Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Special notices

Endpoint security improvement

EMS 6.4.7 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 6.4.7 installer is not available on FortiGuard Distribution Servers (FDS). To install the FortiClient 6.4.7 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If the EMS server certificate is invalid, and FortiClient is upgraded to 6.4.7, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.

Nested VPN tunnels

FortiClient (Windows) does not support parallel independent VPN connections to different sites. However, FortiClient (Windows) may still establish VPN connection over existing third-party (for example, AT&T Client) VPN connection (nested tunnels).

SSL VPN connectivity issues

Latency or poor network connectivity can affect the FortiClient SSL VPN connection. To further help avoid timeouts, increase the login timeout on the FortiGate to 180 seconds using the following CLI command:

config vpn ssl settings

set login-timeout 180

end

Microsoft Windows server support

FortiClient (Windows) supports the AV, vulnerability scan, Web Filter, and SSL VPN features for Microsoft Windows servers.

HP Velocity and Application Firewall

When using an HP computer, a conflict between the HP Velocity application and FortiClient Application Firewall can cause a blue screen of death or network issues. If not using HP Velocity, consider uninstalling it.

Split tunnel

In EMS 6.4.1, application-based split tunneling was configured globally and applied to all IPsec or SSL VPN tunnels. In EMS 6.4.2 and later versions, the application-based split tunneling feature was changed to be configured on a per-tunnel basis. Therefore, a global application-based split tunnel configuration made in EMS 6.4.1 will no longer function after upgrading to 6.4.7. You must complete the per-tunnel configuration after upgrade. See Configuring a profile with application-based split tunnel.

This is unrelated to the FortiOS split tunnel feature.

Special notices

Endpoint security improvement

EMS 6.4.7 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 6.4.7 installer is not available on FortiGuard Distribution Servers (FDS). To install the FortiClient 6.4.7 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If the EMS server certificate is invalid, and FortiClient is upgraded to 6.4.7, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.

Nested VPN tunnels

FortiClient (Windows) does not support parallel independent VPN connections to different sites. However, FortiClient (Windows) may still establish VPN connection over existing third-party (for example, AT&T Client) VPN connection (nested tunnels).

SSL VPN connectivity issues

Latency or poor network connectivity can affect the FortiClient SSL VPN connection. To further help avoid timeouts, increase the login timeout on the FortiGate to 180 seconds using the following CLI command:

config vpn ssl settings

set login-timeout 180

end

Microsoft Windows server support

FortiClient (Windows) supports the AV, vulnerability scan, Web Filter, and SSL VPN features for Microsoft Windows servers.

HP Velocity and Application Firewall

When using an HP computer, a conflict between the HP Velocity application and FortiClient Application Firewall can cause a blue screen of death or network issues. If not using HP Velocity, consider uninstalling it.

Split tunnel

In EMS 6.4.1, application-based split tunneling was configured globally and applied to all IPsec or SSL VPN tunnels. In EMS 6.4.2 and later versions, the application-based split tunneling feature was changed to be configured on a per-tunnel basis. Therefore, a global application-based split tunnel configuration made in EMS 6.4.1 will no longer function after upgrading to 6.4.7. You must complete the per-tunnel configuration after upgrade. See Configuring a profile with application-based split tunnel.

This is unrelated to the FortiOS split tunnel feature.