If your external IP address changes regularly and you have a static domain name, you can configure the external interface to use a dynamic DNS (DDNS) service. This ensures that external users and customers can always connect to your company firewall. If you have a FortiGuard subscription, you can use FortiGuard as the DDNS server.
You can configure FortiGuard as the DDNS server using the GUI or CLI.
- Go to Network > DNS
- Enable FortiGuard DDNS.
- Select the Interface with the dynamic connection.
- Select the Server that you have an account with.
- Enter your Unique Location.
- Click Apply.
config system ddns edit <1> set ddns-server FortiGuardDDNS set ddns-domain "branch.float-zone.com" set monitor-interface "wan1" next end
If you do not have a FortiGuard subscription, or want to use a different DDNS server, you can configure a DDNS server for each interface. Only the first configure port appears in the GUI. The available commands vary depending on the selected DDNS server.
config system ddns edit <DDNS_ID> set monitor-interface <external_interface> set ddns-server <ddns_server_selection> ... next end
You can configure FortiGate to refresh DDNS IP addresses. FortiGate periodically checks the DDNS server that is configured.
config system ddns edit <1> set ddns-server FortiGuardDDNS set use-public-ip enable set update-interval seconds next end
clear-text is disabled, FortiGate uses the SSL connection to send and receive (DDNS) updates.
config system ddns edit <1> set clear-text disable set ssl-certificate <cert_name> next end
A DHCP server has an override command option that allows DHCP server communications to go through DDNS to perform updates for the DHCP client. This enforces a DDNS update of the A field every time even if the DHCP client does not request it. This allows support for the
deny client‑updates options.
config system dhcp server edit <0> set ddns-update enable set ddns-update_override enable set ddns-server-ip <ddns_server_ip> set ddns-zone <ddns_zone> next end