A large number of 'Attempted to join FortiCloud' and 'FortiCloud service activation failed' messages may be seen under Log & Report -> Events -> System Events, or an event log may show the following messages:

FortiOS v7.0.11 and earlier:

date=2023-09-15 time=15:39:20 eventtime=1695455160407625415 tz="+0500" logid="0100022952" type="event" subtype="system" level="warning" vd="root" logdesc="FortiCloud activation failed" user="auto-join" action="login" msg="FortiCloud service activation failed"

date=2023-09-15 time=15:39:19 eventtime=1695455159985569156 tz="+0500" logid="0100022949" type="event" subtype="system" level="notice" vd="root" logdesc="FortiCloud auto-join attempted" user="auto-join" action="login" msg="Attempted to join FortiCloud"

FortiOS v7.0.12, v7.2.5 and later:

date=2024-11-11 time=15:44:51 eventtime=1731368688840861580 tz="-0800" logid="0100022952" type="event" subtype="system" level="warning" vd="root" logdesc="FortiGate Cloud activation failed" user="auto-join" action="login" msg="FortiCloud service activation failed"
date=2024-11-11 time=15:44:51 eventtime=1731368688747484560 tz="-0800" logid="0100022949" type="event" subtype="system" level="notice" vd="root" logdesc="FortiGate Cloud auto-join attempted" user="auto-join" action="login" msg="Attempted to join FortiCloud"

These messages indicate that FortiGate is configured to automatically join the remote logging and central-management service FortiGate Cloud, but the connection attempt was not successful.

Usually, this occurs because the device is not currently deployed in any FortiGate Cloud account, or the FortiGate is unable to contact the FortiGate Cloud service.

If the device is intended to use FortiGate Cloud:

A device with auto-join enabled and central-management type ‘fortiguard’ will attempt to contact the FortiGate Cloud service when it boots and periodically thereafter. If FortiGate Cloud is not activated for the device, auto-join will fail.

If FortiGate Cloud is activated for a device, it will be present under the ‘FortiGate Cloud Deployed’ tab in the Inventory section of an existing FortiGate Cloud account.


If the device is present in ‘FortiGate Inventory’ or ‘FortiCare Inventory’, FortiGate Cloud is not activated for this device. Deploy it from the desired FortiGate Cloud Region to activate the FortiGate Cloud service for this device.

 
FortiGate Cloud can also be activated manually from FortiGate GUI. See the article 'How to register/ activate FortiGate Cloud from GUI and enable logging'.

If FortiGate Cloud shows the device in 'FortiGate Cloud Deployed' but the auto-join events still show activation failed, likely the device is not able to connect to FortiGate Cloud.

• Verify the device has DNS and FortiGuard connectivity.
  
  execute ping logctrl1.fortinet.com
  
  
• Custom source-ip is required in some environments, such as when the device's internet connection passes over an IPsec tunnel. If required, this is configured in 'config system fortiguard' and 'config log fortiguard setting'.

config system fortiguard

    set source-ip <source ip>

end

config log fortiguard setting

    set source-ip <source ip>

end

See the article 'FortiGate Cloud activation failed' for further activation troubleshooting steps.

If the device is not intended to use FortiGate Cloud:

Disable auto-join-forticloud in CLI, or change system central-management type from ‘fortiguard’ to ‘none’.

config system fortiguard

    set auto-join-forticloud disable

end

config system central-management

    set type none

end

Once the device is joined to FortiGate Cloud successfully or auto-join is disabled, repetitive 'FortiCloud service activation failed' events will cease.