Fortiguard Communication
(2025-09-04)
Test DNS lookup and basic connectivity:
execute ping service.fortiguard.net
execute ping update.fortiguard.net
execute ping guard.fortinet.net
execute ping securewf.fortiguard.net
Interface selection (ie if the auto selection isn't getting to the internet):
config system fortiguard
set interface-select-method {specify}
set interface <WAN Interface>
end
Make sure firewall time is correct, if not, check that NTP is set properly:
config system ntp
set ntpsync enable
end
Turn off Anycast
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set sdns-server-ip 208.91.112.220 173.243.140.53 210.7.96.53
end
It looks like the listed sdns servers are authoritative servers passed as a "seed" list, as the larger list is discovered from there.
Look at the current Fortiguard servers:
di de rating
Output looks something like this:
BR33-FGT-01 # di de rating
Locale : english
Service : Web-filter
Status : Enable
License : Contract
Service : Antispam
Status : Disable
Service : Virus Outbreak Prevention
Status : Disable
Num. of servers : 29
Protocol : udp
Port : 8888
Anycast : Disable
Default servers : Included
-=- Server List (Thu Sep 4 13:49:11 2025) -=-
IP Weight RTT Flags TZ FortiGuard-requests Curr Lost Total Lost Updated Time
209.40.106.91 0 61 -6 41 0 0 Thu Sep 4 13:47:46 2025
209.40.106.94 0 61 -6 1 0 0 Thu Sep 4 13:47:46 2025
209.40.106.92 0 62 -6 1 0 0 Thu Sep 4 13:47:46 2025
209.40.106.93 0 62 -6 1 0 0 Thu Sep 4 13:47:46 2025
140.174.22.71 10 53 -5 1 0 0 Thu Sep 4 13:47:46 2025
12.34.97.75 10 53 -5 1 0 0 Thu Sep 4 13:47:46 2025
12.34.97.71 10 54 DI -5 6 0 0 Thu Sep 4 13:47:46 2025
140.174.22.72 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
12.34.97.72 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
140.174.22.73 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
140.174.22.74 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
12.34.97.73 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
12.34.97.74 10 54 -5 1 0 0 Thu Sep 4 13:47:46 2025
173.243.138.91 20 78 D -8 2 0 0 Thu Sep 4 13:47:46 2025
173.243.138.92 20 78 -8 1 0 0 Thu Sep 4 13:47:46 2025
173.243.138.93 20 85 -8 1 0 0 Thu Sep 4 13:47:46 2025
194.69.172.31 60 123 0 1 0 0 Thu Sep 4 13:47:46 2025
194.69.172.32 60 123 0 1 0 0 Thu Sep 4 13:47:46 2025
194.69.172.33 60 123 0 1 0 0 Thu Sep 4 13:47:46 2025
83.231.212.81 70 131 D 1 2 0 0 Thu Sep 4 13:47:46 2025
83.231.212.85 70 131 1 1 0 0 Thu Sep 4 13:47:46 2025
83.231.212.86 70 131 1 1 0 0 Thu Sep 4 13:47:46 2025
83.231.212.84 70 131 1 1 0 0 Thu Sep 4 13:47:46 2025
83.231.212.82 70 131 1 1 0 0 Thu Sep 4 13:47:46 2025
83.231.212.83 70 131 1 1 0 0 Thu Sep 4 13:47:46 2025
210.7.96.13 120 155 9 1 0 0 Thu Sep 4 13:47:46 2025
210.7.96.12 120 163 9 1 0 0 Thu Sep 4 13:47:46 2025
210.7.96.11 120 171 9 1 0 0 Thu Sep 4 13:47:46 2025
210.7.96.14 120 171 9 1 0 0 Thu Sep 4 13:47:46 2025
If you are having some kind of resolution problem, you probably have non-zero counts in Curr Lost and Total Lost.
The firewall adjusts the weights of the server based on the time zone the serrver and firewall are in. If a server starts losing requests, the weighting is increased to reduce the chance that requests will be sent to it.
If you are in Anycast mode, the list of servers will be much shorter; we are running in UDP-8888 mode here.