Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msanjaypadma
Staff
Staff

Created on ‎02-26-2025 07:29 AM Edited on ‎04-28-2025 06:47 AM By Moderator

Article Id 379097

Technical Tip: Failed to activate FortiCloud account on FortiGate. Error: 'acct_st=Error

Description

 

This article explains how to activate the FortiCloud account in FortiGate when encountering the error: 'acct_st=Error.'

 

Scope

 

FortiGate.

 

Solution

 

While activating a FortiCloud account on FortiGate, when encountering the following error, it indicates a potential issue with FortiCloud log settings and that the firewall is unable to reach the FortiCloud server.

 

FortiGate1(global) # diagnose test application forticldd 1
System=FGT Platform=FG32F1
Connection vdom: root, id=0, ha=primary.
acct_id=
acct_st=Error

FortiGuard interface selection: method=specify specify=internet-rootFortiGuard log: status=disabled, full=overwrite, ssl_opt=1, source-ip=0.0.0.0
Centra Management: type=NONE, flags=000000bf.
active-tasks=0
rpdb_ver=00000002 rpdb6_ver=00000002

 

To verify that the FortiGate firewall is selecting the correct exit interface and source IP when trying to reach the FortiCloud server, use the following commands:

 

  1. Capture the FortiCloud debug logs:

 

diagnose debug reset

diagnose debug application forticldd -1

diagnose debug enable

 

To stop the debugs:

 

diagnose debug disable

diagnose debug reset

 

  1. Manually send a request to log in to FortiCloud:

     

execute fortiguard-log login <username> <password>

 

  1. Capture packet data using a sniffer for the destination FortiCloud server:


diagnose sniffer packet any "host x.x.x.x"  4 0 l 

 

Replace 'x.x.x.x' with the FortiCloud IP address retrieved in the previous step.

 

  1. If FortiGate randomly selects an IP address instead of a public or private IP address for connectivity with FortiCloud, proceed to the next step.

     

config log fortiguard setting
    set source-ip <ip address>
    set interface-select-method specify
    set interface <interface>
end

 

  1. After configuring the correct source IP address and exiting the interface in the FortiGuard log settings, refer to Step 2 to send a request to log in to FortiCloud and verify the connection.

 

execute fortiguard-log login <username> <password>

 

Verification:

 

FortiGate1 (global) # diagnose test application forticldd 1

System=FGT Platform=FG32F1
Connection vdom: root, id=0, ha=primary.
acct_id=admin@test.ac.in
acct_st=OK

FortiGuard interface selection: method=specify specify=internet-rootFortiGuard log: status=disabled, full=overwrite, ssl_opt=1, source-ip=11.12.13.1

Centra Management: type=NONE, flags=000000bf.

active-tasks=0

rpdb_ver=00000002 rpdb6_ver=00000002

526
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.