In this guide, we will cover two topics about DDNS in Fortigate.
- How to fix unable to load FortiGuard DDNS servers list
- How to Configure DynDNS service on Fortigate device if you can’t use Fortiguard DDNS service for some reasons.
Fortigate is famous for its multi-network security functional firewall devices, powerful UTM and user-friendly web interface. They keep upgrading their OS to match the competitors, add new features, fix bugs, and enhance the user experience.
Missing DynDNS option is another change you would notice after upgrading FortiOS 5. x series, like how we changed switch mode to interface mode by CLI. As shown below, only the FortiGuard DDNS is listed for a WAN interface in the latest FortiOS versions.
Fix for Unable to load FortiGuard DDNS servers list
- First, to get the Fortiguard DDNS support, the DNS settings should be selected to ‘Use Fortiguard Servers’. If you choose the ‘Specify’ option to manually enter the public DNS servers, this option will not be available.
- The device should have an active internet connection to retrieve the servers.
If the above conditions are met, but still the device cannot retrieve DDNS server information from the FortiGuard service, it could be an issue with the anycast or the version of FortiOS.
Solve Anycast Issue
We can disable the anycast protocol and enable UDP for Fortiguard connectivity.
Login to the device via telnet/SSH or web browser CLI and enter the below commands.
config system fortiguard set fortiguard-anycast disable set protocol udp end
Also, we can change the dedicated DDNS server manually via CLI. Input the below command.
config system fortiguard set ddns-server-ip 220.127.116.11 end
After executing the commands successfully, check the FortiGuard DDNS server list. It should pop up correctly.
If your device can still not list the server information, it is time to upgrade its firmware.
Upgrade the Firmware
You can do the firmware upgrade from the Fortiguard cloud/manually from the main dashboard or the System settings.
The Fortigate DDNS issue should be solved with the latest firmware reboot.
Methods to Configure DynDNS DDNS on Fortigate FortiOS
The latest FortiOS versions do not allow to change 3rd party DDNS providers in GUI. We need to use the CLI to configure it.
Follow the steps to configure DynDNS DDNS on the latest Fortigate FortiOS in CLI ( Command Line Interface) mode.
1) Connect to the device by telnet, SSH or GUI terminal and type the following commands one by one.
config system ddns edit 1 set monitor-interface "wan1" set ddns-server dyndns.org set ddns-domain "hostname" set ddns-username "username" set ddns-password password
* edit 1 – 1 is the index number of DDNS settings. Start with 1 if it’s the first DDNS settings in the Fortigate box. This index number should be used later to modify anything related to the settings of the WAN port or DDNS settings.
* wan1– is the port you need to configure DDNS, which should be connected to the internet.
* ddns-server – dyndns.org is the server of the DynDNS service provider. For other providers, see more detail below.
* hostname – is the one you have registered at the dynamic DNS provider.
* username –Username of the corresponding hostname at the provider.
* password – Password of the hostname from the provider.
The following DDNS servers can be used to configure Dynamic DNS in FortiOS 5 and later.
dhs.org — supports members.dhs.org and dnsalias.com.
dipdns.net — supports dipdnsserver.dipdns.com.
dyndns.org — supports members.dyndns.org.
dyns.net — supports www.dyns.net.
easydns.com — supports members.easydns.com.
FortiGuardDDNS — supports FortiGuard DDNS service.
genericDDNS — supports DDNS server (RFC 2136) defined in ddns-server-ip.
now.net.cn — supports ip.todayisp.com.
ods.org — supports ods.org.
tzo.com — supports rh.tzo.com.
vavic.com — supports ph001.oray.net.
Once you configured the DynDNS service, as shown above, the WAN port of the device will be monitored and changed accordingly with the name and IP.
Read Also: How to enable ping response in Windows 10
show system ddns
It will show the DDNS settings of the FortiGate device in CLI, which usually can’t be seen in GUI mode.
3) To edit the existing DDNS entry, use the following commands:
config system ddns edit 1
Enter the correct index number (eg 1) to modify.
It is recommended to take a backup of the device configuration, so you can use it in future or while replacing the existing device.
Delete Existing DDNS on Fortigate
We need to know the ID number to delete existing DDNS settings for a specific network port. In this example, it is ID 1.
Execute the below command with the proper ID to delete DDNS settings via CLI.
config system ddns delete 1