Fortinet black logo

Known issues

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.2. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and deployment

Bug ID

Description

716597

Installation using norestart parameter requests reboot.

737288 Cannot use FortiClient (Windows) with Microsoft Defender using Windows Defender Application Control policy.
752345 'invalid_cert_action' specified in installer is not applied at installation.
756715 EMS defaults Invalid Cert Action to Warn for created FortiClient installer.

Workaround: EMS administrator to select Allow for Invalid Cert Action when creating FortiClient installer.

Application Firewall

Bug ID Description

663024

Add VMware Horizon Virtual Desktop Infrastructure Agent signature.

717628 Application Firewall causes issues with Motorola RMS high availability client.

GUI

Bug ID Description
725644

Google social network login does not work properly.

726911 GUI cannot show tags if tag name contains character that needs to be escaped.
742425 Disabling export logs option does not work.
742676 "the exception illegal Instruction error" occurs.
744542 FortiClient (Windows) displays blank SAML login window after accepting security warning.
751299 FortiClient has empty vulnerability details tab.
752349 Invalid certificates action in Settings does not update after receiving updated Endpoint Control profile.
752356 Invalid Certificate Detected alert disappears after 20 seconds without clicking Accept or Deny .

Zero Trust Network Access (ZTNA) connection rules

Bug ID Description
730459 FortiClient certificate serial number in endpoint is incorrect.
733255 FortiClient (Windows) must disconnect and reconnect to EMS to fix access issue when visiting a ZTNA-enabled site.
742103 ZTNA connection rule deletion does not take effect immediately.

Zero Trust Telemetry

Bug ID

Description

678388 Active Directory user logoff does not trigger tag message from FortiClient (Windows).

702660

Switching AD users does not modify user details in EMS Endpoints table.

705010 After switching users, FortiClient does not send new user information to EMS, causing the EMS Endpoints pane to show the endpoint with an incorrect username.
714131

Migrating FortiClient to different server fails when connection key is enabled.

721651

When connected to a full VPN to FortiGate, FortiClient sends virtual IP and MAC addresses to EMS.

722199

FortiClient stays in registration progress to FortiClient Cloud and never returns connection result.

724038

Zero Trust tag rule does not work properly for AD-joined devices when endpoints connect to EMS via SSL VPN.

724988

FortiClient uses FortiSASE egress IP address as the public IP address.

731525

FortiClient (Windows) does not detect AV is not up-to-date tagging rule result properly.

736210 FortiGate endpoint record list does not show all IPsec and SSL VPN tunnel entries.
736587 Assignment of vulnerability-related ZTNA tags is inconsistent for endpoints that have same Vulnerability Scan result.
736684 Vulnerable Devices Severity Level tagging rule does not respect selected level.
738813 FortiESNAC process causes high CPU, but issue disappears after removing Zero Trust tagging rules and running Windows updates.

Malware Protection and Sandbox

Bug ID

Description

693565 Chrome cannot rename temporary download files because Sandbox agent locks them.
700396 Device driver cannot be loaded (code 38).

709729

realtime_scan log disappears after ten seconds.

729499

Endpoints fail to update AV signatures, causing EMS to consistently send AV out-of-date email notifications.

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

734012 FortiClient does not respect exclusions if malicious file is detected as riskware.
747481 Antivirus right-click on-demand scan fails.
749331 FortiClient is snoozed in Windows Security in Windows settings due to conflict with FortiEDR.

749348

Performance issues after upgrade.

Remote Access

Bug ID

Description

639981 SAML login does not work when PKI group and SAML group are assigned to an SSL VPN policy together.
649426 IPsec and SSL VPN per-application VPN split tunnel does not work properly.
684913 SAML authentication on SSL VPN with realms does not work.
707882 IPsec VPN fails to autoconnect with Failed to launch IPsec service error.

710783

When per-machine and user autoconnect are both configured, per-machine tunnel drops in minutes before logging in to Windows.

710877 SSL VPN with SAML (Azure AD) and two gateways does not work.

711227

Per-user autoconnect starts autoconnect before logging in to Windows.

711402

Per-user autoconnect does not establish, and per-machine autoconnect remains connected after logging in to Windows.

