the issue. Alternatively, you can access your FortiGate via its web interface. If you do not have access to the FortiGate's web interface, contact our Support team with a description of the situation.

    After I transfer my FortiGate to another account in the Asset Management portal, do I still need to transfer it in FortiGate Cloud?

    After you transfer a FortiGate from account A to B in the Asset Management portal, it is undeployed from account A with existing data retained under account A. The FortiGate is available for deployment under the FortiCare Inventory tab of account B in the FortiGate Cloud portal. After reactivating FortiGate Cloud using account B, you must ensure that the FortiGate central management and log destination are configured as FortiGate Cloud in Security Fabric > Fabric Connectors.

    Does FortiGate Cloud support data backups and disaster recovery?

    FortiGate Cloud is ISO 27001- and SOC2-compliant and supports standard procedures for data backup and redundancy and disaster recovery.

    What happens if automatic firmware upgrade is enabled on FortiGate Cloud and the FortiGate?

    The firmware profile assignment within FortiGate Cloud disables the local automatic firmware upgrade configuration on the FortiGate.

    Can I disable automatic firmware upgrade from FortiOS by logging in directly to the FortiGate that has no FortiGate Cloud subscription to bypass the automatic firmware upgrade enforcement from FortiGate Cloud?

    FortiGate Cloud does not automatically upgrade devices without a FortiGate Cloud subscription to the latest patch. For devices without a subscription to continue uploading logs to FortiGate Cloud, you must manually upgrade the device to the latest patch, such as upgrading the device manually via FortiGate Cloud or by using the automatic firmware upgrade feature in FortiOS. If you do not upgrade the device to the latest patch, the device does not upload logs to FortiGate Cloud.

    For devices with a FortiGate Cloud subscription, automatic firmware upgrades using a firmware profile is available as an optional feature. If you have configured a firmware profile in FortiGate Cloud for a device, you do not need to disable the automatic firmware upgrade feature in FortiOS.

    How can OU users activate FortiGate Cloud on FortiGates provisioned to a placeholder account?

    After adding the FortiGate to an OU placeholder account, provision the FortiGate to that account in FortiGate Cloud by using the FortiZTP portal or Cloud key import. Log in to the FortiOS and run the following commnad: execute fortiguard-log join

    How can I activate FortiGate Cloud on a FortiGate provisioned to an OU placeholder account?

    To activate FortiGate Cloud, run the following in the CLI:

    execute fortiguard-log join

    To refresh the management tunnel connection, run the following in the CLI:

    config system central-management
    set type fortiguard
end
diagnose fdsm contract-controller-update
fnsysctl killall fgfmd
    Previous
    Next

    Frequently asked questions

    Frequently asked questions

    What do I do if FortiOS returns an Invalid Username or Password/FortiCloud Internal Error/HTTP 400 error when activating FortiGate Cloud on the FortiOS GUI?

    1. Ensure that you can log into FortiGate Cloud via a web browser using the same username and password that you attempted to activate FortiGate Cloud with on the FortiOS GUI.
    2. Confirm that the FortiGate can ping logctrl1.fortinet.com or globallogctrl.fortinet.net.
    3. Connect via Telnet to the resolved IP address from step 2 using port 443.
    4. Ensure that the FortiGate Cloud account password length is fewer than 20 characters.
    5. If running FortiOS 5.4 or older versions, ensure that the FortiGate Cloud account password does not include special characters as these FortiOS versions do not support this.
    6. If the FortiGate is a member of a high availability (HA) pair, ensure that you activate FortiGate Cloud on the primary device. Activate FortiGate Cloud on the primary FortiGate as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes. FortiGate Cloud activation on the primary FortiGate activates FortiGate Cloud on the secondary FortiGate. Local FortiGate Cloud activation on the secondary FortiGate fails.
    7. Enable FortiGate Cloud debug in the CLI. The get command displays the device timezone, while the diagnose debug console timestamp enable command shows the date timestamp for the debug logs.

      config system global

      get

      end

      diagnose debug console timestamp enable

      execute fortiguard-log domain

      diagnose debug application forticldd -1

      diagnose debug enable

      execute fortiguard-log login email password

      Email any debug output to admin@forticloud.com.

    8. If you see the HTTP 400 error, enable HTTP debug with the diagnose debug application httpsd -1 command.

    Why can I log into the FortiGate Cloud but not activate the FortiGate Cloud account in FortiOS with the same credentials?

    FortiOS 5.4 and older versions do not support passwords with special characters. If you are running FortiOS 5.4 or an older version and attempting to activate a FortiGate Cloud account with a password that includes special characters, the activation fails. You must remove special characters from the password, or upgrade to FortiOS 5.6 or a later version.

