Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls -

Troubleshooting Guide: "Unable to Load FortiGuard DDNS Servers List" on FortiGate Firewalls

Article Code: FG-TS-DDNS-01 | Difficulty: Intermediate | Est. Reading Time: 8 minutes

config system fortiguard set fortiguard-anycast disable set protocol udp set port 8888 end Use code with caution. Copied to clipboard 4. Enable Cloud Communication Quick Test: Create a temporary policy with from:

Conclusion

Trace Local-Out Traffic

diagnose debug flow trace start 100
diagnose debug enable

Quick Test: Create a temporary policy with from: any, to: wan1, source: all, destination: all, service: ALL, NAT: on. Test, then restrict. DNS Resolution Failure – The FortiGate cannot resolve

Although less common, licensing and Virtual Domain (VDOM) configurations can also trigger this error. If the FortiGate’s support contract has expired, certain FortiGuard services may become unavailable, potentially affecting dynamic content fetching. Additionally, in environments utilizing VDOMs, the "Global" settings for management traffic must be carefully examined. If the management traffic is pinned to a specific VDOM that lacks internet access, the "root" VDOM (or whichever VDOM is attempting the fetch) will fail to retrieve the list. NAT: on . Test

1. DNS Resolution Failure – The FortiGate cannot resolve fortiguard.com or related DDNS service domains.
2. Connectivity Issues – Firewall policies or routing block outbound access to FortiGuard servers.
3. FortiGuard License Expiry – An expired or invalid FortiGuard contract may restrict DDNS services.
4. Firmware Bug – Specific FortiOS versions have known issues with the DDNS server list retrieval.
5. Custom DNS Settings – Using non-default DNS servers that fail to resolve FortiGuard domains.