716323 IPsec VPN cannot connect, with no response from GUI.
717512 IPsec VPN disclaimer message present in EMS profile is not present on endpoints, and FortiClient (Windows) does not show a disclaimer.

717913

FortiSASE VPN fails to reestablish after upgrading FortiSASE-related components.

724452 IPsec VPN tunnel with multiple gateways does not connect to the second gateway if the first one is inaccessible when the certificate is used.

724632

FortiClient (Windows) does not send SAML logout event to FortiAuthenticator.

725631 Network interfaces on laptops with Windows 10 stay unavailable after hibernation or sleep.
726249 FortiClient cannot effectively exempt trusted FQDNs from FortiSASE VPN.
726680 VPN clients take 20 seconds to disconnect when using a remote gateway where FQDN is resolved to multiple IP addresses and one is inaccessible.
727695 FortiClient on Windows 10 fails to block SSL VPN when FortiClient (Windows) has prohibit host tag.
729233 FortiSASE Trusted Traffic feature (split tunnel) requires restarting the FortiClient SSL VPN connection to take effect.
729610 Save username and password are enabled but FortiClient incorrectly saves encrypted password when user enters Spanish characters.
731011 FortiClient (Windows) is stuck at 98% connecting to SSL VPN tunnel when integrated with SAML (Azure AD) authentication.

731127

SSL VPN tunnel with SAML login displays Empty username is not allowed. error due to having multiple gateways defined.

731152

FortiClient (Windows) reports that it cannot reach corporate network when SSL VPN is connected.

731912 FortiClient does not register any interface's IP addresses to the DNS server, when IPsec VPN tunnel is up.

734866

Tunnel with per-machine autoconnect before OS start configured keeps trying to connect after failing to connect to VPN.

735105

Per-machine autoconnect certificate dropdown list also lists certificates in current user store before logging in to Windows.

736353 Multigateway failover does not go back to check previous gateways when failing over to see if they are up.

737798

FortiClient (Windows) does not try to connect with the second gateway if it cannot access the first one.

737964

When connecting to VPN before logging on to Windows, the certificate dropdown list shows multiple ZTNA certificates.

740410 FortiClient (Windows) applies client certificate to unmatched mapping of SSL VPN.
740679 Always-on VPN requires credentials when switching networks.
740725 SSL VPN on OS start does not reestablish following network issues.
742279 FortiClient to FortiGate SSL VPN is stuck during connection with SAML.
742833 Per-machine VPN before logon does not connect after upgrade.

743009

With Azure AD, FortiClient cannot connect SSL VPN using SAML and status is stuck at 98%.

743925 Host check warning prompt cannot display all predefined warning messages.
744020 SSL VPN and Web Filter problems.
744945 VPN before logon cannot connect before Windows logon, causing the Group Policy Object to be unable to commit before logon.
749735 FortiClient (Windows) cannot connect VPN to company network using T-Mobile IPv6 network.
751430 Split tunnel, split DNS, and remote DNS server resolution do not work.
751669 Application-based split tunnel breaks exclusive routing on SSL VPN.
752346 IP address assigned to the SSL VPN NIC in remote user PC and split tunnel routes is not installed.
753531 Windows client connected to VPN does not use targeted DNS servers acquired via DHCP on FortiClient (Windows) VA.

754820

Enabling host check for only the firewall does not work properly.

755510

SSL VPN dual stack does not work if using certificate in local machine.

Vulnerability Scan

Bug ID

Description

741459 Vulnerability Scan detects Python as critical/high vulnerability after removal.

Web Filter and plugin

Bug ID Description

657715

FortiProxy fails to start.

734400

Proxy service fails to process HTTPS connections.

740802 Web Filter displays unknown category for many entries in blocklist.
743738 FortiClient should avoid sending delimiter characters inside events.
748250 FortiClient does not detect that Web Filter plugin is stalled and blocks navigation.

Logs

Bug ID

Description

704611 FortiClient does not send logs to FortiAnalyzer.
720388 FortiClient fails to provide log for secure Remote Access compliance enforcement.

746181

FortiClient does not generate logs when VPN is blocked due to compliance tag.

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.2. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and deployment

Bug ID

Description

716597

Installation using norestart parameter requests reboot.

737288 Cannot use FortiClient (Windows) with Microsoft Defender using Windows Defender Application Control policy.
752345 'invalid_cert_action' specified in installer is not applied at installation.
756715 EMS defaults Invalid Cert Action to Warn for created FortiClient installer.

Workaround: EMS administrator to select Allow for Invalid Cert Action when creating FortiClient installer.

Application Firewall

Bug ID Description

663024

Add VMware Horizon Virtual Desktop Infrastructure Agent signature.

717628 Application Firewall causes issues with Motorola RMS high availability client.

GUI

Bug ID Description
725644

Google social network login does not work properly.

726911 GUI cannot show tags if tag name contains character that needs to be escaped.
742425 Disabling export logs option does not work.
742676 "the exception illegal Instruction error" occurs.
744542 FortiClient (Windows) displays blank SAML login window after accepting security warning.
751299 FortiClient has empty vulnerability details tab.
752349 Invalid certificates action in Settings does not update after receiving updated Endpoint Control profile.
752356 Invalid Certificate Detected alert disappears after 20 seconds without clicking Accept or Deny .

Zero Trust Network Access (ZTNA) connection rules

Bug ID Description
730459 FortiClient certificate serial number in endpoint is incorrect.
733255 FortiClient (Windows) must disconnect and reconnect to EMS to fix access issue when visiting a ZTNA-enabled site.
742103 ZTNA connection rule deletion does not take effect immediately.

Zero Trust Telemetry

Bug ID

Description

678388 Active Directory user logoff does not trigger tag message from FortiClient (Windows).

702660

Switching AD users does not modify user details in EMS Endpoints table.

705010 After switching users, FortiClient does not send new user information to EMS, causing the EMS Endpoints pane to show the endpoint with an incorrect username.
714131

Migrating FortiClient to different server fails when connection key is enabled.

721651

When connected to a full VPN to FortiGate, FortiClient sends virtual IP and MAC addresses to EMS.

722199

FortiClient stays in registration progress to FortiClient Cloud and never returns connection result.

724038

Zero Trust tag rule does not work properly for AD-joined devices when endpoints connect to EMS via SSL VPN.

724988

FortiClient uses FortiSASE egress IP address as the public IP address.

731525

FortiClient (Windows) does not detect AV is not up-to-date tagging rule result properly.

736210 FortiGate endpoint record list does not show all IPsec and SSL VPN tunnel entries.
736587 Assignment of vulnerability-related ZTNA tags is inconsistent for endpoints that have same Vulnerability Scan result.
736684 Vulnerable Devices Severity Level tagging rule does not respect selected level.
738813 FortiESNAC process causes high CPU, but issue disappears after removing Zero Trust tagging rules and running Windows updates.

Malware Protection and Sandbox

Bug ID

Description

693565 Chrome cannot rename temporary download files because Sandbox agent locks them.
700396 Device driver cannot be loaded (code 38).

709729

realtime_scan log disappears after ten seconds.

729499

Endpoints fail to update AV signatures, causing EMS to consistently send AV out-of-date email notifications.

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

734012 FortiClient does not respect exclusions if malicious file is detected as riskware.
747481 Antivirus right-click on-demand scan fails.
749331 FortiClient is snoozed in Windows Security in Windows settings due to conflict with FortiEDR.

749348

Performance issues after upgrade.

Remote Access

Bug ID

Description

639981 SAML login does not work when PKI group and SAML group are assigned to an SSL VPN policy together.
649426 IPsec and SSL VPN per-application VPN split tunnel does not work properly.
684913 SAML authentication on SSL VPN with realms does not work.
707882 IPsec VPN fails to autoconnect with Failed to launch IPsec service error.

710783

When per-machine and user autoconnect are both configured, per-machine tunnel drops in minutes before logging in to Windows.

710877 SSL VPN with SAML (Azure AD) and two gateways does not work.

711227

Per-user autoconnect starts autoconnect before logging in to Windows.

711402

Per-user autoconnect does not establish, and per-machine autoconnect remains connected after logging in to Windows.

716323 IPsec VPN cannot connect, with no response from GUI.
717512 IPsec VPN disclaimer message present in EMS profile is not present on endpoints, and FortiClient (Windows) does not show a disclaimer.

717913

FortiSASE VPN fails to reestablish after upgrading FortiSASE-related components.

724452 IPsec VPN tunnel with multiple gateways does not connect to the second gateway if the first one is inaccessible when the certificate is used.

724632

FortiClient (Windows) does not send SAML logout event to FortiAuthenticator.

725631 Network interfaces on laptops with Windows 10 stay unavailable after hibernation or sleep.
726249 FortiClient cannot effectively exempt trusted FQDNs from FortiSASE VPN.
726680 VPN clients take 20 seconds to disconnect when using a remote gateway where FQDN is resolved to multiple IP addresses and one is inaccessible.
727695 FortiClient on Windows 10 fails to block SSL VPN when FortiClient (Windows) has prohibit host tag.
729233 FortiSASE Trusted Traffic feature (split tunnel) requires restarting the FortiClient SSL VPN connection to take effect.
729610 Save username and password are enabled but FortiClient incorrectly saves encrypted password when user enters Spanish characters.
731011 FortiClient (Windows) is stuck at 98% connecting to SSL VPN tunnel when integrated with SAML (Azure AD) authentication.

731127

SSL VPN tunnel with SAML login displays Empty username is not allowed. error due to having multiple gateways defined.

731152

FortiClient (Windows) reports that it cannot reach corporate network when SSL VPN is connected.

731912 FortiClient does not register any interface's IP addresses to the DNS server, when IPsec VPN tunnel is up.

734866

Tunnel with per-machine autoconnect before OS start configured keeps trying to connect after failing to connect to VPN.

735105

Per-machine autoconnect certificate dropdown list also lists certificates in current user store before logging in to Windows.

736353 Multigateway failover does not go back to check previous gateways when failing over to see if they are up.

737798

FortiClient (Windows) does not try to connect with the second gateway if it cannot access the first one.

737964

When connecting to VPN before logging on to Windows, the certificate dropdown list shows multiple ZTNA certificates.

740410 FortiClient (Windows) applies client certificate to unmatched mapping of SSL VPN.
740679 Always-on VPN requires credentials when switching networks.
740725 SSL VPN on OS start does not reestablish following network issues.
742279 FortiClient to FortiGate SSL VPN is stuck during connection with SAML.
742833 Per-machine VPN before logon does not connect after upgrade.

743009

With Azure AD, FortiClient cannot connect SSL VPN using SAML and status is stuck at 98%.

743925 Host check warning prompt cannot display all predefined warning messages.
744020 SSL VPN and Web Filter problems.
744945 VPN before logon cannot connect before Windows logon, causing the Group Policy Object to be unable to commit before logon.
749735 FortiClient (Windows) cannot connect VPN to company network using T-Mobile IPv6 network.
751430 Split tunnel, split DNS, and remote DNS server resolution do not work.
751669 Application-based split tunnel breaks exclusive routing on SSL VPN.
752346 IP address assigned to the SSL VPN NIC in remote user PC and split tunnel routes is not installed.
753531 Windows client connected to VPN does not use targeted DNS servers acquired via DHCP on FortiClient (Windows) VA.

754820

Enabling host check for only the firewall does not work properly.

755510

SSL VPN dual stack does not work if using certificate in local machine.

Vulnerability Scan

Bug ID

Description

741459 Vulnerability Scan detects Python as critical/high vulnerability after removal.

Web Filter and plugin

Bug ID Description

657715

FortiProxy fails to start.

734400

Proxy service fails to process HTTPS connections.

740802 Web Filter displays unknown category for many entries in blocklist.
743738 FortiClient should avoid sending delimiter characters inside events.
748250 FortiClient does not detect that Web Filter plugin is stalled and blocks navigation.

Logs

Bug ID

Description

704611 FortiClient does not send logs to FortiAnalyzer.
720388 FortiClient fails to provide log for secure Remote Access compliance enforcement.

746181

FortiClient does not generate logs when VPN is blocked due to compliance tag.