When a FortiGate is operating as a standalone unit with configuration synchronization enabled, the primary device registers successfully with FortiCloud but it may disconnect after a short period of time. For details on how to configure this feature, refer to the official guide: Using Standalone Configuration Synchronization — FortiGate 6.2.0 Cookbook.

Configuration Example:

Enable standalone configuration synchronization on the primary device:

config system ha
    set password **********
    set hbdev ha1 50 ha2 100
    set priority 255
    set override enable
    set standalone-config-sync enable
end

Registering the Device with FortiCloud:

execute fortiguard-log login <account> <password> <domain>

Verify registration:

FGT1# diagnose fdsm contract-controller-update
Protocol=2.1|Response=202|Firmware=FAZ-4K-FW-2.50-100|SerialNumber=FAMS000000000000|Persistent=false|ResponseItem=HomeServer:g101.forti
gate.forticloud.com*AlterServer:g101.fortigate.forticloud.com*AccountType:regular*Contract:20251210*NextRequest:86400*UploadConfig:Fals
e*ManagementMode:Local*ManagementID:411061651

Result=Success   <----- FortiGate successfully registered on FortiCloud.

HA status:

get system ha status
path=system, objname=ha, tablename=(null), size=5912
HA Health Status:
WARNING: FG201E4Q17900771 has hbdev down;
WARNING: FG201ETK19900991 has hbdev down;
Model: FortiGate-201E
Mode: ConfigSync
Group Name:
Group ID: 0
Debug: 0
Cluster Uptime: 0 days 0:0:51
Cluster state change time: 2019-09-03 17:46:07
Primary selected using:
<2019/09/03 17:46:07> FG201ETK19900991 is selected as the primary because it has the largest value of override priority.
ses_pickup: disable
override: disable
Configuration Status:
FG201E4Q17900771(updated 3 seconds ago): out-of-sync
FG201ETK19900991(updated 1 seconds ago): in-sync
System Usage stats:
FG201E4Q17900771(updated 3 seconds ago):
sessions=1, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=16%
FG201ETK19900991(updated 1 seconds ago):
sessions=1, average-cpu-user/nice/system/idle=0%/0%/0%/100%, memory=16%
HBDEV stats:
FG201E4Q17900771(updated 3 seconds ago):
wan2: physical/1000auto, up, rx-bytes/packets/dropped/errors=114918/266/0/0, tx=76752/178/0/0
ha: physical/00, down, rx-bytes/packets/dropped/errors=0/0/0/0, tx=0/0/0/0
FG201ETK19900991(updated 1 seconds ago):
wan2: physical/1000auto, up, rx-bytes/packets/dropped/errors=83024/192/0/0, tx=120216/278/0/0
ha: physical/00, down, rx-bytes/packets/dropped/errors=0/0/0/0, tx=0/0/0/0
Secondary: FortiGate-201E, FG201E4Q17900771, HA cluster index = 1
Primary: FortiGate-201E, FG201ETK19900991, HA cluster index = 0
number of vcluster: 1
vcluster 1: work 169.254.0.1
Secondary: FG201E4Q17900771, HA operating index = 1
Primary: FG201ETK19900991, HA operating index = 0

The device successfully registers with FortiCloud, but it disconnects automatically later.

Collect debug logs during disconnection by running the following commands:

diagnose debug enable
diagnose debug application forticldd -1
diagnose fdsm log-controller-update
diagnose fdsm contract-controller-update
diagnose test application forticldd 1
diagnose test application forticldd 3

Example output showing a FortiGate Cloud account ID reset to null after a successful login:

