Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Jun 2026

config system fortiguard set fortiguard-anycast disable set ddns-server-ip 173.243.138.226 set protocol udp end Use code with caution. Copied to clipboard

: Ensure the firewall can reach the FortiGuard domains. From the CLI, try to ping update.fortiguard.net service.fortiguard.net Restart the DDNS Daemon

When you navigate to or Network > DDNS on a FortiGate (FortiOS 6.0 through 7.4), the firewall attempts to fetch an up-to-date list of supported DDNS providers (e.g., FortiGuardDDNS, no-ip, DynDNS, ChangeIP) from Fortinet’s FortiGuard servers.

The firewall cannot resolve fortiguard.com addresses.

FortiGuard relies on secure SSL connections. If your FortiGate's system time is out of sync by even a few minutes, the SSL handshake with FortiGuard servers will fail. The firewall cannot resolve fortiguard

Once enabled, navigate back to the page in the GUI to trigger a DDNS server list refresh. The CLI will output detailed logs. Look for specific errors such as SSL CA check failed , Connection timeout , or Authentication failed . To stop the debug stream, type: diagnose debug disable Use code with caution. Verifying the Solution

These commands will help you see the real-time handshake and identify any specific errors like certificate mismatches.

If your internet connection uses DHCP or PPPoE, the firewall might be using restrictive ISP domain servers. Disabling the override setting forces the system to use your globally configured DNS servers.

If you want, I can produce a version tailored to a specific FortiOS release, include exact FortiGuard domain/IP lists for firewall rules, or create a one-page runbook with the exact CLI sequence for your environment. Once enabled, navigate back to the page in

A valid FortiCare contract is required for some FortiGuard services.

. This issue prevents the firewall from retrieving the necessary dynamic DNS (DDNS) server metadata required to maintain reachable hostnames for dynamic public IP addresses. BOLL Engineering AG Common Root Causes DNS Resolution Failures: If the FortiGate cannot resolve globalddns.fortinet.net

This comprehensive troubleshooting guide explains why this problem occurs and provides step-by-step solutions to fix it. Root Causes of the Error

: Modern FortiOS versions use "Anycast" by default. Network environments or ISPs sometimes block this traffic or experience SSL handshake failures with the Anycast IP addresses. To stop the debug stream

: A handshake failure (common in older versions like v7.0) may require you to lower the minimum SSL version if there is a protocol mismatch. config system global ssl-min-proto-version TLS1.0 end Use code with caution. Copied to clipboard Hardware/Firmware Limitations

Unable to connect to FortiGuard servers. - Fortinet Community

When the GUI fails to load the server list dropdown menu, you can bypass the interface bug entirely by configuring the DDNS domain straight through the CLI.

How to Fix "Unable to load FortiGuard DDNS servers list" on FortiGate Firewalls