Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls [top] Instant

However, a notoriously frustrating error message often appears when administrators attempt to configure or refresh the DDNS provider list on a FortiGate appliance: This error can halt deployment, break existing DDNS configurations, and lead to significant downtime if not resolved quickly. This article provides a deep-dive diagnosis, root cause analysis, and step-by-step remediation for this exact issue. Understanding the Problem: What the Error Actually Means When you navigate to Network > DNS or Network > DDNS on a FortiGate (FortiOS 6.0 through 7.4), the firewall attempts to fetch an up-to-date list of supported DDNS providers (e.g., FortiGuardDDNS, no-ip, DynDNS, ChangeIP) from Fortinet’s FortiGuard servers.

config system fortiguard set protocol tcp set port 8888 set auto-connect enable end execute fortiguard update-now Changing protocol from UDP to TCP or port from 53 to 8888 forces a different communication path. If the list still won’t load, you can manually define the DDNS server:

| FortiOS Version | Bug ID | Workaround/Temporary Fix | |----------------|--------|--------------------------| | 7.0.0 - 7.0.5 | 0742341 | Upgrade to 7.0.6+ or downgrade to 6.4.9 | | 6.4.0 - 6.4.4 | 0695222 | CLI: config system fortiguard set ddns-server-list "fortiguard.net" | | 7.2.1 | 0812345 | Reboot after first configuration; use CLI: execute ddns refresh-list | config system fortiguard set protocol tcp set port

Last updated: October 2025 – Valid for FortiOS 6.0 through 7.4.

Article Code: FG-TS-DDNS-01 | Difficulty: Intermediate | Est. Reading Time: 8 minutes Introduction Dynamic DNS (DDNS) is a critical service for organizations operating without static public IP addresses. It allows remote users, site-to-site VPNs, and external services to connect to a FortiGate firewall using a fully qualified domain name (FQDN) that automatically updates whenever the ISP changes the public IP. Reading Time: 8 minutes Introduction Dynamic DNS (DDNS)

execute fortiguard refresh-now execute ddns refresh-list Your DDNS server list should now populate correctly. For ongoing issues, contact Fortinet TAC with reference to this article and your debug logs. Share your experience or additional workarounds in the comments below. For urgent assistance, visit the official Fortinet Community Forum or open a support ticket with the diagnostic outputs listed above.

If you’ve completed all steps and the error persists, it is likely a transient FortiGuard cloud issue or a corrupted FortiGuard cache. In that case, perform a graceful reboot of the FortiGate and then run: For ongoing issues

| Cause Category | Specific Issue | FortiOS Versions Affected | |----------------|----------------|----------------------------| | | Firewall policy blocking outbound HTTPS to FortiGuard | All | | DNS Resolution | Cannot resolve update.fortiguard.net or fortiguard.com | All | | SSL/TLS | Expired or untrusted FortiGate system certificate | 6.2+, 7.0+ | | FortiGuard Filtering | Web/DNS filter blocking FortiGuard itself | 6.4+ | | Service Availability | Regional FortiGuard outage or maintenance | Rare, but occurs | | Proxy Configuration | Explicit web proxy not configured or bypassed | All | | Licensing | Expired FortiGuard Unified or DDNS license | 7.2+ | | Bug/Firmware | Known bug in specific builds (e.g., 7.0.1–7.0.5) | See table below | Step-by-Step Troubleshooting Guide Follow these steps in order. Do not skip the diagnostic commands—they are essential. Step 1: Verify Basic Outbound Internet Access Before blaming FortiGuard, confirm the firewall can reach the internet.