Dynamic DNS

Dynamic DNS

If your ISP changes your external IP address on a regular basis, and you have a static domain name, you can configure the external interface to use a dynamic DNS service to ensure external users and/or customers can always connect to your company firewall.

If you have a FortiGuard subscription, you can use FortiGuard as your DDNS server. To configure dynamic DNS in the web-based manager, go to System > Network > DNS, select Enable FortiGuard DDNS, and enter the relevant information for the interface communicating to the server, and which server to use, and relevant information.

If you do not have a FortiGuard subscription, or want to use an alternate server, you can configure dynamic DNS in the CLI use the commands below. Within the CLI you can configure a DDNS for each interface. Only the first configured port appears in the web-based manager. Additional commands vary with the DDNS server you select.


config system ddns

edit <instance_value>

set monitor-interface <external_interface>

set ddns-server <ddns_server_selection>



You can also use FortiGuard (when subscribed) as a DDNS as well. To configure, use the CLI commands:

config system fortiguard set ddns-server-ip

set ddns-server-port end

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

4 thoughts on “Dynamic DNS

  1. Currently we are facing the issue,the head office firewall not getting the updated ip of fortiddns host name that is configured at sites office firewall,which results downing the vpn.on sites the fortinet firewall resolving the new isp with its fortiddns host name but the head office fortinet firewall is unable to get the updated ip.currently we are using 5.4.1 os and the devices are 300D at head office and 80D at sites office…i raise this issue with fortinet support team but until now they are unable to find the proper solution.any one can help me ,how to take this issue and decrease the vpn downtime..
    Note:ISP public ip frequently changing ,approximately after 12 hours.

  2. Hi Mike,
    Can you advise on moving to a hybrid DNS?

    Currently, all our LAN machines receive their IP address from our Fortigate 60D (each machine is either allocated an IP address from the Fortigate DHCP, or has a static IP address set in the Fortigate).
    Our DNS records are currently managed from fortiddns.com.

    Can I create a local DNS server, that will perform name-resolution for some of our LAN machines?


    • You can. You can run the DNS Server functionality on the FortiGate and provide local lookups for the devices within (they would have to use the FortiGate as the DNS server OR their DNS servers would have to look at the FortiGate for forwarding purposes).

      Most organizations utilize their Active Directory DNS and have a zone for the local items.

Leave a Reply

Name *
Email *

This site uses Akismet to reduce spam. Learn how your comment data is processed.