Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Page

Crucially, this error can appear even when other internet connectivity works perfectly (e.g., pinging 8.8.8.8 or browsing the web via a policy). The reason is that FortiGuard DDNS updates use specific FQDNs, ports, and certificate validation that are separate from normal web traffic.

  • Test connectivity to FortiGuard endpoints

  • Verify DNS resolution used by FortiGate

  • Check NTP and system time

  • Inspect certificate/TLS issues

  • Confirm proxy or explicit web-proxy settings

  • Firewall policies, routing, and NAT

  • Check firmware-related or FortiGuard-specific settings

  • Retrieve logs for FortiGuard/DDNS attempts

    • execute nslookup update.fortiguard.net

    If resolution fails, check:

    Follow these steps in order. Do not skip the diagnostic commands—they are essential.

    When attempting to configure a new Dynamic DNS entry, the FortiGate cannot retrieve the list of available DDNS service providers (e.g., FortiGuard DDNS, No-IP, DynDNS). This results in an inability to select a server type, blocking the configuration of DDNS services.

    execute fortiguard-service status
execute diagnose test application update 5

    If FortiGuard is unreachable, try:

    execute update-now

    Ensure the FortiGate has an active license.

    The FortiGate must resolve these specific FortiGuard DDNS endpoints: