Basics for my config:

FGT60Fx1 - Dynamic External Address (Comcast)
FMG VM - Internal address behind the FGT60Fx1
FGT60Fx2 - Dynamic External Address / CGNAT (T-Mobile Home Internet)

I am using FMG to configure both devices. I am trying to configure a VIP for FGT60Fx1's external port to allow inbound FMG traffic (ports: TCP 541, 542, 53, 80, 8888, 8889, 8900, 8890, 443, UDP 53, 8888, 8889 per https://docs.fortinet.com/document/fortimanager/7.6.0/fortimanager-ports/465971/incoming-ports). However, FortiManager won't allow me to use 0.0.0.0 / 0.0.0.0 as the "External" address. Since the external address will change at my provider's whim, how do I get around this? I do have DDNS setup, but that also didn't work when setting up the FQDN option as it continually tells me I need a change note, even though I've entered one. I've tried using 1 character, 5 characters, 50 characters, but the field says I haven't added a change note.

What is the trick to setting up VIPs in FortiManager (7.2.7 in this case)?