FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jrosado_FTNT
Staff
Staff
Description
This article describes how to update the DDNS with a public IP on an internal firewall. In previous FortiOS versions, defining a DDNS in a non-edge firewall would result in its association with an internal IP address, even if this IP address belongs to the WAN interface. Hence, the DDNS could not be reached from the Internet.
Scope

In version 5.4, DDNS services are capable of registering the external NAT device’s IP address. 


   L |     +------+ WAN1      +------+ Public      ********
   A +-----|  FG  | <-------> |Router| <-------> **INTERNET**
   N |     +------+           +------+             ********

WAN1: 10.10.0.1
Public IP: xxx.xxx.189.243


Solution
In version 5.4 external NAT or public IP address can be associated to the DDNS service with the option "Use Public IP Address" in the GUI or with the command “use-public-ip” in CLI.




# config system ddns
    edit 1
        set ddns-server FortiGuardDDNS
        set ddns-domain "fg-wan1.fortiddns.com"
        set use-public-ip enable
        set monitor-interface "wan1"
    next
end


Once bound the public IP address will be shown in parenthesis in the GUI:




And can also be consulted via CLI:
# config system ddns

# edit 1

# get
ddnsid              : 1
ddns-server         : FortiGuardDDNS
ddns-domain         : fg-wan1.fortiddns.com
use-public-ip       : enable
monitor-interface   : "wan1"
bound-ip            : xxx.xxx.189.243


Contributors