FortiGates treat their own generated traffic (DNS, DDNS, FortiGuard updates, NTP) differently from traffic passing through the device. This is called . A common oversight is failing to create a policy allowing the FortiGate’s management IP to reach the internet.
The issue "Unable to load FortiGuard DDNS server list" on FortiGate firewalls typically prevents you from selecting a DDNS server in the GUI, often occurring after firmware upgrades or due to DNS/network configuration conflicts. Common Root Causes FortiGates treat their own generated traffic (DNS, DDNS,
If your FortiGate is behind another firewall or you have enabled on the local-out policy, the firewall may distrust its own certificate. The issue "Unable to load FortiGuard DDNS server
: Firewalls or ISPs may block ports 53 (UDP), 443 (HTTPS), or 8888 (UDP) used for FortiGuard communication. Try switching the FortiGuard port to 8888 in the CLI if 53 is blocked. Troubleshooting Steps Verify Connectivity Try switching the FortiGuard port to 8888 in
get system dns diagnose test application dns 1 execute nslookup service.fortiguard.net