FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff
Article Id 193406

Description
This article how to use DDNS service and how to enable FortiGuard DDN Servers when the following error message is appearing from GUI:


Solution
1) If there is PPPoE or DHCP connection on WAN port, make sure overriding internal DNS is disabled:

- From GUI, go to Network -> Interfaces, edit WAN and unselect Override internal DNS.

- From CLI/SSH:

# config system interface
    edit wan1
        set dns-server-override disable
    end

2) Manually configure DDNS server via CLI/SSH:

# config system fortiguard
    set ddns-server-ip 173.243.138.225
  end

3) Change the protocol to UDP and disable FortiGuard anycast (For version 6.4.2).

# config system fortiguard
    set fortiguard-anycast disable
    set protocol udp
  end

4) If an issue is found in FortiOS 7.0 with FortiDDNS please make the changes below:

 

# config system fortiguard
    set fortiguard-anycast enable
    set ddns-server-ip 173.243.138.225
  end

This is due to handshake failure for TLSv1.3 and will be resolved if the above changes are done.

 

Additional context information

- About DDNS default service:

Currently, there are two FQDNs for DDNS service.

 

- When anycast is disabled, FQDN 'ddns.fortinet.net' (resolved to 173.243.138.226) will be used. When anycast is enabled, FQDN 'globalddns.fortinet.net' (resolved to 173.243.138.225) will be used.

 

Related Articles:

Technical Tip: How to update IP address with FortiGuard DDNS service and upstream router

Troubleshooting Tip: FortiGuard DDNS IP update fails