Ensure there is a valid route (usually a default route) that allows the FortiGate to reach the FortiGuard servers. Also, inspect any firewall policies that might be blocking outbound traffic on the required ports (UDP 53, TCP 443, etc.).
: From the FortiGate CLI, use the following command to test connectivity to a well-known external server:
A fundamental cause of this error is often a breakdown in basic network or DNS communication. Before diving deeper, it's essential to verify that your FortiGate can resolve domain names and reach the broader internet. Ensure there is a valid route (usually a
Once configured via CLI, run this command to force the FortiGate to register the domain name: execute ddns update Use code with caution.
Open the CLI console on your FortiGate and verify that the firewall itself can reach the internet: Before diving deeper, it's essential to verify that
: Run execute ping www.fortinet.com in the CLI. If it fails, your general DNS settings under Network > DNS need correction.
Ensure the device can reach the internet and resolve Fortinet domains using the FortiGate CLI execute ping service.fortiguard.net execute ping update.fortiguard.net 2. Fix DNS Overwrites If it fails, your general DNS settings under
: Ensure the FortiGate itself can resolve external domains. execute ping www.fortinet.com
config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain "yourname.fortiddns.com" set monitor-interface "wan1" next end Use code with caution. Copied to clipboard Verification
How to Fix "Unable to load FortiGuard DDNS servers list" on FortiGate Firewalls
Note: If the firewall is behind a proxy, you must configure the FortiGate to use the proxy via CLI: