Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.6. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and upgrade

Bug ID

Description

726616 FortiClient may fail to upgrade to 7.0.6 if the upgrade is attempted using a local upgrade (MSI or FortiClientSetup.exe file), due to FortiShield blocking an update.

Workaround: Do one of the following:

  • Use FortiClient EMS to do the deployment.
  • To run a local FortiClient upgrade, do the following:
    1. Shut down FortiClient.
    2. Stop FortiShield.
    3. Perform the local FortiClient upgrade using MSI or the FortiClientSetup.exe file.
749331 Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
820672 ZTNA driver FortiTransCtrl.sys fails to start up on Windows Server 2016.

Application Firewall

Bug ID Description
717628 Application Firewall causes issues with Motorola RMS high availability client.

776007

Application Firewall conflict with Windows firewall causes issues updating domain group policies.

817932

Application Firewall fails to allow application signatures added under Application Overrides as allow.

GUI

Bug ID Description
767998 Free VPN-only client includes Action for invalid EMS certificate in settings.
773355

FortiClient has display issue with umlauts on the Web Filter tab.

Zero Trust tags

Bug ID Description

704234

Zero Trust tagging rule set syntax does not check registry key values.

726835

FortiOS cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.

782394 ZTNA user identity tags do not work.
802261 FortiClient does not trigger tag message for network event changes.

819120

Zero trust tag rule for Active Directory group does not work when registering FortiClient to EMS with onboarding user.

821391

Zero trust tag rule for Active Directory group does not tag user in security group.

Endpoint control

Bug ID Description
738813 FortiESNAC process causes high CPU.

753663

When using off-net profile with antivirus protection enabled, FortiClient (Windows) does not show Malware Protection in navigation bar.

779267

FortiClient does not get updated profile and does not sync with EMS.

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

808880

FortiClient fails to synchronize with EMS on Windows 7 x86 platform for long time.

811951

After EMS license expires, FortiClient (Windows) still shows ZTNA and Application Firewall tabs.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.

816751

Administrator cannot restore a quarantined file through EMS quarantine management if FortiClient (Windows) registered as onboarding user.

817061

Redeploying from another EMS server causes FortiClient (Windows) to not reconnect to EMS automatically.

819552

After upgrading FortiClient with EMS local onboarding user with LDAP, FortiClient (Windows) prompts for registration authentication.

821024

FortiClient fails to send username to EMS, causing EMS to report it as different users.

823386

FortiClient fails to send correct public IP address to EMS if registered to EMS as a SAML onboarding user.

Endpoint management

Bug ID Description
760816 Group assignment rules based on IP addresses do not work when using split tunnel.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

Endpoint policy and profile

Bug ID

Description

774890 FortiClient (Windows) does not receive updated profile after syncing imported Web Filter profile from EMS.

Performance

Bug ID

Description

676424

NETIO.SYS causes blue screen of death on FortiClient endpoints.

749348 Performance issues after upgrade.

778651

Large downloads and speed tests result in high latency, packet loss, and poor performance.

Zero Trust Telemetry

Bug ID

Description

683542 FortiClient (Windows) fails to register to EMS if registration key contains a special character: " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~".

Malware Protection and Sandbox

Bug ID

Description

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

760073 FortiClient (Windows) compatibility with USB.
762125 fortimon3.sys causes blue screen of death during Slack calls.

774010

FortiClient does not block access to removable media.

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

802576

Bluetooth device class access and HID do not work as expected.

Remote Access

Bug ID

Description

649426 IPsec/SSL VPN per-app VPN split tunnel does not work.

727695

FortiClient (Windows) on Windows 10 fails to block SSL VPN when it has a prohibit host tag applied.

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

731127 Configuring SSL VPN tunnel with SAML login displays Empty username is not allowed error.

742279

FortiClient to FortiGate SSL VPN gets stuck during connection with SAML.

