Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tpatel
Staff
Staff

Created on ‎08-22-2024 09:45 AM

Article Id 335586

Technical Tip: Use DDNS for an IPsec dial-up connection from FortiClient when the WAN interface is configured with a dynamic IP address

Description This article describes how to use DDNS entry to connect to IPsec dial-up when the WAN interface Is getting a dynamic IP address.
Scope FortiGate.
Solution

Configure IPsec dial-up by referring to the documentation.

 

The WAN interface IP address is getting changed because the WAN interface is configured using a DHCP address mode.

To connect to IPsec dialup, it is critical to constantly ensure the address has not changed. To resolve this, use DDNS entry as a remote gateway in FortiClient.

 

Create a DDNS entry on FortiGate:

 

In the CLI:

 

config system ddns

edit 1

set ddns-server FortiGuardDDNS

set ddns-domain "xxxxxx.fortiddns.com"

set use-public-ip enable

set update-interval 60

set monitor-interface "port1"

next

end

 

Use the DDNS entry as a remote gateway in FortiClient. If FortiGate is getting a new IP address on the WAN interface, the DDNS entry is going to update with a new IP address.

 

FortiClient configuration: DDNS entry as a Remote Gateway.

 

Picture4.png

 

Connected using DDNS:


Picture5.png
Labels:
1275
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.