Description

This article describes that even if the cloud-communication is set to disable, FortiGate is still trying to initiate traffic to globalproductapi.fortinet.

Scope

FortiGate v7.2.8, 7.4.3, 7.4.8, 7.6.4

Solution

Configuration:

get sys status
Version: FortiGate-VM64-KVM v7.2.8,build1639,240313 (GA.M)

config system global
    set cloud-communication disable
end

diagnose test app dnsproxy 7
vfid=0, name=globalproductapi.fortinet.net, ttl=2101:1174:873
154.52.16.209 (ttl=2101)

diagnose fortiguard-resources update sprite-map

Deleted cached resource file: sprite_map.css
Deleted cached resource file: small_sprite.png
Deleted cached resource file: sprite_map_front.css
Request URL: "https://productapi.fortinet.com/v1/ref?key=spritemap&f=fos&v=2"
Host "productapi.fortinet.com" resolved to "206.47.184.6"

Performing HTTP request...

Response identified resource location as "https://filestore.fortinet.com/fortiguard/app_logos96/sprite.tar.gz"
Host "filestore.fortinet.com" resolved to "154.52.13.195"

Performing HTTP request...

Successfully downloaded sprite_map.css:
Size: 439636 bytes
ETag: "66e97837-243abe"
MD5: 3bf302467d9397e355c25555a997fa41
Successfully downloaded small_sprite.png:
Size: 2334388 bytes
ETag: "66e97837-243abe"
MD5: 9761d26f349ef601d2682431621f1e41

This is the known issue 918574 confirmed resolved in v7.2.9, v7.4.4, v7.4.9,v 7.6.5 release notes. Command output confirming the cloud-communication is well disabled (v7.2.9 output):

diagnose fortiguard-resources update sprite-map
Deleted cached resource file: sprite_map.css
Deleted cached resource file: small_sprite.png
Deleted cached resource file: sprite_map_front.css
Could not resolve .
Could not get ip
Error retrieving resource URI from FortiGuard
Command fail. Return code -1