config system fortiguard set protocol https set port 443 end Use code with caution. To switch to UDP port 8888 (if HTTPS is being intercepted): config system fortiguard set protocol udp set port 8888 end Use code with caution.
: Run execute ping service.fortiguard.net or execute ping www.fortinet.com from the CLI.
Alternatively, test bypassing the proxy by temporarily connecting the FortiGate directly to a clean internet link.
If your WebUI is frozen or showing empty fields, use these quick solutions to restore functionality: 1. Disable "Override Internal DNS" on WAN Interfaces
Newer versions of FortiOS use Anycast by default. A combination of regional routing problems and TLS v1.3 handshake glitches can block these Anycast requests. config system fortiguard set protocol https set port
Modern FortiOS versions use Anycast (DNS over TLS) by default. Handshake failures or ISP blocking of port 8888 or 53 can prevent the server list from loading. Contractual & System Status: An expired FortiCare contract will disable access to these cloud-based services. Time Synchronization:
If your FortiGate has multiple WAN interfaces (SD-WAN), FortiGuard traffic might be exiting an interface that lacks a proper return route or public IP. You can force FortiGuard traffic to use a specific source IP or interface: config system fortiguard set source-ip 0.0.0.0 end Use code with caution.
The last command directly attempts to fetch the DDNS server list. Look for HTTP status 200 or an error code.
execute ping guard.fortinet.net
execute ddns test 1
Follow these steps in order. Do not skip the diagnostic commands—they are essential.
If the configuration is correct but the GUI remains stuck, force a restart of the DDNS client process: fnsysctl killall ddnscd Use code with caution. Copied to clipboard Advanced Debugging If the error persists, technicians can use the Fortinet Community Support debug tools to see real-time errors: diagnose debug application ddnscd -1 diagnose debug enable for a particular FortiOS version , or help checking your license status Unable to load FortiGuard DDNS server list
execute fortiguard-service status execute diagnose test application update 5 A combination of regional routing problems and TLS v1
Alternatively, temporarily set the policy to for testing.
: An upstream device (or a self-referencing policy) is blocking or intercepting FortiGuard ports.
If the GUI continues to fail, you can configure the DDNS settings directly via the CLI, which often bypasses GUI-based list loading issues. fortitenet