FortiGate management traffic (including FortiGuard updates) is governed by the traffic path. You need an IPv4 policy that allows traffic from the FortiGate’s own interface (the management IP or default gateway) to the WAN.
execute update-now exec cert local-renew
Share your experience or additional workarounds in the comments below. For urgent assistance, visit the official Fortinet Community Forum or open a support ticket with the diagnostic outputs listed above.
: Ensure the firewall can reach the FortiGuard domains. From the CLI, try to ping update.fortiguard.net service.fortiguard.net Restart the DDNS Daemon
Run execute ping update.fortiguard.net in the CLI.