When a Sky-Q box is in an internal network and a FortiGate is acting as its Gateway, sometimes there are issues with connectivity, and the Sky-Q box will not connect. 

The first step to troubleshooting this issue is running a debug flow. 

Debug flow commands:

diagnose debug reset
diagnose debug flow filter clear
diagnose debug flow filter addr x.x.x.x
diagnose debug flow show iprope enable
diagnose debug flow show function enable
diagnose debug console timestamp enable
diagnose debug flow trace start 500
execute time
diagnose debug enable

Where x.x.x.x is the source IP, in this case, the IP of the Sky-Q box.

To disable the debug:

diagnose debug disable

diagnose debug reset

If from the debug flow, it is noticed that the Sky-Q box is trying to ping its Gateway IP, in this case, the FortiGate, then it matches with this article.
The Sky-Q box tries to ping its Gateway IP before trying to establish a connection with its servers. 
If, for any reason, that interface does not have PING enabled as a service, the Sky-Q box will not connect. 

After enabling PING on the interface level, either via CLI or GUI, the Sky-Q box will connect right away. 
Example of enabling ping on port1 when no other services are enabled on the port:

config system interface
    edit port1
        set allowaccess ping
end

Note:
If the issue persists even after allowing ping on the interface, a fresh debug flow would need to be gathered. Depending on the servers, the Sky-Q box is trying to connect to a multicast policy that might be needed to allow the traffic.