FortiGate firewall administrators cannot retrieve the Dynamic DNS (DDNS) server list from FortiGuard. Impact: Manual DDNS configuration is blocked, and automated DDNS updates fail or cannot be set up. Severity: Medium to High (depending on reliance on DDNS for VPN/hostname resolution). Status: Root cause identified as connectivity, DNS resolution, or FortiGuard service availability.
execute fortiguard update-now execute fortiguard-ddns-server-list
config system dns set primary 8.8.8.8 set secondary 8.8.4.4 end
config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain yourname.fortiddns.com set monitor-interface wan1 next end Use code with caution. Copied to clipboard Unable to load FortiGuard DDNS server list Common Root Causes If fortiguard
The issue "Unable to load FortiGuard DDNS server list" on FortiGate firewalls typically prevents you from selecting a DDNS server in the GUI, often occurring after firmware upgrades or due to DNS/network configuration conflicts. Common Root Causes
If fortiguard.com isn’t recognized, use the IP-based workaround (temporary):
Double-click your active internet interface (e.g., wan1 or port1 ). checking routing tables
A successful connection will return an output listing active connections, server selections, and your current registered DDNS hostname status without errors. In the GUI, navigating to will now correctly populate the DDNS "Domain" dropdown list with options like fortiddns.com , fortidns.info , and centurylinkddns.com .
: An expired FortiCare support contract or an unreleased DDNS domain string from a previously replaced RMA unit blocks the firewall from pulling the server directory.
: Go to System > FortiGuard and verify that your licenses are active and the FortiGate can reach FortiGuard servers. 3. Adjust Protocol and Ports and ensuring required ports are open
The error "Unable to load FortiGuard DDNS servers list" serves as an indicator of a breakdown in the essential communication link between a FortiGate firewall and the Fortinet security fabric. While the error appears superficially as a UI glitch, it is rooted in fundamental networking principles: DNS resolution, proper routing, and open transmission channels via specific TCP ports. By methodically verifying DNS configurations, checking routing tables, and ensuring required ports are open, network administrators can swiftly restore functionality. Ultimately, resolving this issue not only enables the DDNS feature but also validates the overall health of the firewall’s connectivity, ensuring it can continue to receive vital security updates and threat intelligence.
: An upstream device (or a self-referencing policy) is blocking or intercepting FortiGuard ports.
