Unable To Load Fortiguard Ddns Servers List On Fortigate Firewalls Guide

    If all else fails, remember that the CLI bypasses this list entirely. You can configure any supported DDNS provider manually and achieve full functionality without ever seeing the graphical list.

    In this deep-dive article, we will explore the root causes of this error, provide step-by-step diagnostic commands, and walk through permanent fixes—from DNS configuration to FortiGuard web filtering overrides. When you navigate to Network > DNS or Network > DDNS and attempt to edit or create a new DDNS entry, the FortiGate must query Fortinet’s central servers (typically guard.fortinet.net or service.fortinet.com ) to retrieve an XML or JSON list of supported DDNS providers. The error "unable to load fortiguard ddns servers list" indicates that the HTTP/HTTPS request to these endpoints failed.

    execute ping 8.8.8.8 If external pings fail, the routing or WAN interface is misconfigured. Even if ping works, HTTPS might be blocked. Test the actual service endpoint: If all else fails, remember that the CLI

    show system dns Ensure they are valid (e.g., 8.8.8.8 , 1.1.1.1 , or your internal resolvers). Also verify:

    execute update-now After this, retry accessing the DDNS server list. If the issue persists, use these deep diagnostic commands from the FortiGate CLI: Trace Local-Out Traffic diagnose debug flow trace start 100 diagnose debug enable Then attempt to reload the DDNS list via the GUI. Look for deny or drop reasons. Check FortiGuard Cache diagnose test application fortiguard 1 Look for errors like cannot fetch server list or connection timeout . Test Specific DDNS Endpoint execute curl -k "https://service.fortinet.com/api/v1/ddns/servers" A valid response returns a JSON array of providers. An error here indicates API-level blocking. Workaround: Manually Define DDNS Without the List When you cannot resolve the error quickly, you do not need the graphical list to configure DDNS. Use the CLI method shown earlier. For third-party providers like No-IP or DynDNS, use: When you navigate to Network > DNS or

    execute ping guard.fortinet.net If ping fails with ping: cannot resolve guard.fortinet.net: Unknown host , you have a DNS problem.

    Check the FortiGate’s configured DNS servers: Even if ping works, HTTPS might be blocked

    This error prevents the firewall from fetching the official list of supported DDNS providers (such as FortiGuard DDNS, No-IP, or DynDNS) from Fortinet’s servers. Without this list, you cannot select a provider, configure the service correctly, or update your dynamic IP.