Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Jun 2026

Even with correct DNS, the firewall must be able to reach the FortiGuard servers themselves. The DDNS service uses specific protocols and ports (typically UDP port 53) to communicate. If there is a routing issue, a firewall rule blocking the traffic, or an upstream ISP blocking the port, the connection will fail.

Alternatively, test bypassing the proxy by temporarily connecting the FortiGate directly to a clean internet link.

The last command directly attempts to fetch the DDNS server list. Look for HTTP status 200 or an error code.

Look for errors like cannot fetch server list or connection timeout . Even with correct DNS, the firewall must be

config system ddns edit 1 set ddns-server "fortiguard.net" # or "dyndns.org", "no-ip.com" set ddns-domain "yourhost.example.com" set ddns-username "yourusername" set ddns-password "yourpassword" set interface "wan1" set use-public-ip enable next end

Create a temporary policy with from: any , to: wan1 , source: all , destination: all , service: ALL , NAT: on . Test, then restrict.

Before changing advanced system codes, ensure the foundational network layer is functioning. 1. Verify FortiGate System Time Look for errors like cannot fetch server list

Set your own reliable DNS servers (e.g., 8.8.8.8 or 1.1.1.1 ) under . 2. Verify DNS Functionality

execute ping ://fortinet.com execute ping update.fortiguard.net Use code with caution.

Go to and ensure that your system is configured to use reliable upstream servers. While FortiGuard servers work well, manually switching your primary/secondary DNS to public high-availability servers like Google ( 8.8.8.8 ) or Cloudflare ( 1.1.1.1 ) often temporarily resolves the caching freeze. Test Connectivity via CLI While FortiGuard servers work well

The most common cause is a WAN interface obtaining DNS settings via DHCP or PPPoE that override the system's ability to reach FortiGuard services.

config system ddns edit 2 set ddns-server dyndns.org set ddns-domain "yourhost.dyndns.org" set ddns-username "your_username" set ddns-password "your_password" set monitor-interface "wan1" next end

: If the service is stuck, killing the process will force a refresh. fnsysctl killall ddnscd Verification Steps Check License Status : Ensure your FortiCare contract is active under Test Connectivity