743106 IPsec VPN XAuth does not work with ECDSA certificates.
744544 FortiClient (Windows) always saves SAML credentials.

744597

SSL VPN disconnects and returns hostcheck timeout after 15 to 20 minutes of connection.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

755482

Free VPN-only client does not show token box on rekey and GUI open.

758424

Certificate works for IPsec VPN tunnel if put it in current user store but fails to work if in local machine.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

764863 Dialup IPsec VPN over IPv6 drops packets on inbound direction once FortiClient (Windows) establishes tunnel.
767947 SMS verification code/answer code overwrites IPsec VPN saved password.
771090 Save username function on IPsec VPN tunnel does not work.

772108

When no_dns_registration=1,Register This Connection's Address in DNS of NW IP properties is not selected after VPN is up.

773060 When connected to VPN on wireless connection, Surface Pro cannot access SSRS report (software hosted on internal server).

778738

IPsec VPN IPv6 remote gateway is missing.

778822

When Limit Users to One SSL-VPN Connection at a Time is enabled on FortiOS, FortiClient displays error code -8.

782698

IPsec VPN on OS start with SSL VPN failover on Wi-Fi cannot connect.

787123 FortiClient disconnects from IPsec VPN tunnel with SA hard expired error right after connecting.
790021 Multifactor authentication using Okta with email notification does not work.

793893

FortiClient search domains transfer incorrectly to endpoints.

794110

VPN before logon does not work with Okta multifactor authentication and enforcing acceptance of the disclaimer message.

794658

FortiClient does not use second FortiGate to make VPN connection when IPsec VPN resilience with VPN is up and first remote gateway becomes offline.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.

797816

SAML connection with external browser authentication and single sign on port 8020 is busy, with FortiClient returning a JavaScript error.

801599

FortiClient opens multiple browser tabs when connecting to SSL VPN via SAML using external browser.

801674

SAML internal browser authentication prompt does not show up when redirection to external browser is disabled.

802809

Routes are missing when using DHCP over IPsec VPN.

807258

VMware Horizon client does not work with application-based split tunnel.

815528

If allow_local_lan=0 and per-application split tunnel with exclude mode and full tunnel are configured, FortiClient (Windows) should block local RDP/HTTPS traffic.

821994

VPN does not disconnect if user deregisters FortiClient from the FortiSASE GUI.

Vulnerability Scan

Bug ID

Description

741241 FortiClient (Windows) finds vulnerabilities for uninstalled software.

Logs

Bug ID

Description

713287 FortiClient does not generate local logs for ZTNA.

Web Filter and plugin

Bug ID Description

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.

789017

Web Filter is enabled on FortiSASE profile on EMS when Web Filter is already enforced on the FortiGate.

812207

Blocked web client shows dropped connection message instead of URL blocked message.

812879

Web Filter blocks Chocolatey installation.

813034

FortiTray keeps notifying user to install Web Filter plugin even when Chrome has already installed the plugin.

823469

FortiClient console does not show security risk category as configured on EMS under Web Filter profile.

823477

Web Filter fails to block security risk category URLs when antivirus is enabled.

Avatar and social network login

Bug ID

Description

729140 FortiClient (Windows) fails to work when attempting to log in with Google, LinkedIn, or Salesforce.

Multitenancy

Bug ID

Description

780308 EMS automatically migrates endpoints to default site.

ZTNA connection rules

Bug ID

Description

735494

Windows 7 does not support TCP forwarding feature.

773956

FortiClient (Windows) cannot show normal webpage of Internet real server (Dropbox) with ZTNA.

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

823012

ZTNA TCP forwarding fails to work when FortiClient console is closed.

Administration

Bug ID

Description

798055 Javascript error occurs in the main process.

Other

Bug ID

Description

780651 FortiClient (Windows) does not update signatures on expected schedule.
812778 FortiShield fails to prevent user from killing FortiClient running processes.

