In a situation where FortiGate has no internet access and to prevent FortiGate from attempting to communicate with Fortinet public cloud servers, the following cloud communication settings must be disabled. 

Configuration parameters:

FGT # config system global
    set cloud-communication disable
    set fds-statistics disable
    set gui-auto--setup-warning disable
    set gui-firmware-upgrade-warning disable
    set gui-forticare-registration-setup-warning disable
    set security-rating-run-on-schedule disable
    set fortitoken-cloud disable
    set fortitoken-cloud-push-status disable
end

FGT # config system autoupdate schedule
    set status disable
end

FGT # config system fortiguard
    set auto-join-forticloud disable
    set auto-firmware-upgrade disable
    set antispam-force-off enable
    set antispam-cache disable
    set outbreak-prevention-force-off enable
    set webfilter-force-off enable
    set webfilter-cache disable
end

Known issues:

1. Even when cloud communication is disabled, FortiGate still tries to communicate with some public FortiCloud servers: Troubleshooting Tip: FortiGate is still communicating to globalproductapi.fortinet.net even with clo...

2. In an air-gap environment, it is expected that the FortiGate will not be able to connect to FortiGuard servers.

   Nevertheless, the notification 'Unable to connect to FortiGuard servers' will always be shown, and cannot be disabled: Technical Tip: Disable Notification of 'Unable to connect to FortiGuard servers'.

Technical Tip: Major FortiOS behavior change requiring FortiCare registration on FortiGate G series ...

Technical Tip: Procedure to apply FortiGate firewall license to offline units