Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls __full__ Official

Troubleshooting "Unable to Load FortiGuard DDNS Servers List" on FortiGate Firewalls

: The internal DDNS management daemon ( ddnscd ) has stalled, or the active FortiOS release suffers from a known SSL handshake/IO defect. 🛠️ Step-by-Step Troubleshooting and Resolution

Before diving into complex configurations, verify basic network reachability from the FortiGate itself.

: A valid FortiCare contract is often required to communicate with FortiGuard servers for DDNS services.

If your FortiGate connects to the internet via an upstream proxy: If your FortiGate connects to the internet via

: Some firmware versions have experienced a known bug where the FortiGuard DDNS server presents an SSL certificate for a different domain ( sdns.fortinet.net vs. ddns.fortinet.net ), causing the handshake to fail. Look for errors like "hostname mismatch" in your CLI debug logs. Applying the core CLI fixes often resolves this.

Connecting a FortiGate firewall to FortiGuard services is essential for maintaining security subscriptions, web filtering, and Dynamic DNS (DDNS). A common issue administrators encounter is the error message within the FortiOS GUI or CLI.

FortiGate firewalls offer built-in Dynamic DNS (DDNS) support through FortiGuard’s DDNS service. Administrators sometimes encounter the error message: when trying to configure or update DDNS settings. This article explains the root causes and provides step-by-step solutions.

: Be aware that DDNS configuration via the GUI may not be supported on higher-end models, VMs, or when the FortiGate is in transparent mode. In these cases, configuration must be performed via the CLI. Applying the core CLI fixes often resolves this

If the issue persists, use these debug commands to see the exact point of failure: : diagnose test application ddnscd 3 . Real-time Debug : diagnose debug application ddnscd - 1 diagnose debug enable Use code with caution. Copied to clipboard Wait 5-10 minutes to see output.

: Navigate to Network > Interfaces , edit your WAN interface, and unselect Override internal DNS . CLI Method :

The error "unable to load fortiguard ddns servers list" is seldom a problem with FortiGate’s DDNS client itself. Instead, it is a symptom of network, policy, or firmware issues blocking the firewall’s ability to reach Fortinet’s servers. By systematically checking DNS resolution, local-out firewall policies, FortiGuard web filtering, and firmware versions, you can almost always resolve the problem.

If the issue persists, ensure you are running the latest patched version of FortiOS. Bugs related to FQDN resolution are often resolved in maintenance releases. Alternative: Configuring DDNS via CLI If the issue persists

If the configuration is correct but the GUI remains stuck, force a restart of the DDNS client process: fnsysctl killall ddnscd Use code with caution. Copied to clipboard Advanced Debugging If the error persists, technicians can use the Fortinet Community Support debug tools to see real-time errors: diagnose debug application ddnscd -1 diagnose debug enable for a particular FortiOS version , or help checking your license status Unable to load FortiGuard DDNS server list

If these pings fail, the firewall has no outbound internet connectivity or a DNS issue. 2. Check WAN Interface Settings

If the list still won’t load, you can manually define the DDNS server: