- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Upgrade to FortiOS 6.4.2 Breaks FortiDDNS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrade to FortiOS 6.4.2 Breaks FortiDDNS
All,
Successfully upgrading a FortiGate 200F results in a broken FortiDDNS application. The FortiDDNS server list no longer populates with a list of available domains which breaks the service. Rebooting the firewall does not solve the problem. Further, the maintenance tunnel through FortiCloud will not connect to the system. Has anyone else experienced this issue? Is there a solution to this?
If the FortiDDNS service is important to you, then I recommend against upgrading to FortiOS 6.4.2 until this is addressed.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Try using the below commands and see if that fixes the DDNS issue or not :
# config system fortiguard
# set fortiguard-anycast disable
# set protocol udp
# end
- Let me know if that helps or not.
Kind Regards,
Patel
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi wlerner,
I don't use Fortigate's DDNS- but I thought I'd have a look and see if I saw the same problem. I am running 6.4.2 on a 60E.
The short answer is I don't seem to see what you are seeing.
I do seem to have the servers list populated and I can choose a "unique location" and it tells me that I can use (or not!) the unique location I choose.
I've not tried applying the config (since I'm using static public addresses and standard DNS resolution) but it looks ok to me.
I have had issues with the "anycast" FortiGuard servers so I'm currently using Fortiguard over UDP on port 8888. Not sure if this is likely to impact what you are seeing?
Hope that helps your fault finding.
Kind Regards,
Andy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am experiencing this issue with a FortiGate 200F connected to the Internet through Cox as well as a FortiGate 81E connected through Xfinity. Both were upgraded to 6.4.2 and are experiencing the same issue. I have rebooted both systems a number of times as well as checked the configuration on the command line to no avail.
I am glad you are not having any issues and your post is helpful. Maybe this is an issue limited to certain areas or providers, I do not know. It is odd that it is happening in 2 different devices located on the East and West coast of the US. I will continue to wait for more information. Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a FG-60F and also upgraded from 6.2.3 ---> 6.4.0 ---> 6.4.2. During the upgrade process, I had FortiDDNS service intact on FortiOS 6.2.3 & 6.4.0. When I upgraded to 6.4.2, FortiDDNS service broke. No longer could see the Fortiguard DDNS servers. I have an active support ticket addressing this issue. I might get it resolved with Fortinet Support tomorrow, Monday. If so, I'll post resolution.
Note: I did take a look at my previous configs to compare. I tried to cli and input "config system ddns" on FortiOS v6.4.2, but still no go.
============
F/W: 6.2.3_build6188 - Working FortiDDNS Service
config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain "My Unique Location.fortiddns.com" set monitor-interface "wan1" next end
============
F/W: 6.4.0_build6025 - Working FortiDDNS Service
config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain "My Unique Location.fortiddns.com" set monitor-interface "wan1" next end ============
F/W: 6.4.2_build1723 - Non-Working FortiDDNS Service
config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end ============
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Try using the below commands and see if that fixes the DDNS issue or not :
# config system fortiguard
# set fortiguard-anycast disable
# set protocol udp
# end
- Let me know if that helps or not.
Kind Regards,
Patel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Patel, The CLI edit you advised restored my Fortiguard DDNS service on FortiOS v6.4.2. Thank You! James
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have applied the commands recommended by Patel and they successfully restored the FortiDDNS service after a brief period of time due to the changing of protocols to UDP. The solution restored my service as well on version 6.4.2. Thank you Patel!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Glad that these commands fixed it. Welcome.
Regards,
Patel
Related Posts
- 30E firmware errors 165 Views
- FSSO DC agent version 189 Views
- Status LED not being "On" after... 437 Views
- 43658 - LOG_ID_EVENT_WIRELESS_STA_DHCP_NO_RESP 282 Views
- IPsec IKEv2: No CA certificate chain... 343 Views
Labels
-
FortiGate
6,524 -
FortiClient
1,301 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
241 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.