Ddns Servers List On Fortigate Firewalls | Unable To Load Fortiguard
The FortiGate cannot resolve the URL of the FortiGuard update servers.
If you continue to face issues, it is recommended to check the for the latest known bugs related to your specific firmware version.
: An expired FortiCare support contract or an unreleased DDNS domain string from a previously replaced RMA unit blocks the firewall from pulling the server directory.
Whether you are using a The results of the ping test to service.fortiguard.net
set ddns-server update.fortiddns.com set ddns-domain <yourdomain>.fortiddns.com The FortiGate cannot resolve the URL of the
Open your CLI terminal and execute the following command stack to explicitly assign the FortiGuard DDNS IP:
Are you seeing a like "SSL handshake failure" in your debug output, or is the server list completely blank? Unable to load FortiGuard DDNS server list
If your FortiGate has multiple WAN interfaces (SD-WAN), FortiGuard traffic might be exiting an interface that lacks a proper return route or public IP. You can force FortiGuard traffic to use a specific source IP or interface: config system fortiguard set source-ip 0.0.0.0 end Use code with caution.
A valid response returns a JSON array of providers. An error here indicates API-level blocking. Whether you are using a The results of
The most frequent cause is a WAN interface (DHCP or PPPoE) that is automatically pulling DNS settings from your ISP. These ISP servers often fail to resolve the required globalddns.fortinet.net domain.
FortiGuard relies on secure SSL connections. If your FortiGate's system time is out of sync by even a few minutes, the SSL handshake with FortiGuard servers will fail.
: Sometimes Anycast routing causes connection failures. Try switching to a static communication port:
Follow these sequential troubleshooting workflows to restore your server list. 1. Disable "Override Internal DNS" on WAN Interfaces A valid response returns a JSON array of providers
Ensure policy from FortiGate’s internal interface to WAN allows HTTPS (443) to *.fortiguard.net and *.fortiddns.com .
If your internet connection uses DHCP or PPPoE, the firewall might be using restrictive ISP domain servers. Disabling the override setting forces the system to use your globally configured DNS servers.
Troubleshooting "Unable to Load FortiGuard DDNS Servers List" on FortiGate Firewalls
The firewall cannot reach the FortiGuard network due to firewall policies or routing issues.