Firewalls | Unable To Load Fortiguard Ddns Servers List On Fortigate

config system ddns edit 0 set ddns-server FortiGuard set ddns-domain "your-fqdn.ddns.net" set monitor-interface "wan1" next end

: Navigate to Network > Interfaces , edit your WAN interface, and uncheck Override internal DNS . CLI Fix :

config system fortiguard set fortiguard-anycast disable set protocol udp end

Change your FortiGate system DNS to reliable, public servers like Fortinet Guard DNS or Google DNS. config system ddns edit 0 set ddns-server FortiGuard

: High-security inspection settings or incorrect system time cause certificates to fail validity checks.

The error "unable to load fortiguard ddns servers list" is rarely a single-cause problem. It is a symptom of a broken chain: DNS → Routing → Firewall Policy → SSL Validation → Licensing → Firmware. By methodically working through the steps above—paying special attention to local-out policies and SSL certificates—you will resolve the issue 99% of the time without escalating to support.

config system dns set primary 208.91.112.53 set secondary 8.8.8.8 end Use code with caution. 3. Check Route and Source Interface The error "unable to load fortiguard ddns servers

After running these commands, refresh your GUI and check the DDNS status. 2. Disable Anycast (FortiOS 7.0 and Higher)

Use the diagnostic CLI to ensure the system is resolving and pinging core FortiGuard endpoints:

: An expired support contract can disable access to FortiGuard services. Verify your contract status on the main dashboard or at System > FortiGuard . config system dns set primary 208

FortiOS updates sometimes introduce strict TLS 1.3 requirements that trigger handshake errors during the initial server list request.

I'll do my best to help you troubleshoot the issue or point you in the right direction for further assistance.

If you continue to face issues, it is recommended to check the for the latest known bugs related to your specific firmware version.

If the network topology includes upstream routers or firewalls, or if strict local firewall policies are in place, these ports may be inadvertently blocked. A misconfigured Access Control List (ACL) blocking TCP/8888 on the WAN interface will prevent the firewall from retrieving the DDNS list, even if standard DNS resolution for general browsing is working correctly. Therefore, administrators must verify that the firewall can initiate outbound connections on these specific ports.

Check current error and system status