    How can I move a FortiGate from account A to account B in the same region?

    See To move a FortiGate/FortiWifi deployed to FortiGate Cloud to another account:.

    How can I activate my FortiGate Cloud on HA-paired FortiGates?

    Activate FortiGate Cloud on the primary FortiGate as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes. FortiGate Cloud activation on the primary FortiGate activates FortiGate Cloud on the secondary FortiGate. Local FortiGate Cloud activation on the secondary FortiGate fails.

    You can also disable HA on both devices, activate FortiGate Cloud on each device, then enable HA.

    How can I establish a management tunnel connection between my FortiGate and FortiGate Cloud?

    Do one of the following:

    • If you have not activated FortiGate Cloud in FortiOS for the first time, follow the steps in FortiCare and FortiGate Cloud login.
    • Otherwise, if you have already activated FortiGate Cloud, run the following commands in FortiOS to establish a connection manually:

      config system central-management

      set type fortiguard

      end

      diagnose fdsm contract-controller-update

      fnsysctl killall fgfmd

    What do I do if a FortiGate added by its cloud key stays in an inactive state for more than 24 hours?

    1. Check the FortiGate network settings and ensure that port 443 is not blocked.
    2. Connect via Telnet to logctrl1.fortinet.com or globallogctrl.fortinet.net (if FortiOS supports Anycast) through port 443.
    3. In the FortiOS GUI, activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes.

    What do I do if the "Device is already in inventory" message appears when importing a FortiGate by key?

    This message means that the device has already been added to an account inventory. Another user may have tried to add the device to another account. If you cannot find the device on the Inventory page, contact cs@fortinet.com.

    What do I do if the invalid key message appears when importing a FortiGate by key?

    The FortiCloud key is for one-time use only. Log into the FortiGate and activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes instead. If you cannot connect to the FortiOS GUI, contact cs@fortinet.com to reenable the key.

    What do I do if FortiGate Cloud activation via the FortiOS GUI succeeds, but I cannot find the FortiGate in the FortiGate Cloud portal?

    When a new FortiGate is added to FortiGate Cloud, FortiGate Cloud dispatches it to the global or Europe region based on its IP address geolocation. If the FortiGate warranty region is Japan, FortiGate Cloud dispatches it to the Japan region.

    How can I move a FortiGate from region A to region B?

    1. Log in to FortiGate Cloud region A.
    2. Undeploy the device.
    3. Verify that the device has returned to the Inventory page.
    4. Switch the portal to region B.
    5. Go to Inventory and deploy the device.

    How can I connect to FortiGate by remote access?

    You must set the FortiOS central management setting to FortiCloud. The management tunnel status must be up. See How can I establish a management tunnel connection between my FortiGate and FortiGate Cloud?. See To remotely access a device:.

    How can I activate FortiGate Cloud using a different email FortiCare account when FortiOS does not allow entering another email?

    execute fortiguard-log login <email> <password>

    What do I do if the migrate notice still appears after successful migration?

    The migrate notice appears when FortiOS detects different email addresses used for FortiCare and FortiGate Cloud. FortiOS has a known issue that it is case-sensitive when verifying an email address. For example, FortiOS may consider example@mail.com and Example@mail.com as different email addresses. Contact cs@fortinet.com to ensure both accounts use all lower-case letters.

    What do I do if FortiDeploy does not work?

    1. Ensure that the FortiManager settings are correct and the device can connect to FortiManager.
    2. Confirm that the central management setting on the device is set to FortiCloud.
    3. Ensure that the device can connect to logctrl1.fortinet.com via port 443.
    4. Import the device to the inventory by FortiCloud key. See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:.
    5. Deploy the device to FortiManager, then power up the device. If the device is already powered up, run execute fortiguard-log join.
    6. If the FortiCloud key has been used and is invalid for reuse, log into the device GUI and activate FortiGate Cloud as To deploy a FortiGate/FortiWifi to FortiGate Cloud in the FortiOS GUI: describes.

    What do I do if FortiOS does not upload logs?

    Gather debug logs for the following commands, then send the debug output to fortigatecloud@forticloud.com. Check log upload settings on the FortiGate and ensure that it is configured to send logs to FortiGate Cloud:

    execute telnet <log server IP address> 514

    diagnose test application forticldd 1

    diagnose test application miglogd 6

    diagnose debug application miglogd -1

    diagnose debug enable

    What do I do if FortiGate Cloud cannot retrieve logs from FortiOS when data source is set as FortiGate Cloud?

