Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls -

: Run execute ping service.fortiguard.net or execute ping www.fortinet.com from the CLI.

: Newer FortiOS versions use Anycast for communication, which can sometimes experience TLS handshake failures (TLSv1.3).

: Ensure the firewall can reach the FortiGuard domains. From the CLI, try to ping update.fortiguard.net service.fortiguard.net Restart the DDNS Daemon

Common underlying issues include:

If the issue persists, use these deep diagnostic commands from the FortiGate CLI:

If the list still won't load, the internal DDNS daemon ( ddnscd ) may be stuck. : fnsysctl killall ddnscd Use code with caution. Copied to clipboard

For DNS Filtering, add an exemption for *.fortinet.net under > Static Domain Filter . : Run execute ping service

Older versions of FortiOS (e.g., 6.0, 6.2) may have known bugs related to DDNS loading. Ensure your FortiGate is updated to the latest patch within its stable release (e.g., 7.0.x, 7.2.x, or 7.4.x). Alternative Solutions 1. Use the Command Line for Configuration

: If uptime is critical, consider configuring DDNS with both FortiGuard and a secondary provider. The FortiGate can be configured to use multiple DDNS services simultaneously, providing redundancy in case one fails.

Ensure that "Use FortiGuard Servers" is selected, or use reliable public DNS servers (e.g., 8.8.8.8 or 1.1.1.1 ). fortitenet execute ping fortiguard.net execute ping no-ip.com Use code with caution. From the CLI, try to ping update

If your firewall's date and time are incorrect, SSL handshakes with FortiGuard will fail. Ensure NTP is syncing correctly. 5. Advanced: Management Settings & Interface Selection

The most common cause of this error is that the firewall's WAN interface obtains its IP via DHCP or PPPoE and automatically overwrites your configured system DNS. Many local ISP DNS servers cannot properly resolve Fortinet’s proprietary dynamic DNS assignment domains. How to fix it in the GUI: Navigate to . Edit your active WAN interface (e.g., wan1 or port1 ). Locate the Advanced or Addressing Mode options. Toggle off the setting Override internal DNS . Click OK . 2. Verify Underlying System DNS and Connectivity

| FortiOS Version | Bug ID | Workaround/Temporary Fix | |----------------|--------|--------------------------| | 7.0.0 - 7.0.5 | 0742341 | Upgrade to 7.0.6+ or downgrade to 6.4.9 | | 6.4.0 - 6.4.4 | 0695222 | CLI: config system fortiguard set ddns-server-list "fortiguard.net" | | 7.2.1 | 0812345 | Reboot after first configuration; use CLI: execute ddns refresh-list | Older versions of FortiOS (e

Then restart the FortiGuard service: