FortiExtender is using profile VZ-5G-511F:

The administrator modifies the profile and removes protocols ping, HTTP, and SSH from the 'Allow Access' for the LTE1 interface:

The administrator syncs the profile changes to the FortiExtender, but the changes done on the profile don't sync to FortiExtender as it still shows protocols ping, HTT,P and SSH from the 'Allow Access' for the LTE1 interface:

Ideally, any changes made to the global profile (in this case, VZ-5G-511F) should sync to all FortiExtenders using the profile. However, changes are not syncing because override settings have been applied. This occurred when changes were made locally on the FortiExtender through FortiEdge Cloud at any point in the past, rather than pushing updates from the global profile. 

Once override settings are applied, global profile changes no longer take effect on that FortiExtender.

To fix the issue, follow these steps:

1. Create a new global profile.
2. Swap the old global profile with the new one.
3. Going forward, always make changes through the global profile instead of applying them locally on the FortiExtender.