allow connection from dynamic ip addresses to fg

Hello. I would like to know if there is a way to allow certain non fixed ip address to connect to the fortigate unit, wich has a fixed ip address. I can register those client ip addresses in a dynamic dns site, and create a firewall policy in the FG to allow connections to the FG from the dyndns registered names, but is there a way to have that information up to date? I mean that the remote ip address can change often and I may need some periodic update or something else on the fortigate side to know the last ip linked to the dyndns name. Can it be done in an easy way? How often is " refreshed" the cache from a FQDN stored in the fortigate firewall addresses? It would be great to allow vpn ssl connections without leaving open service to more than the necessary ip addresses. I' m running v4.0 mr2 patch 7 right now on a FG100A. Thanks in advance Sorry about my bad English.