Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Guide

If you continue to face issues, it is recommended to check the for the latest known bugs related to your specific firmware version.

Setting up Dynamic DNS (DDNS) on a FortiGate firewall is essential for managing remote access via VPN or port forwarding when your ISP provides a dynamic public IP address. However, a common issue arises during configuration: the , showing an empty list or an error message instead of the available services like dyndns , no-ip , or fortiguard-ddns .

Network security devices are blocking UDP port 53, UDP port 8888, or HTTPS port 443.

FortiGate firewalls offer built-in Dynamic DNS (DDNS) support through FortiGuard’s DDNS service. Administrators sometimes encounter the error message: when trying to configure or update DDNS settings. This article explains the root causes and provides step-by-step solutions.

If your FortiGate has multiple WAN interfaces (SD-WAN), FortiGuard traffic might be exiting an interface that lacks a proper return route or public IP. You can force FortiGuard traffic to use a specific source IP or interface: config system fortiguard set source-ip 0.0.0.0 end Use code with caution. If you continue to face issues, it is

: The firewall is attempting to connect over a port or protocol that is blocked by your Internet Service Provider (ISP). Step-by-Step Troubleshooting Network and DNS

: The FortiGate cannot resolve the Fully Qualified Domain Names (FQDNs) used by FortiGuard.

Although less common, licensing and Virtual Domain (VDOM) configurations can also trigger this error. If the FortiGate’s support contract has expired, certain FortiGuard services may become unavailable, potentially affecting dynamic content fetching. Additionally, in environments utilizing VDOMs, the "Global" settings for management traffic must be carefully examined. If the management traffic is pinned to a specific VDOM that lacks internet access, the "root" VDOM (or whichever VDOM is attempting the fetch) will fail to retrieve the list.

Select your active WAN interface (e.g., wan1 or port1 ) and click . Locate the section for Advanced Options . Clear the checkbox next to Override internal DNS . Click OK to commit changes. Establish Static, Reliable System DNS Network security devices are blocking UDP port 53,

Several FortiOS versions have bugs causing this exact error.

config system fortiguard set fortiguard-anycast disable set protocol udp set ddns-server-ip 173.243 . 138.225 # Force a specific DDNS server end Use code with caution. Copied to clipboard

Here’s a clean, professional text you can use for a support ticket, KB article, status update, or internal note:

If you recently upgraded firmware, certain cloud communication settings might have been disabled by default. : config system global set cloud-communication enable end Use code with caution. Copied to clipboard 5. Restart the DDNS Client This article explains the root causes and provides

: If VDOMs are enabled, ensure the management VDOM (usually 'root') has a valid route to the internet, as FortiGuard communication typically originates from there.

Log into the Fortinet Support Portal or inspect the local dashboard to confirm your FortiCare subscription hasn't expired.

This comprehensive guide covers the root causes of this issue and provides step-by-step solutions to resolve it. Root Causes of the Error

Set reliable DNS servers (e.g., Google 8.8.8.8, Cloudflare 1.1.1.1) under .

config system fortiguard set interface-select-method specify set interface "wan1" <-- Replace with your actual WAN interface end Use code with caution. fortitenet execute dns cache flush Use code with caution. 5. Check Firmware and Known Issues