Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

FortiGuard DDNS Setup - Use Public IP Address

Setting up FortiGuard DDNS on a network with a dynamic WAN1 IP address. FortiOS 6.4.4.

 

I ran the CLI changes found in: 

Technical Tip: Unable to load FortiGuard DDNS server list

https://kb.fortinet.com/kb/documentLink.do?externalID=FD49559

 

I selected:

Wan1

Use Public IP Address - On

selected Server from dropdown list

Entered a Unique Location which it says is Available!

 

It shows Domain:

uniquelocation.domain.com (0.0.0.0)

 

Why is it showing 0.0.0.0? It seems that it should display the wan1 public IP address instead.

 

If I turn the Use Public IP Address - Off it does show the public IP address instead of 0.0.0.0

 

I guess I don't know what Use Public IP Address means. This seems backwards to me.

 

Also, when we ping the ddns name, regardless of the Use Public IP Address switch position, we get a successful ping, but it appears to ping to a different public IP address and it will ping successfully even if we turn off Administrative Access: Ping.

 

2 REPLIES 2
parks_rec
New Contributor

I know this is an old post, however I stumbled in to the same thing. 

 

From what I understand, Use Public IP Address is used when you have a NAT between your firewall and the internet. If you have a WAN IP address on the interface you're trying to configure, I believe you leave this disabled. 

This article covers it a bit more: https://community.fortinet.com/t5/FortiGate/Technical-Tip-DDNS-update-with-public-IP-on-internal-fir...

 

However, the 0.0.0.0 issue you are having might be a different issue. 

This article suggests creating a static route to the FortiGuard DDNS server: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGuard-DDNS-IP-update-fails/ta-p...

sw2090
Honored Contributor

yes the "use public address" is for when you are behind a router and you want the ddns to use the public wan ip and not the ip of your wan interface.

If the FGT does e.g. pppoe or has a static ip setup on that wan the option is not needed. Probably this in you case so it cannot determine the public ip and that' why you get 0.0.0.0.

 

I use ddns (but not fortiddns) on several FGT behind Routers with the option set and it works fine (execpt from one bug concerning ipsec which is currently being investigated by TAC).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors