Scenario 1: When 'set index x' is missing from the config trusted-list.

config sys csf

    config trusted-list
        show
        path=, objname=trusted-list, tablename=(null), size=408
            config trusted-list
                edit "FG200ETK199XXXX"
                    set serial "FG200ETK199XXX"

                    ....   ----> The issue here.

                next

end

Solution: Manually configure the setting 'set index x', where x should be a number >0.

Scenario 2: When setting 'set index' is set to 0 in the trusted-list.

config sys csf

    config trusted-list
        show

            edit "FG200ETK199YYYYY"
                set serial "FG200ETK199YYYYY"

                set index 0 ----> The issue here.

            next

            edit "FG200ETK199ZZZZZ"
                set serial "FG200ETK199ZZZZZ"

                set index 1 

            next
end

Solution: When the setting is set to 0, configure it manually to a different number (for example, 2).

After adding 'set index' or changing the value from 0 to another number, Root FortiGate should be able to authorize downstream firewalls. 

Note: The feature 'set index' is used to assign a specific position to a downstream FortiGate in a CSF-managed trust tree, helping maintain structured communication and control in distributed setups, which is introduced in FortiOS version 7.2.6 and continued in later versions.