Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Direct

Troubleshooting Guide: "Unable to Load FortiGuard DDNS Servers List" on FortiGate Firewalls

Article Code: FG-TS-DDNS-01 | Difficulty: Intermediate | Est. Reading Time: 8 minutes

: Use the CLI to check the actual status returned by the DDNS client. diagnose test application ddnscd 3 (Shows server IP and domain counts). Restart Services Conclusion The error "unable to load fortiguard ddns

5.2 Check DNS configuration

get system dns
diagnose test application dns 1
execute nslookup service.fortiguard.net

Conclusion

The error "unable to load fortiguard ddns servers list" is rarely a single-cause problem. It is a symptom of a broken chain: DNS → Routing → Firewall Policy → SSL Validation → Licensing → Firmware. By methodically working through the steps above—paying special attention to local-out policies and SSL certificates—you will resolve the issue 99% of the time without escalating to support. Ensure DNS servers are reachable and correct; switch

The system will automatically restart this process immediately after it is terminated. 4. Advanced CLI Configuration (Workaround) switch to reliable resolvers (e.g.

9. Escalation Path

If issue persists after above steps:

Common fixes

  • Ensure DNS servers are reachable and correct; switch to reliable resolvers (e.g., 1.1.1.1, 8.8.8.8) for testing.
  • Fix system time via NTP so TLS certificates validate.
  • Bypass or disable SSL/TLS interception for FortiGuard endpoints; add proxy CA to trusted store if interception is required.
  • Open outbound HTTPS and DNS in policies and allow traffic to FortiGuard IP ranges/domains.
  • If using an outbound proxy, configure FortiGate to use it correctly or create an exception for FortiGuard traffic.
  • Upgrade FortiOS to a version that addresses known FortiGuard/DDNS bugs; consult Fortinet release notes.
  • If changes don’t help, perform a factory-default test in a lab or run in debug mode and collect logs.

Solution C: Updating FortiGuard Firmware/Cache

Occasionally, the local cache of the FortiGuard data is corrupted. Force an update:

Ensure your FortiCare contract is active. Without it, FortiGuard services like DDNS are often restricted. BOLL Engineering AG DNS Resolution: Can the firewall resolve external domains? Test with execute ping www.google.com from the CLI. BOLL Engineering AG System Time: