7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. See Endpoint security improvement.
If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.
For ZTNA tags for checking certificates, FortiClient (Linux) does not check user certificates and only checks root CA certificates installed on the system. These routes are:
CentOS and Red Hat: