FortiClient Cloud application signatures block allowlisted applications.

FortiClient cannot connect to JVC wireless display.

Threat ID is 0 on Firewall Events.

After upgrading FortiClient (Windows), Application Firewall blocks internal webpage.

FortiClient (Windows) blocks Veeam with messages related to Remote.CMD.Shell and VeeamAgent.exe.

Application Firewall slows down opening Microsoft Active Directory (AD) Users and Computers application.

FortiClient detects IntelliJ IDEA Community Edition 2021.2.2 as Java.Debug.Wire.Protocol.Insecure.Configuration.

Application Firewall does not block Google Drive.

FortiClient shows all feature tabs without registering to EMS after upgrade.

Administrator cannot restore a quarantined file through EMS quarantine management if FortiClient (Windows) registered as onboarding user.

Redeploying from another EMS server causes FortiClient (Windows) to not reconnect to EMS automatically.

After upgrading FortiClient with EMS local onboarding user with LDAP, FortiClient (Windows) prompts for registration authentication.

EMS device control does not block camera.

FortiClient fails to send username to EMS, causing EMS to report it as different users.

EMS shows endpoints as offline, while they show their own status as online.

LDAP query for AD group check does not execute.

Some single sign on mobility agent (SSOMA) versions do not present client certificate to FortiAuthenticator.

FortiClient (Windows) does not hide software update options when registered to EMS (regression).

FortiClient ignores the listing order of the configured VPN connections in the GUI and tray.

FortiClient does not report profile change update in Notifications.

FortiDeviceGuard is not installed on Windows Server 2022.

SSL VPN add/close action does not show on FortiGate Endpoint Event section.

FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

FortiClient does not allow virtual CD-ROM device.

GUI shows ransomware quarantined files after restoration via EMS.

Antiexploit protection blocks Microsoft Signing application in Chrome.

FortiClient (Windows) does not include XML option to decide if FortiClient (Windows) should be snoozed or allowed to run side by side with FortiEDR.

SSL VPN negate split tunnel IPv6 address does not work.

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

For SSL VPN dual stack, GUI only shows IPv4 address.

SSL VPN disconnects and returns hostcheck timeout after 15 to 20 minutes of connection.

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

Free VPN-only client does not show token box on rekey and GUI open.

Certificate works for IPsec VPN tunnel if put it in current user store but fails to work if in local machine.

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

Automatic failover to second remote gateway does not work when using priority-based IPsec VPN resiliency tunnel.

FortiClient search domains transfer incorrectly to endpoints.

VPN before logon does not work with Okta multifactor authentication and enforcing acceptance of the disclaimer message.

Always up feature does not work as expected when trying to connect to VPN from tray.

FortiClient cannot connect to VPN when there are two gateways listed using SAML.

SSL VPN with <on_os_start_connect> enabled does not work when the machine is put into sleep mode and changes networks.

If allow_local_lan=0 and per-application split tunnel with exclude mode and full tunnel are configured, FortiClient (Windows) should block local RDP/HTTPS traffic.

FortiClient (Windows) sends SAML response to a different IP address than the request it received from.

VPN autoconnect does not work with IKEv2 IPsec VPN and user certificates.

SSL VPN with certificates cannot connect to VPN on Elitebook 850 G5/Elitebook 850 G3 laptops.

After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.

FortiClient does not send public IP address for SAML, leading to 0.0.0.0 displaying on FortiOS and FortiSASE.

Citrix application shows blank pages on SSL VPN tunnel.

FortiClient only adds FQDN route every second or third disconnect/reconnect.

FortiSSLVPNclient.exe does not correctly use predfined VPN profiles for corporate or personal VPNs.

Windows feature DeadGatewayDetection does bypass default route via VPN.

When using SAML login with built-in browser, FortiAuthenticator, saved password and autoconnect selected, FortiClient (Windows) cannot remember username and password.

SAML login does not display user warning when opening multiple connection with Limit Users to One SSL-VPN Connection at a Time.

FortiClient cannot dial up SSL VPN tunnel with ECDSA certificate.

If FortiClient is registered to EMS, option to connect to IPsec VPN on OS start fails to work.

FortiClient (Windows) intermittently grays out SAML button after device wakes from sleep.

Using closest gateway based on TCP round trip time for IPsec VPN resilience does not work if ping is disabled for first gateway.

Autoconnect does not work when based on ping speed/TCP round trip to choose closest FortiGate if FortiClient cannot reach first gateway.

FortiClient (Windows) stores VPN tunnels manually added by importing XML configuration under Corporate VPN.

IPsec VPN for FIPS-enabled FortiClient fails to work when EMS-pushed IPsec/SSL VPN tunnel contains application split tunnel settings.

FortiClient does not handle EMS-pushed IPsec VPN configuration of encryption/authentication/DH group that FortiClient FIPS does not support.

Autoconnect only when off-fabric does not work properly with user account and MFA with FortiToken for xAuth.

IPsec VPN takes long time to connect and shows Connect button when connection is in progress.

FortiSASE VPN always up has frequent issues when shifting endpoints from one public network to another.

SSL VPN SAML login fails to work if using YubiKey for MFA.

User from India cannot connect to SSL VPN using SAML authentication but can connect when located in the U.S.

Static DNS entry is registered when on-fabric.

SSL VPN with SAML authentication fails when using an invalid SSL certificate.

Attempt to access local network resource via SMB fails after FortiClient (Windows) establishes IPsec VPN tunnel in some conditions.

FortiClient enables Turn off smart multi-homed name resolution on the Windows machine after successful connection.

IPsec VPN password renew prompt differs from SSL VPN prompt.

SSL_accept fails due to 1:bad signature error.

FortiClient crashes while using IPsec VPN IKEv1.

Connecting to SSL VPN with FQDN resolved to both IPv4 and IPv6 as remote gateway gets stuck at 98%.

IPsec VPN connection fails due to blank password with Duo multifactor authentication.

SSL VPN connection has issues with SAML Azure.

Attack surface reduction rule in Microsoft 365 Defender audits FortiSSLVPNdaemon.exe.

Split DNS on SSL VPN only resolves the first DNS server.

With VPN before logon, there is no one-time password (OTP) token request prompt if using FortiToken Mobile with FortiAuthenticator for OTP.

With <prefer_sslvpn_dns>=0, when SSL VPN is up, FortiClient adds dns-suffix to all network interfaces.

Domain filter cannot block access for specific server FQDN.

FortiClient fails to resolve SRV records with split DNS.

FortiClient provides inaccurate error in German when SSL VPN password is incorrect.

FortiShield blocks FortiSSLVPNsys.exe, causing SSL VPN connection failure.

Java error occurs when connected through FortiClient over SSL VPN.

EMS does not remove vulnerability events after successful patch.

FortiClient detects vulnerability when the required KB is installed.

FortiClient fails to detect vulnerabilities possibly due to FCM skipping certain VIDs when scanning.

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.

Web Filter is enabled on FortiSASE profile on EMS.

Blocked web client shows dropped connection message instead of URL blocked message.

Web Filter blocks LuxTrust middleware.

FortiClient does not block Gmail when using Gmail link in Chrome.

FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.

FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.

Going from off- to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.

ZTNA TCP forwarding does not work for GoAnywhere application.

ZTNA has multiple client certificates in certificate store.

User cannot create FortiGate tunnel if FortiGate works as both VPN and ZTNA proxy server.

ZTNA TCP forwarding fails to prompt for SAML authentication with external browser after closing and reattempting the connection.

FortiClient requests SAML credentials after network change in ZTNA connections.

Zero trust tag rule for AD group does not work when registering FortiClient to EMS with onboarding user.

NETIO.SYS/FortiWF2.sys causes BSOD on Windows 10.

FortiESNAC.exe crashes and FortiClient (Windows) fails to update signatures.