Create an IPv4 policy from the root or management VDOM to your WAN interface:
Without this policy, the FortiGate cannot reach guard.fortinet.net. Create an IPv4 policy from the root or
If the firewall cannot resolve hostnames, it cannot reach the FortiGuard servers. Without this policy, the FortiGate cannot reach guard
diagnose debug flow trace start 100
diagnose debug enable
Then attempt to reload the DDNS list via the GUI. Look for deny or drop reasons. If the firewall cannot resolve hostnames, it cannot
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "yourhostname.fortiddns.com"
set ddns-username "your-email@example.com"
set ddns-password "your-password"
set interface "wan1"
set use-public-ip enable
next
end
Note: The ddns-server option accepts FortiGuardDDNS, DynDNS, NoIP, etc., without needing the remote list.