Description
This article describes how to update the DDNS with a public IP on an internal firewall. In previous FortiOS versions, defining a DDNS in a non-edge firewall would result in its association with an internal IP address, even if this IP address belongs to the WAN interface. Hence, the DDNS could not be reached from the Internet.
Scope
Solution
In version 5.4 external NAT or public IP address can be associated to the DDNS service with the option "Use Public IP Address" in the GUI or with the command “use-public-ip” in CLI.
Once bound the public IP address will be shown in parenthesis in the GUI:
And can also be consulted via CLI:
This article describes how to update the DDNS with a public IP on an internal firewall. In previous FortiOS versions, defining a DDNS in a non-edge firewall would result in its association with an internal IP address, even if this IP address belongs to the WAN interface. Hence, the DDNS could not be reached from the Internet.
Scope
In version 5.4, DDNS services are capable of registering the external NAT device’s IP address.
L | +------+ WAN1 +------+ Public ********
A +-----| FG | <-------> |Router| <-------> **INTERNET**
N | +------+ +------+ ********
WAN1: 10.10.0.1
Public IP: xxx.xxx.189.243
Solution
In version 5.4 external NAT or public IP address can be associated to the DDNS service with the option "Use Public IP Address" in the GUI or with the command “use-public-ip” in CLI.
# config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "fg-wan1.fortiddns.com"
set use-public-ip enable
set monitor-interface "wan1"
next
end
Once bound the public IP address will be shown in parenthesis in the GUI:
And can also be consulted via CLI:
# config system ddns
# edit 1
# get
ddnsid : 1
ddns-server : FortiGuardDDNS
ddns-domain : fg-wan1.fortiddns.com
use-public-ip : enable
monitor-interface : "wan1"
bound-ip : xxx.xxx.189.243
