Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls ◆

"Unable to load FortiGuard DDNS server list"

The error message on a FortiGate firewall typically indicates a connectivity or configuration issue between the device and Fortinet's FortiGuard services . This prevents the dropdown menu in the GUI from displaying available server locations for Dynamic DNS registration. Primary Causes and Solutions

• The DDNS server dropdown in the GUI remains empty or shows an error.
• CLI commands related to config system ddns return errors when fetching server lists.
• Debug logs show failed HTTP/HTTPS connections to FortiGuard servers.

1. Expired or Invalid FortiGuard License: The entitlement for FortiGuard services has expired or is not synchronized.
2. DNS Resolution Failure: The FortiGate cannot resolve the hostnames of the FortiGuard servers.
3. Firewall/ISP Blocking: Outbound traffic on required ports is blocked by an upstream device or the ISP.
4. Management Interface Routing: The interface designated for management traffic lacks internet access.

3. Affected Versions (observed)

Run the following CLI command to force a restart of the service: fnsysctl killall ddnscd Use code with caution. Copied to clipboard "Unable to load FortiGuard DDNS server list" The

• GUI: Monitor → FortiGuard (or System Events) for FortiGuard-related errors.
• CLI:

  diagnose debug application fgd 255
  diagnose debug enable
  

  Watch for FortiGuard connection attempts and error messages; then disable debug:

  diagnose debug disable
  diagnose debug application fgd 0
  

If the list cannot be loaded but the administrator knows the DDNS IP or server name (for example, if using a 3rd party provider like No-IP, or a known FortiGuard server IP), it is possible to configure DDNS via CLI bypassing the GUI dropdown. The DDNS server dropdown in the GUI remains

5.4 Force DDNS list refresh from CLI