Then restart the FortiGuard service:
Several architectural and configuration issues can trigger this specific error:
Newer versions of FortiOS use Anycast by default. A combination of regional routing problems and TLS v1.3 handshake glitches can block these Anycast requests.
execute ping guard.fortinet.net
If the configuration looks correct but the list still won't load, the internal DDNS daemon ( ddnscd ) might be stuck. : fnsysctl killall ddnscd Use code with caution. Copied to clipboard
The "Unable to load FortiGuard DDNS servers list" error on FortiGate firewalls is typically a networking or configuration issue that can be systematically resolved. The path to a solution begins with verifying your FortiGate's basic DNS and internet connectivity before moving on to the core CLI configurations. The most effective fixes often involve disabling DNS override, disabling FortiGuard anycast, and manually specifying the DDNS server's IP address.
Note: If you have a multi-VDOM environment, keep Anycast enabled on the primary management VDOM but statically direct the DDNS target IP to 173.243.138.225 . 3. Verify Local Connectivity and Contracts : fnsysctl killall ddnscd Use code with caution
: An expired FortiCare contract can prevent access to FortiGuard-specific features like DDNS.
: Verify your license status in the Dashboard > Status widget.
The DDNS server list is tied to an active FortiCare registration. If the FortiGate cannot validate its license, it won't load the servers. Go to and look at the Licenses widget. Verify that FortiCare Support shows a green checkmark. The most effective fixes often involve disabling DNS
execute ping www.fortinet.com execute ping guard.fortinet.net
This is a crucial step that directly defines the server your FortiGate should contact.
If the issue persists,g., single WAN vs. SD-WAN) for more tailored troubleshooting steps. Step-by-Step Troubleshooting Checklist
config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain yourname.fortiddns.com set monitor-interface wan1 next end Use code with caution. Copied to clipboard Unable to load FortiGuard DDNS server list
: In some versions (e.g., FortiOS 7.0), a handshake failure for TLS v1.3 can prevent the server list from loading. Disabling Anycast as shown above often resolves this. Step-by-Step Troubleshooting Checklist