diagnose test application fortiguard 1
diagnose test application update 1
execute reboot (if necessary)
Workaround if Issue Persists
Manually define the DDNS entry without relying on the server list:
config system ddns
edit 1
set ddns-server update.fortiddns.com
set ddns-domain yourhostname.fortiddns.com
set ddns-username "your-email@example.com"
set ddns-password "your-password"
set interface "wan1"
set use-public-ip enable
next
end
execute ddns test 1
Prevention
Conclusion
The “Unable to load FortiGuard DDNS servers list” error typically stems from connectivity or DNS problems, not the DDNS service itself. By following this guide—testing DNS, verifying policies, and using CLI workarounds—you can restore DDNS functionality. If issues persist, contact Fortinet Support with the debug output from diagnose debug application update -1 and diagnose debug enable.
diagnose debug flow trace start 100
diagnose debug enable
Then attempt to reload the DDNS list via the GUI. Look for deny or drop reasons.
Before diving into complex configurations, verify basic network reachability from the FortiGate itself.
Dynamic DNS (DDNS) is a critical service for organizations operating without static public IP addresses. It allows remote users, site-to-site VPNs, and external services to connect to a FortiGate firewall using a fully qualified domain name (FQDN) that automatically updates whenever the ISP changes the public IP.
However, a notoriously frustrating error message often appears when administrators attempt to configure or refresh the DDNS provider list on a FortiGate appliance:
"Unable to load FortiGuard DDNS servers list. Please check your internet connection and FortiGuard settings."
This error can halt deployment, break existing DDNS configurations, and lead to significant downtime if not resolved quickly. This article provides a deep-dive diagnosis, root cause analysis, and step-by-step remediation for this exact issue.
| Solution | Details |
|----------|---------|
| Fix DNS | Set valid DNS servers (8.8.8.8, 1.1.1.1) under config system dns. |
| Add static DNS entry | config system dns-database → map service.fortiguard.net to known IP. |
| Bypass SSL inspection | Add FortiGuard domains to SSL inspection exemption list. |
| Use custom DDNS provider | Switch to No-IP, DuckDNS, or Dyn (manual CLI: config system ddns). |
| Renew license | Ensure FortiCare is active; update contract via execute update-now. |
| Check routing & SD-WAN | Force FortiGuard traffic out a working WAN link via policy route. |
| Reboot FortiGate | Clears transient FGFM/daemon state (rare but effective). |
diagnose test application fortiguard 1
diagnose test application update 1
execute reboot (if necessary)
Workaround if Issue Persists
Manually define the DDNS entry without relying on the server list:
config system ddns
edit 1
set ddns-server update.fortiddns.com
set ddns-domain yourhostname.fortiddns.com
set ddns-username "your-email@example.com"
set ddns-password "your-password"
set interface "wan1"
set use-public-ip enable
next
end
execute ddns test 1
Prevention
Conclusion
The “Unable to load FortiGuard DDNS servers list” error typically stems from connectivity or DNS problems, not the DDNS service itself. By following this guide—testing DNS, verifying policies, and using CLI workarounds—you can restore DDNS functionality. If issues persist, contact Fortinet Support with the debug output from diagnose debug application update -1 and diagnose debug enable.
diagnose debug flow trace start 100
diagnose debug enable
Then attempt to reload the DDNS list via the GUI. Look for deny or drop reasons.
Before diving into complex configurations, verify basic network reachability from the FortiGate itself. Workaround if Issue Persists Manually define the DDNS
Dynamic DNS (DDNS) is a critical service for organizations operating without static public IP addresses. It allows remote users, site-to-site VPNs, and external services to connect to a FortiGate firewall using a fully qualified domain name (FQDN) that automatically updates whenever the ISP changes the public IP.
However, a notoriously frustrating error message often appears when administrators attempt to configure or refresh the DDNS provider list on a FortiGate appliance:
"Unable to load FortiGuard DDNS servers list. Please check your internet connection and FortiGuard settings." config system ddns edit 1 set ddns-server update
This error can halt deployment, break existing DDNS configurations, and lead to significant downtime if not resolved quickly. This article provides a deep-dive diagnosis, root cause analysis, and step-by-step remediation for this exact issue.
| Solution | Details |
|----------|---------|
| Fix DNS | Set valid DNS servers (8.8.8.8, 1.1.1.1) under config system dns. |
| Add static DNS entry | config system dns-database → map service.fortiguard.net to known IP. |
| Bypass SSL inspection | Add FortiGuard domains to SSL inspection exemption list. |
| Use custom DDNS provider | Switch to No-IP, DuckDNS, or Dyn (manual CLI: config system ddns). |
| Renew license | Ensure FortiCare is active; update contract via execute update-now. |
| Check routing & SD-WAN | Force FortiGuard traffic out a working WAN link via policy route. |
| Reboot FortiGate | Clears transient FGFM/daemon state (rare but effective). |