FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article deals with the internal server error when activating the FortiCloud account on FortiGate.  This is mostly encountered due to the FortiGate either being unable to resolve the names or unable to reach the FortiGuard services.


Activating cloud based logging and reporting on FortiGate.

Verify if FortiGate can resolve the host names and reach the FortiGuard servers.

Open the CLI of the FortiGate and run the following commands.

1)  execute ping-options source <ip address of the wan interface>

Then ping:
execute ping

Unable to resolve hostname.

2)  Go to Network > DNS > and change the DNS server to 'Use FortiGuard Servers' and apply.

3)  Repeat step (1)
execute ping

PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=55 time=247.3 ms
64 bytes from icmp_seq=1 ttl=55 time=246.1 ms
64 bytes from icmp_seq=2 ttl=55 time=246.5 ms
64 bytes from icmp_seq=3 ttl=55 time=251.4 ms
64 bytes from icmp_seq=4 ttl=55 time=245.8 ms
If the FortiGate still cannot reach then proceed to step 4.

4)  Set the source IP address to the IP addresses of the WAN (if multiple WAN interfaces are used)  then the one which works with a command in step (1).
config system fortiguard
source-ip <IP address of the WAN interface which can reach>

5)  Verify step (1).  If successful then attempt to activate the FortiCloud account again.