Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls -

FortiGuard relies on secure SSL connections. If your FortiGate's system time is out of sync by even a few minutes, the SSL handshake with FortiGuard servers will fail.

Before changing configurations, check if the FortiGate can communicate with the FortiGuard servers. Log into your FortiGate CLI and run the following commands: diagnose debug rating Use code with caution.

If the issue persists, ensure you are running the latest patched version of FortiOS. Bugs related to FQDN resolution are often resolved in maintenance releases. Alternative: Configuring DDNS via CLI

"Unable to load FortiGuard DDNS server list" on FortiGate firewalls typically indicates a breakdown in communication between the local device and Fortinet's FortiGuard Services

The most common cause of this error is that the firewall's WAN interface obtains its IP via DHCP or PPPoE and automatically overwrites your configured system DNS. Many local ISP DNS servers cannot properly resolve Fortinet’s proprietary dynamic DNS assignment domains. How to fix it in the GUI: Navigate to . Edit your active WAN interface (e.g., wan1 or port1 ). Locate the Advanced or Addressing Mode options. Toggle off the setting Override internal DNS . Click OK . 2. Verify Underlying System DNS and Connectivity FortiGuard relies on secure SSL connections

If the firewall cannot resolve hostnames, it cannot reach the FortiGuard servers.

Ensure your FortiCare contract is valid, as DDNS is a subscription-linked service. Troubleshooting Checklist Command/Path Verify Connection Ping FortiGuard servers from CLI exec ping service.fortiguard.net Check DDNS Status Run a diagnostic test diagnose test application ddnscd 3 Restart Service Force the DDNS daemon to restart fnsysctl killall ddnscd Manual Reconfig Delete and recreate the DDNS entry config system ddns -> delete 1 Technical Tip: Unable to load FortiGuard DDNS server list

config system fortiguard set fortiguard-anycast disable set protocol udp set ddns-server-ip 173.243 . 138.225 # Force a specific DDNS server end Use code with caution. Copied to clipboard

When your WAN interface receives an IP address via DHCP or PPPoE, it often automatically pulls DNS server addresses from the ISP. These ISP DNS servers might not be able to resolve FortiGuard's servers properly. Go to . Edit the WAN interface (e.g., wan1). Log into your FortiGate CLI and run the

The most common culprit behind this error is Domain Name System (DNS) failure. FortiGate firewalls require a valid DNS configuration to resolve the hostnames of FortiGuard servers. If the firewall is configured to use internal DNS servers that are unreachable or misconfigured, or if the firewall itself lacks internet access, the query to Fortinet will fail. This is particularly common in "air-gapped" or isolated lab environments where the firewall has no path to the public internet.

When navigating to and enabling FortiGuard DDNS, the server drop-down menu may appear completely blank or display an explicit failure message. This typically stems from one of four core technical failures:

When you encounter the "Unable to load FortiGuard DDNS servers list" error, follow this structured checklist to identify and resolve the problem.

: When the WAN port is configured via DHCP or PPPoE, the Internet Service Provider (ISP) may push its own DNS servers. These local ISP servers frequently fail to properly resolve the primary global FortiGuard routing domain ( globalddns.fortinet.net ). Alternative: Configuring DDNS via CLI "Unable to load

If the hostname does not resolve, the problem is likely DNS-related. Verify that the DNS server settings in are correct and reachable. Also, check whether the external interface is overriding these settings with DNS values obtained from DHCP or PPPoE; if so, disable the "Override internal DNS" option.

: Verify your FortiCare contract is valid under System > FortiGuard ; expired licenses can disable certain FortiGuard services.

This article provides a comprehensive guide to diagnosing and fixing this error on FortiOS. Causes of the "Unable to Load DDNS" Error

Apply highly reliable public options such as Google ( 8.8.8.8 / 8.8.4.4 ) or Cloudflare ( 1.1.1.1 ).