FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 193540
This article shows how to redirect updates such as signature updates and license syncs to a different WAN interface using the web-proxy feature on the FortiGate.

Requirement: Two WAN interfaces are configured on the FortiGate but license synchronization and signature updates should be directed to only a specific WAN interface which is in low priority.

License and signature updates take WAN interface accordingly to route priority.

To workaround this using Web-proxy on FortiGate using dummy interface (or any LAN interface IP) can create Proxy tunneling and create web-proxy policy to point to specific interface always to get signature and license updates.

Note: For failback to primary WAN for signature update another explicit proxy policy is required to failover to next available WAN for signature and license updates.  Webfilter and Antispam updates are excluded in this updates.

Configuration GUI

Port1 and Port7 are WAN, traffic wants to route to Port7.  Here Port1 has higher priority than Port7 so by default all FortiGate self-generated traffic routes on Port1.

Configure a dummy interface with dummy IP for explicit proxy enabled, any used LAN interface can be used:
config system interface
    edit "port8"
        set vdom "root"
        set ip
        set type physical
        set explicit-web-proxy enable
        set role lan
        set snmp-index 8

Port7 is the secondary WAN to which traffic is to be directed:
config system interface
    edit "port7"
        set vdom "root"
        set ip
        set type physical
        set role wan
        set snmp-index 7

Configure Proxy tunneling for the IP:
config system autoupdate tunneling
    set status enable
    set address ""
    set port 8080

Create policy from web-proxy to any WAN you want to route to.  In this example Port7 is a secondary WAN.
config firewall explicit-proxy-policy
    edit 3
        set uuid d05baa6e-4b63-51e7-dcdd-7aa3f3181bdd
        set proxy web
        set dstintf "port7"
        set srcaddr "all"
        set dstaddr "all"
        set service "webproxy"
        set action accept
        set schedule "always"

Results of traffic being sent to Port7:
ion-kvm25 # upd_daemon[1094]-Received update now request
do_setup[217]-Starting SETUP
upd_act_setup[191]-Trying FDS
tcp_connect_fds[175]-Proxy tunneling enabled to
ssl_connect_fds[484]-Failed SSL connecting (1,0,error:14090086:lib(20):func(144)                                                                                                             :reason(134))
upd_comm_connect_fds[591]-Failed SSL connect
upd_act_setup[195]-Failed connecting to
do_setup[261]-Failed setup
__upd_act_update[279]-Trying FDS with AcceptDelta=0
tcp_connect_fds[175]-Proxy tunneling enabled to

Related Articles

Technical Note: FortiGuard updates using a proxy server