FTG01 # [210] fds_on_sys_fds_change: trace
[669] fds_https_stop_server: 173.243.132.23:443
[37] fds_queue_task: req-111 is added to log-controller
[616] fds_https_start_server: server: 173.243.132.23:443
[617] fds_https_start_server: source-ip: 0.0.0.0:0
[115] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory.cer, root ca Fortinet_CA, idx 0 (default)
[115] __ssl_cert_ctx_load: Added cert /etc/cert/factory/root_Fortinet_Factory_Backup.cer, root ca Fortinet_CA_Backup, idx 1
[484] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[504] ssl_ctx_use_builtin_store: Enable CRL checking.
[511] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[814] ssl_ctx_create_new: SSL CTX is created
[841] ssl_new: SSL object is created
[908] ssl_set_hostname: Set hostname 'fortinet-ca2.fortinet.com'
[93] https_create: proxy server 0.0.0.0 port:0
[194] ssl_add_ftgd_hostname_check: Add hostname checking 'logctrl1.fortinet.com'
[573] __tcps_tcp_start_connect: sockfd=11, server=173.243.132.23:443, use_harelay=0, use_proxy=0
[577] __tcps_tcp_start_connect: ret=-1
[582] __tcps_tcp_start_connect: errno=115(Operation now in progress)
[870] tcps_connect: 173.243.132.23:443 -- ret 0, state 0x0(Intialized) -> 0x11(Connecting)
[98] fds_print_msg: FCPC: len=214
[105] fds_print_msg: Protocol=2.0
[105] fds_print_msg: Command=Update
[105] fds_print_msg: Firmware=FGT80F-FW-7.02-1740
[105] fds_print_msg: SerialNumber=FGT80FTK24004149
[105] fds_print_msg: PhysicalSN=FGT80FTK24004149
[105] fds_print_msg: TimeZone=-4
[105] fds_print_msg: TimeZoneInMin=-240
[105] fds_print_msg: DataItem=AccountID:security@fortinet.ca
[105] fds_print_msg: Vdom:root
[98] fds_print_msg: http req: len=261
[105] fds_print_msg: POST https://173.243.132.23:443/FCPService/Controller HTTP/1.1
[105] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
[105] fds_print_msg: Host: 173.243.132.23:443
[105] fds_print_msg: Cache-Control: no-cache
[105] fds_print_msg: Connection: close
[105] fds_print_msg: Content-Type: application/octet-stream
[105] fds_print_msg: Content-Length: 406
[513] fds_https_connect: http request to 173.243.132.23:443: header=261, ext=406.
[247] fds_https_send: sent 404 bytes: pos=0, len=404
[262] fds_https_send: sent the entire request to server: 209.40.117.133:443
[247] fds_https_send: sent 261 bytes: pos=0, len=261
[254] fds_https_send: 173.243.132.23:443: sent 261 byte header, now send 406-byte body
[707] __ssl_info_callback: SSL negotiation finished successfully
[707] __ssl_info_callback: SSL negotiation finished successfully
[707] __ssl_info_callback: SSLv3/TLS read server session ticket
[707] __ssl_info_callback: SSL negotiation finished successfully
[707] __ssl_info_callback: SSL negotiation finished successfully
[707] __ssl_info_callback: SSLv3/TLS read server session ticket
[2016] ctrl_upd_res: Reset management servers and id
[1864] fds_set_schedule: Set schedule off, type=0
[1864] fds_set_schedule: Set schedule off, type=1
[1864] fds_set_schedule: Set schedule off, type=2
[471] fds_free_tsk: cmd=4; req.noreply=0
[1864] fds_set_schedule: Set schedule off, type=0
[1864] fds_set_schedule: Set schedule off, type=1
[1864] fds_set_schedule: Set schedule off, type=2
[471] fds_free_tsk: cmd=4; req.noreply=0
[3497] fds_handle_request: Received cmd 116 from pid-15613, len 0
[527] fds_send_reply: Sending 8 bytes data.
[3497] fds_handle_request: Received cmd 116 from pid-15613, len 0
[527] fds_send_reply: Sending 8 bytes data.
[3497] fds_handle_request: Received cmd 116 from pid-15613, len 0
[527] fds_send_reply: Sending 8 bytes data.
0: config system fortiguard
0: set service-account-id "" <----- FortiGate Cloud account id is reset to null immediately after successful login or join (which is done by another FortiGate).
0: end

Root cause:

This behavior occurs because standalone-config-sync enable combined with valid hbdev settings makes the unit behave like an HA cluster. When only one device is registered on FortiCloud, conflicts occur, causing disconnection.

Solution:

1. Add the other unit (FortiGate 2) to the same FortiGate Cloud account.

2. Disable standalone configuration sync:

config system ha
    set hbdev "a" 100
    set standalone-config-sync enable<----- Solution (set it to disable).
    set override enable
    set priority 255
end