We had a customer with multiple FortiGates that were reporting they could not get the Internet at multiple sites. In investigating, I found that the FortiGates at these sites did not have a connection to FortiGuard and were therefore unable to assess web traffic. Running the command get webfilter status from the CLI of the FortiGates that were having problems showed that they were unable to connect to the FortiGuard. You can also it in the screenshot below on the System > FortiGuard page:
The solution in this instance was to change the connection of how they FortiGate connects to FortiGuard from HTTPS to UDP. This setting can be found under System > FortiGuard. It can also be set via the CLI commands below:
config system fortiguard
set protocol udp
set port 8888
set update-server-location usa
end
It is important to note that all of the Fortinet products connect to FortiGuard to download definitions for licensing, web filtering, anti-spam, etc. If the connection to FortiGuard is down, there may be issues.