Skip to main content
SecurityPlus
SecurityPlus
Explorer III
January 28, 2021
Question

FortiGuard DDNS Setup - Use Public IP Address

  • January 28, 2021
  • 2 replies
  • 10860 views

Setting up FortiGuard DDNS on a network with a dynamic WAN1 IP address. FortiOS 6.4.4.

 

I ran the CLI changes found in: 

Technical Tip: Unable to load FortiGuard DDNS server list

https://kb.fortinet.com/kb/documentLink.do?externalID=FD49559

 

I selected:

Wan1

Use Public IP Address - On

selected Server from dropdown list

Entered a Unique Location which it says is Available!

 

It shows Domain:

uniquelocation.domain.com (0.0.0.0)

 

Why is it showing 0.0.0.0? It seems that it should display the wan1 public IP address instead.

 

If I turn the Use Public IP Address - Off it does show the public IP address instead of 0.0.0.0

 

I guess I don't know what Use Public IP Address means. This seems backwards to me.

 

Also, when we ping the ddns name, regardless of the Use Public IP Address switch position, we get a successful ping, but it appears to ping to a different public IP address and it will ping successfully even if we turn off Administrative Access: Ping.

 

    2 replies

    parks_rec
    parks_rec
    New Member
    July 21, 2022

    I know this is an old post, however I stumbled in to the same thing. 

     

    From what I understand, Use Public IP Address is used when you have a NAT between your firewall and the internet. If you have a WAN IP address on the interface you're trying to configure, I believe you leave this disabled. 

    This article covers it a bit more: https://community.fortinet.com/t5/FortiGate/Technical-Tip-DDNS-update-with-public-IP-on-internal-firewalls/ta-p/195734?externalID=FD38082

     

    However, the 0.0.0.0 issue you are having might be a different issue. 

    This article suggests creating a static route to the FortiGuard DDNS server: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGuard-DDNS-IP-update-fails/ta-p/198179

    sw2090
    SuperUser
    sw2090
    SuperUser
    July 22, 2022

    yes the "use public address" is for when you are behind a router and you want the ddns to use the public wan ip and not the ip of your wan interface.

    If the FGT does e.g. pppoe or has a static ip setup on that wan the option is not needed. Probably this in you case so it cannot determine the public ip and that' why you get 0.0.0.0.

     

    I use ddns (but not fortiddns) on several FGT behind Routers with the option set and it works fine (execpt from one bug concerning ipsec which is currently being investigated by TAC).

    Terms & ConditionsAccessibility statement