Here in this article let us discuss two issues
1)Your DDNS domain is updating to private IP instead of public IP address.
2) You are not able to access firewall with DDNS domain name.
DDNS domain updating to private IP:
First let us understand how DDNS works in fortigate firewall, Under network >> DDNS option as soon as you enable DDNS and select interface and define domain. Your domain will be taking concerned interface IP address and update DNS records with the domain and IP address.
Lets say, if your ISP is giving you private IP, in those cases domain will be mapped to private, since private IP is not routable in internet users will not be access firewall with that domain name.
In order to avoid this scenario, you need to enable “use public ip” option as shown below:
config sys ddns
edit <id> (ID of DDNS)
set use-public-ip enable
Once you enable this option “use-public-ip”, the first IP which is there in line to the ISP from the firewall, it will take that IP and map it to the concerned DDNS domain.
You are not able to access firewall with DDNS domain name:
Lets say if domain is not pointing to interface IP address, instead if its pointing to your firewall upstream router IP (in as scenarios where private IP pointed to firewall interface IP). In these type of scenarios you need to do port forwarding in upstream router to forward all the traffic to firewall.
Here the packet flow will be, in user machine will access firewall with DDNS domain name. Domain will be pointed towards upstream router IP and firewall will be behind upstream router. So we need to do port forwarding in upstream router so that traffic will reach the firewall.
Hope this article helps you 🙂