Manually define the DDNS entry without relying on the server list:

Once you have applied the fixes (such as disabling Anycast or updating DNS), verify the DDNS service status via the CLI using this command: diagnose fortiguard ddns status Use code with caution.

: Ensure you are using FortiGuard DNS servers or reliable public ones (e.g., 8.8.8.8). 4. Restart the DDNS Process

If Step 4.3 failed, ensure the following traffic is permitted outbound from the FortiGate's WAN IP:

If your internet connection uses DHCP or PPPoE, the firewall might be using restrictive ISP domain servers. Disabling the override setting forces the system to use your globally configured DNS servers.

execute curl -k "https://service.fortinet.com/api/v1/ddns/servers"

(Replace 0.0.0.0 with the specific public IP of your primary WAN interface if necessary). Advanced FortiGuard Protocol Configurations

execute ping www.fortinet.com

config system ddns edit 1 set ddns-server genericDDNS set ddns-domain "yourdomain.duckdns.org" set ddns-username "token" set ddns-password "your-api-token" set interface "wan1" set use-public-ip enable next end

: From the FortiGate CLI, use the following command to test connectivity to a well-known external server:

Note: The ddns-server option accepts FortiGuardDDNS , DynDNS , NoIP , etc., without needing the remote list.

execute ping 8.8.8.8