New Member

Solved

Upgrade to FortiOS 6.4.2 Breaks FortiDDNS

Forum|Forum|5 years ago
August 2, 2020
2 replies
12753 views

All,

Successfully upgrading a FortiGate 200F results in a broken FortiDDNS application. The FortiDDNS server list no longer populates with a list of available domains which breaks the service. Rebooting the firewall does not solve the problem. Further, the maintenance tunnel through FortiCloud will not connect to the system. Has anyone else experienced this issue? Is there a solution to this?

If the FortiDDNS service is important to you, then I recommend against upgrading to FortiOS 6.4.2 until this is addressed.

Capture.JPG

Best answer by Patel

Hi,

Try using the below commands and see if that fixes the DDNS issue or not :

# config system fortiguard

# set fortiguard-anycast disable

# set protocol udp

# end

- Let me know if that helps or not.

Kind Regards,

Patel

andrewbailey

New Member

Hi wlerner,

I don't use Fortigate's DDNS- but I thought I'd have a look and see if I saw the same problem. I am running 6.4.2 on a 60E.

The short answer is I don't seem to see what you are seeing.

I do seem to have the servers list populated and I can choose a "unique location" and it tells me that I can use (or not!) the unique location I choose.

I've not tried applying the config (since I'm using static public addresses and standard DNS resolution) but it looks ok to me.

I have had issues with the "anycast" FortiGuard servers so I'm currently using Fortiguard over UDP on port 8888. Not sure if this is likely to impact what you are seeing?

Hope that helps your fault finding.

Kind Regards,

Andy.

DDNS Screenshot 2020-08-02 183142.jpg

wlernerAuthor

New Member

I am experiencing this issue with a FortiGate 200F connected to the Internet through Cox as well as a FortiGate 81E connected through Xfinity. Both were upgraded to 6.4.2 and are experiencing the same issue. I have rebooted both systems a number of times as well as checked the configuration on the command line to no avail.

I am glad you are not having any issues and your post is helpful. Maybe this is an issue limited to certain areas or providers, I do not know. It is odd that it is happening in 2 different devices located on the East and West coast of the US. I will continue to wait for more information. Thanks.

IrishKennedy

New Member

I have a FG-60F and also upgraded from 6.2.3 ---> 6.4.0 ---> 6.4.2. During the upgrade process, I had FortiDDNS service intact on FortiOS 6.2.3 & 6.4.0. When I upgraded to 6.4.2, FortiDDNS service broke. No longer could see the Fortiguard DDNS servers. I have an active support ticket addressing this issue. I might get it resolved with Fortinet Support tomorrow, Monday. If so, I'll post resolution.

Note: I did take a look at my previous configs to compare. I tried to cli and input "config system ddns" on FortiOS v6.4.2, but still no go.

============

F/W: 6.2.3_build6188 - Working FortiDDNS Service

config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain "My Unique Location.fortiddns.com" set monitor-interface "wan1" next end

============

F/W: 6.4.0_build6025 - Working FortiDDNS Service

config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain "My Unique Location.fortiddns.com" set monitor-interface "wan1" next end ============

F/W: 6.4.2_build1723 - Non-Working FortiDDNS Service

config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end ============

PatelAnswer

New Member

Hi,

Try using the below commands and see if that fixes the DDNS issue or not :

# config system fortiguard

# set fortiguard-anycast disable

# set protocol udp

# end

- Let me know if that helps or not.

Kind Regards,

Patel

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded