Skip to main content
kajlasunil
Staff
kajlasunil
Staff
March 17, 2026

Troubleshooting Tip: FortiGate Cloud registration failure 'Error Getting FortiGate Cloud Domain, HTTP 400' due to incorrect source IP

  • March 17, 2026
  • 0 replies
  • 656 views
Description This article describes a possible cause and technical solution for the FortiGate Cloud registration failure error 'Error Getting FortiGate Cloud Domain, HTTP 400', which can occur due to an incorrect source IP configuration on the FortiGate.
Scope FortiGate, FortiCloud.
Solution

In some cases, FortiGate Cloud registration may fail with the error 'HTTP 400' or 'Error Getting FortiGate Cloud Domain'. This issue can occur when an incorrect source IP address is configured for FortiGuard communication. When a source IP is manually set, the FortiGate will use that IP instead of the WAN interface IP to communicate with the FortiCloud servers, which can cause the registration request to fail.

The following steps can be used to verify connectivity to the FortiCloud log server and confirm whether a source IP is configured, and to remove the configuration if necessary.

FortiCLoud.PNG capture_file_screenshot_whatever.png

 

Step 1: Verify if the log server is reachable.

 

execute telnet logctrl1.fortinet.com 443
Trying 173.243.132.23...
Connected to 173.243.132.23

 

Step 2: Run a packet sniffer on the log server IP address,

 

diagnose sniffer packet any 'host 173.243.132.23' 4 0 l
interfaces=[any]
filters=[host 173.243.132.23]
2026-03-13 15:25:25.544819 wan1 out 192.168.11.1.3185 -> 173.243.132.23.443: syn 2294236318
2026-03-13 15:25:26.552711 wan1 out 192.168.11.1.3185 -> 173.243.132.23.443: syn 2294236318
2026-03-13 15:25:28.568715 wan1 out 192.168.11.1.3185 -> 173.243.132.23.443: syn 2294236318
2026-03-13 15:25:32.664713 wan1 out 192.168.11.1.3185 -> 173.243.132.23.443: syn 2294236318

 

From the output above, it is clear that the FortiGate is using the IP address 192.168.11.1, which is not the expected public WAN IP address

 

Step 3: Use the following command to verify if the source IP is configured.

 

diagnose test application forticldd 1

 

FortiWiFi-70G-POE # diagnose test application forticldd 1
System=FGT Platform=FW70GP
Connection vdom: root, id=0, ha=primary.
acct_id=
acct_st=Logged Out

FortiGuard interface selection: method=auto specify=FortiGuard log: status=disabled, full=overwrite, ssl_opt=1, source-ip=192.168.11.1

Centra Management: type=NONE, flags=000000bf

 

The source IP is configured. This IP needs to be unset to allow the FortiGate to use the IP set on the egress interface.

 

To unset the IP address, use the following command.

 

config log fortiguard setting
    unset source-ip
end

 

After unsetting the IP, FortiGate should be able to register the FortiCloud account.

 

Collect the following debug logs. If the registration continues to fail after collecting the logs, proceed with opening a TAC ticket.

 

Run the debugs using the following commands :


diagnose debug console timestamp enable
diagnose debug application forticldd -1
diagnose debug enable

 

To disable the debugs:

 

diagnose debug disable

diagnose debug reset
Terms & ConditionsAccessibility statement