Currently, the settings for 'antispam-force-off' and 'webfilter-force-off' of FortiGuard settings in local FortiGate are disabled:

To enable the settings from FortiManager, navigate to Device Manager -> Device & Groups -> FortiGate -> CLI Configurations -> System -> FortiGuard. Enable the 'antispam-force-off' and 'webfilter-force-off'.

However, when trying to install the changes to the FortiGate, there are no changes to be pushed:

After the installation is finished, somehow the 'antispam-force-off' and 'webfilter-force-off' settings are automatically disabled:

After further investigation, it was found that the FortiGate is assigned a system template with the 'FortiGuard' setting enabled:

To solve this issue, there are two ways:

1. Disable the 'FortiGuard' setting.
2. Or unassign the template from the FortiGate.

Next, navigate to Device Manager -> Device & Groups -> FortiGate -> CLI Configurations -> System -> FortiGuard to enable the 'antispam-force-off' and 'webfilter-force-off' again.

After that, it can be seen that FortiManager is now able to push the 'antispam-force-off' and 'webfilter-force-off' settings: