Then, wanted to remind you that you need to have at least one policy using IPS to get the attack definitions or attack extended definitions updated. Otherwise, updates won't happen even it's enabled.
I think that behavior have change over the last few years with IPS-ETDB will not update , but IPS-DB and IPS malicious URL Database will. Just wanted to point that out.
For the OP one more item to check is you logs
execute log filter category 1
execute log display
Wait like a few seconds for the display the logs after you do "execute update-now" and the logs will show you pass fail and what fortiguard server you hit. Depending where your at it's probably going to be 173.243.xxx.xxx
if your in a pinch , you can login find your IPS update and manually download and upload to the fortigate.