    Ensure that you can see logs in the FortiGate Cloud portal.

    In poor network conditions, increase the timeout period to avoid connection timeout:

    config log fortiguard setting

    set conn-timeout 120

    end

    How can I export more than 1000 lines of logs?

    See To download logs:.

    Why does the FortiGate Cloud server drop some logs from my FortiGate?

    A FortiGate with implicit policy logging settings enabled uploads a large amount of redundant logs, causing processing delays and overloading on the log server. The amount of redundant logs uploaded can be large enough to block all log uploads from the FortiGate. Therefore, FortiGate Cloud drops logs matching the following conditions:

    • policyid=0
    • sentbyte=0
    • rcvdbyte=0
    • no crscore
    • subtype="local"

    How can I receive a daily report by email?

    Ensure that FortiGate Cloud generated the scheduled report and that you have added the email address. See Reports.

    Why does FortiGate not submit files for Sandbox scanning?

    Check the FortiGate settings:

    • For FortiOS 6.2 and later versions:
      • Ensure that FortiGate Cloud has been activated.
      • Go to Security Profiles > AntiVirus. Ensure that Suspicious Files Only or All Supported Files is enabled.
    • For FortiOS 6.0 and earlier versions:
      • Go to System > Feature Visibility, then enable FortiSandbox Cloud.
      • Go to Security Fabric > Settings. Enable Sandbox Inspection.
      • Go to Security Profiles > AntiVirus. Ensure that Suspicious Files Only or All Supported Files is enabled.
      • Go to Policy & Objects > IPv4 Policy. Enable antivirus for the policy in use.

    What backup retention does FortiGate Cloud provide?

    Backup does not have storage limits. For licensed devices, the retention period is one year.

    How does automatic backup work?

    Automatic backup is either per session or day. FortiGate setting changes from FortiOS or FortiGate Cloud trigger backup. If there is no changes to FortiGate settings, FortiGate Cloud does not perform a backup. See To enable auto backup:.

    What does it mean if a geolocation attribute configuration change log/alert is received?

    This is a feature to sync a FortiGate device's geolocation information between the FortiOS GUI, FortiGate Cloud, and the Asset Management portal. When a new device is being provisioned, or there is a change in a provisioned device's IP address, or a user moves a device to another location on the map view, its new geolocation attributes are pushed to the device via the management tunnel with username as FortiGateCloud. Since the geolocation database may not be entirely accurate, it is possible that a device is placed at a wrong location on the map, but you can move the device to its correct location on Map View.

    What do I do if FortiGate Cloud does not reflect a new hostname on a FortiGate or FortiGate Cloud overwrites a new FortiGate hostname?

    To synchronize the local hostname on a FortiGate and in FortiGate Cloud, compare the times of the FortiGate Cloud portal change and the local hostname modification on the device GUI. Use whichever time is the latest.

    • When you change the hostname within the FortiGate Cloud portal, FortiGate Cloud pushes the change to the device via the management tunnel.
    • When you change the hostname within the device GUI, the device only sends the new hostname to FortiGate Cloud with its next FCP UpdateMgr request.

    To ensure that FortiGate Cloud can immediately reflect hostname changes, you can run the diagnose fdsm contract-controller-update command in the CLI after changing the hostname:

    Can I revert back from FortiGate Cloud 2.0 after upgrade?

    Once the upgrade to FortiGate Cloud 2.0 is complete, you cannot revert back within the FortiGate Cloud portal. If you want to revert your FortiGate Cloud environment, contact the support team as soon as possible.

    Why is my FortiGate deployed to a region other than global (U.S. or Europe)?

    There are several possible cases:

    • The FortiGate has a physical IP address outside of North America, and thus FortiGate Cloud's dispatcher server deploys the device according to its IP address's geolocation.
    • When activating FortiGate Cloud from the web UI, for some FortiOS versions, the user could choose a region to deploy the device. The default region is global, and the user could optionally select Europe or U.S.
    • For U.S. government orders, the FortiGate has a US-Government license key burnt in BIOS, and therefore such a device could only be provisioned to the US region of FortiGate Cloud. For a FortiGate VM instance, the default server location is usa, and therefore, to provision a VM instance to another region other than US, you must first change its server location configuration to 'automatic'.

    How do I check if my FortiGate has been preset for a specific server location?

    In CLI, browse for update-server-location under system fortiguard settings. For a device with a USG license key, update-server-location does not apply, so you can use the get system status to check for License Status: US-Government(USG).

