Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls

Troubleshooting: "Unable to Load FortiGuard DDNS Server List" on FortiGate

execute fortiguard refresh-now
execute ddns refresh-list

Possible Symptoms:

• Confirm outbound policy allows HTTPS (TCP/443) and DNS (UDP/53/TCP/53) to FortiGuard.
• Ensure routes for internet are correct and source NAT is applied when required.

Test resolution:

execute nslookup update.fortiguard.net

Ensure your FortiCare contract is active. Without it, FortiGuard services like DDNS are often restricted. BOLL Engineering AG DNS Resolution: Can the firewall resolve external domains? Test with execute ping www.google.com from the CLI. BOLL Engineering AG System Time: Possible Symptoms:

Ensure your FortiGate is configured to use reliable DNS servers (like FortiGuard's own or public ones like Google 8.8.8.8) to fetch the server list. Confirm outbound policy allows HTTPS (TCP/443) and DNS

Prevention: Best Practices to Avoid Recurrence

1. Create a dedicated "FortiGuard Access" policy with high priority (low sequence number) and NAT enabled.
2. Monitor FortiGuard service status via Fortinet’s official status page: https://fortiguard.fortinet.com/status
3. Schedule automatic certificate renewal in FortiOS (enabled by default in 7.2+).
4. Use redundant WAN connections and configure FortiGuard to fall back to secondary gateways.
5. Keep FortiOS updated – minor revisions often silently fix DDNS client issues.

Firewall policies, routing, and NAT