Error message: “Unable to load FortiGuard DDNS server list”

For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.

The FortiGuard DDNS feature is only available when the option “Use FortiGuard Servers” is ticked:

But these FortiGuard Servers might get overwritten by DNS servers optained by DHCP/PPPoE, which prevents the FortiGuard DDNS from working properly. You can alter this behaviour by disabling “Override internal DNS” in the interface setings:

Here are some other tips&tricks if the above parameter doesn’t help:

  • Make sure that your Forticare contract is still valid. This can be doublechecked in the Dashboard (WebUI)
  • Make sure that your Fortigate is able to use DNS (you can test this with the CLI command: exec ping
  • Make sure that your Fortigate is able to communicate to the FortiGuard servers at all. This can be doublechecked with System > FortiGuard or with the Dashboard (WebUI).
    If you are using FortiOS 6.4.2 or later, you can disable the anycast communication for the FortiGuard server (CLI):
config system fortiguard
    set fortiguard-anycast disable
    set protocol udp
  • Configure a dedicated DDNS Server (CLI):
config system fortiguard
    set ddns-server-ip

Additional information can be found here.


Leave a Reply

Your email address will not be published. Required fields are marked *