Technical Tip: Disable cloud communication for FortiGate in Airgap (closed network) Environment

In a situation where FortiGate has no internet access and to prevent FortiGate from attempting to communicate with Fortinet public cloud servers, the following cloud communication settings must be disabled. 

Configuration parameters:

FGT # config system global     set cloud-communication disable     set fds-statistics disable     set gui-auto--setup-warning disable     set gui-firmware-upgrade-warning disable     set gui-forticare-registration-setup-warning disable     set security-rating-run-on-schedule disable     set fortitoken-cloud disable     set fortitoken-cloud-push-status disable end  FGT # config system autoupdate schedule     set status disable end  FGT # config system fortiguard     set auto-join-forticloud disable     set auto-firmware-upgrade disable     set antispam-force-off enable     set antispam-cache disable     set outbreak-prevention-force-off enable     set webfilter-force-off enable     set webfilter-cache disable end

Known issues:

1. Even when cloud communication is disabled, FortiGate still tries to communicate with some public FortiCloud servers: Troubleshooting Tip: FortiGate is still communicating to globalproductapi.fortinet.net even with cloud-communication is disabled

2. In an air-gap environment, it is expected that the FortiGate will not be able to connect to FortiGuard servers.

   Nevertheless, the notification 'Unable to connect to FortiGuard servers' will always be shown, and cannot be disabled: Technical Tip: Disable Notification of 'Unable to connect to FortiGuard servers'.

Technical Tip: Major FortiOS behavior change requiring FortiCare registration on FortiGate G series models

Technical Tip: Procedure to apply FortiGate firewall license to offline units