1. Confirm the internet-service database's current settings:

show full system global | grep internet-service-database

2. Update FortiGuard and confirm if that resolves the issue:

diagnose debug reset

diagnose debug application update -1

diagnose debug enable

execute update-now

Disable after around 5 minutes: 

diagnose debug disable
diagnose debug reset

If the issue persists, try to temporarily set the internet-service database to full and rerun: 'exec update-now'.

config system global
    set internet-service-database full
end

execute update-now

Undo the internet-service-database changes if the issue persists.

config system global
    unset internet-service-database
end

Note: 

'set internet-service-database on-demand' is sometimes configured as a memory optimization on entry-level devices. When this option is enabled, it is expected that unused internet-service objects to contain no addresses. To update a previously unused internet-service object in this scenario, configure the Internet Service object on a firewall policy and enter the command 'execute update-ffdb-on-demand'. See the article Technical Tip: Internet-service-database: On-demand for more information on this setting.

3. Refresh the ISDB:

execute internet-service4 refresh

If the device displayed an output similar to the following, then reboot the FortiGate and rerun 'exec internet-service4 refresh'.

execute internet-service4 refresh
Internet Service IPv4 refresh start ...
Start to initialize APP file.
Start to initialize MAP file.
Internet Service failed to refresh. ret=-6 (shared memory error)

4. Ensure the device has a valid support contract and connection to FortiGuard. If the device is in an HA cluster, ensure primary and secondary units have valid support contracts and are registered to the same account. See Technical Tip: The HA Cluster license requirements