DDNS support
When Dynamic DNS (DDNS) is enabled on FortiGates, VPN Manager supports DDNS. First VPN Manager searches for the interface IP for IPsec Phase2. If no IP is found, then VPN Manager searches for DDNS.
You can use FortiManager and the CLI-only objects menu to enable DDNS on each FortiGate device. The CLI-only objects menu is available in the Device Manager pane. See CLI-Only Objects menu.
With the CLI-only objects menu, you can use the config system ddns
command to enable DDNS on a per-device basis. The selected monitoring interface must be the interface that supports your tunnel, for example:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<HOST1>.fortiddns.com"
set monitor-interface "port14"
next
end
You can also use the CLI-only objects menu to configure DDNS on multiple FortiGate interfaces. Once configured, you can use FortiManager to view all the DDNS entries, but you cannot edit the entries.
Following is an example of how to configure DDNS on multiple FortiGates by using the CLI-only objects menu:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<HOST1>.fortiddns.com"
set use-public-ip enable
set monitor-interface "wan"
next
edit 2
set ddns-server FortiGuardDDNS
set ddns-domain "<HOST2>.fortiddns.com"
set use-public-ip disable
set monitor-interface "wwan"
next
end
Multiple DDNS entries are useful when using SDWAN and multiple broadband links.