If the error 'FortiGate Cloud activation failed' appears: 

• Verify the FortiGate can connect to FortiGuard and has DNS connectivity. See the article 'Unable to connect to FortiGuard servers'.
• Verify custom source-ip in 'config log fortiguard setting' is correct or no custom source-ip is required.
• Verify the license is valid using 'diagnose autoupdate versions' or 'diagnose test update info':
  
  VAN_EDGE-B # diagnose test update info | grep System -A 10
  System contracts:
      HDWR,Sat Aug  2 2025
      ENHN,Sat Aug  2 2025
      COMP,Sat Aug  2 2025
      FMWR,Sat Aug  2 2025
      FGSA,Wed Dec 20 2023
      FURL,Sat Aug  2 2025
      SPAM,Sat Aug  2 2025
      SBCL,Sat Aug  2 2025
      ZHVO,Sat Aug  2 2025
      IOTH,Wed Dec 20 2023
  
  VAN_EDGE-B # execute date
  current date is: 2024-11-12

To activate FortiGate Cloud or join an existing deployment, FortiGate requires HTTPS access to the following domains. The exact domain names required depend on settings in 'config system fortiguard'.

mgrctrl1.fortinet.com
msgctrl1.fortinet.com
logctrl1.fortinet.com
uslogctrl1.fortinet.com
eulogctrl1.fortinet.com

globalmgrctrl.fortinet.net
globalmsgctrl.fortinet.net
globallogctrl.fortinet.net
uslogctrl.fortinet.net
eulogctrl.fortinet.net

globalmgrctrl2.fortinet.net
globalmsgctrl2.fortinet.net
globallogctrl2.fortinet.net
uslogctrl2.fortinet.net
eulogctrl2.fortinet.net

Additional FortiGate Cloud-required ports and access control information can be found in the FortiGate Cloud administration guide.

FortiGate Cloud auto-join will always fail if FortiGate Cloud has not been activated for the device. FortiGate Cloud can be activated from the FortiGate GUI: System > FortiGuard -> Select 'Activate' -> Enter credential for the FortiCloud account owner.


If activating FortiGate Cloud gives the message ‘FortiGate Cloud Internal Error’, this indicates the activation attempt failed. See ‘How to troubleshoot FortiGate Cloud Internal Error’ for troubleshooting steps in this case.