    Can I change the server location configuration?

    Yes, for non-USG FortiGates, run the following commands in CLI to change this configuration:

    config system fortiguard

    set update-server-location <usa>|<automatic/any>|<eu>

    end

    If my FortiGate's server location is automatic/any, how do I deploy it to my preferred region?

    You may choose the preferred region from the web UI FortiGate Cloud activation page, or run the following commands in the CLI: exe fortiguard-log login <email> <password> <GLOBAL|EUROPE|US>.

    Can I migrate logs uploaded or reports generated to a different region?

    No, you cannot migrate existing data cannot to another region. FortiGate Cloud only uploads new data to the new region from the time that you updated the region settings.

    Why am I logging into the Premium Portal in one region and the Standard Portal in another?

    Upgrading to the Premium Portal is done on a region-by-region basis. If your account meets the upgrade requirements in another region, you see the Upgrade button after logging in and can upgrade to the Premium Portal for that region.

    How do I change my region in the FortiGate Cloud (Premium) portal?

    Migrating to another region for the same account is not permitted as the data cannot be allowed to move across the regions. Instead, creating a new account and reprovisioning the devices to the new account is recommended.

    How do I transfer a FortiGate to a FortiGate Cloud instance that is under the same FortiCloud account that it is registered to?

    See To transfer a FortiGate to a FortiGate Cloud instance that is under the same FortiCloud account that it is registered to:.

    What should I do if I accidentally upgrade FortiOS to 7.4.2 or higher on a FortiGate without a FortiGate Cloud Service subscription and remote access to the device becomes read-only?

    For the following FortiOS versions, the remote access feature requires a FortiGate Cloud Service subscription license on the FortiGate to have read and write access:

    • 7.6.0 and later versions
    • 7.4.2 and later versions
    • 7.2.8 and later versions
    • 7.0.14 and later versions

    If you are considering or in the process of purchasing the license, contact our Support team. They can apply a short-term trial license to your device to resolve the issue. Alternatively, you can access your FortiGate via its web interface. If you do not have access to the FortiGate's web interface, contact our Support team with a description of the situation.

    After I transfer my FortiGate to another account in the Asset Management portal, do I still need to transfer it in FortiGate Cloud?

    After you transfer a FortiGate from account A to B in the Asset Management portal, it is undeployed from account A with existing data retained under account A. The FortiGate is available for deployment under the FortiCare Inventory tab of account B in the FortiGate Cloud portal. After reactivating FortiGate Cloud using account B, you must ensure that the FortiGate central management and log destination are configured as FortiGate Cloud in Security Fabric > Fabric Connectors.

    Does FortiGate Cloud support data backups and disaster recovery?

    FortiGate Cloud is ISO 27001- and SOC2-compliant and supports standard procedures for data backup and redundancy and disaster recovery.

    What happens if automatic firmware upgrade is enabled on FortiGate Cloud and the FortiGate?

    The firmware profile assignment within FortiGate Cloud disables the local automatic firmware upgrade configuration on the FortiGate.

    Can I disable automatic firmware upgrade from FortiOS by logging in directly to the FortiGate that has no FortiGate Cloud subscription to bypass the automatic firmware upgrade enforcement from FortiGate Cloud?

    FortiGate Cloud does not automatically upgrade devices without a FortiGate Cloud subscription to the latest patch. For devices without a subscription to continue uploading logs to FortiGate Cloud, you must manually upgrade the device to the latest patch, such as upgrading the device manually via FortiGate Cloud or by using the automatic firmware upgrade feature in FortiOS. If you do not upgrade the device to the latest patch, the device does not upload logs to FortiGate Cloud.

    For devices with a FortiGate Cloud subscription, automatic firmware upgrades using a firmware profile is available as an optional feature. If you have configured a firmware profile in FortiGate Cloud for a device, you do not need to disable the automatic firmware upgrade feature in FortiOS.

    How can OU users activate FortiGate Cloud on FortiGates provisioned to a placeholder account?

    After adding the FortiGate to an OU placeholder account, provision the FortiGate to that account in FortiGate Cloud by using the FortiZTP portal or Cloud key import. Log in to the FortiOS and run the following commnad: execute fortiguard-log join

    How can I activate FortiGate Cloud on a FortiGate provisioned to an OU placeholder account?

    To activate FortiGate Cloud, run the following in the CLI:

    execute fortiguard-log join

    To refresh the management tunnel connection, run the following in the CLI:

    config system central-management
    set type fortiguard
end
diagnose fdsm contract-controller-update
fnsysctl killall fgfmd
    Previous
    Next