Are you seeing a like "SSL handshake failure" in your debug output, or is the server list completely blank? Unable to load FortiGuard DDNS server list

If your WAN interface receives its IP via DHCP or PPPoE, it may be automatically using ISP-provided DNS servers that cannot resolve FortiGuard domains like globalddns.fortinet.net .

Crucially, (e.g., pinging 8.8.8.8 or browsing the web via a policy). The reason is that FortiGuard DDNS updates use specific FQDNs, ports, and certificate validation that are separate from normal web traffic.