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.6. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and upgrade

Bug ID

Description

726616 FortiClient may fail to upgrade to 7.0.6 if the upgrade is attempted using a local upgrade (MSI or FortiClientSetup.exe file), due to FortiShield blocking an update.

Workaround: Do one of the following:

  • Use FortiClient EMS to do the deployment.
  • To run a local FortiClient upgrade, do the following:
    1. Shut down FortiClient.
    2. Stop FortiShield.
    3. Perform the local FortiClient upgrade using MSI or the FortiClientSetup.exe file.
749331 Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
820672 ZTNA driver FortiTransCtrl.sys fails to start up on Windows Server 2016.

Application Firewall

Bug ID Description
717628 Application Firewall causes issues with Motorola RMS high availability client.

776007

Application Firewall conflict with Windows firewall causes issues updating domain group policies.

817932

Application Firewall fails to allow application signatures added under Application Overrides as allow.

GUI

Bug ID Description
767998 Free VPN-only client includes Action for invalid EMS certificate in settings.
773355

FortiClient has display issue with umlauts on the Web Filter tab.

Zero Trust tags

Bug ID Description

704234

Zero Trust tagging rule set syntax does not check registry key values.

726835

FortiOS cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.

782394 ZTNA user identity tags do not work.
802261 FortiClient does not trigger tag message for network event changes.

819120

Zero trust tag rule for Active Directory group does not work when registering FortiClient to EMS with onboarding user.

821391

Zero trust tag rule for Active Directory group does not tag user in security group.

Endpoint control

Bug ID Description
738813 FortiESNAC process causes high CPU.

753663

When using off-net profile with antivirus protection enabled, FortiClient (Windows) does not show Malware Protection in navigation bar.

779267

FortiClient does not get updated profile and does not sync with EMS.

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

808880

FortiClient fails to synchronize with EMS on Windows 7 x86 platform for long time.

811951

After EMS license expires, FortiClient (Windows) still shows ZTNA and Application Firewall tabs.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.

816751

Administrator cannot restore a quarantined file through EMS quarantine management if FortiClient (Windows) registered as onboarding user.

817061

Redeploying from another EMS server causes FortiClient (Windows) to not reconnect to EMS automatically.

819552

After upgrading FortiClient with EMS local onboarding user with LDAP, FortiClient (Windows) prompts for registration authentication.

821024

FortiClient fails to send username to EMS, causing EMS to report it as different users.

823386

FortiClient fails to send correct public IP address to EMS if registered to EMS as a SAML onboarding user.

Endpoint management

Bug ID Description
760816 Group assignment rules based on IP addresses do not work when using split tunnel.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

Endpoint policy and profile

Bug ID

Description

774890 FortiClient (Windows) does not receive updated profile after syncing imported Web Filter profile from EMS.

Performance

Bug ID

Description

676424

NETIO.SYS causes blue screen of death on FortiClient endpoints.

749348 Performance issues after upgrade.

778651

Large downloads and speed tests result in high latency, packet loss, and poor performance.

Zero Trust Telemetry

Bug ID

Description

683542 FortiClient (Windows) fails to register to EMS if registration key contains a special character: " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~".

Malware Protection and Sandbox

Bug ID

Description

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

760073 FortiClient (Windows) compatibility with USB.
762125 fortimon3.sys causes blue screen of death during Slack calls.

774010

FortiClient does not block access to removable media.

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

802576

Bluetooth device class access and HID do not work as expected.

Remote Access

Bug ID

Description

649426 IPsec/SSL VPN per-app VPN split tunnel does not work.

727695

FortiClient (Windows) on Windows 10 fails to block SSL VPN when it has a prohibit host tag applied.

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

731127 Configuring SSL VPN tunnel with SAML login displays Empty username is not allowed error.

742279

FortiClient to FortiGate SSL VPN gets stuck during connection with SAML.

743106 IPsec VPN XAuth does not work with ECDSA certificates.
744544 FortiClient (Windows) always saves SAML credentials.

744597

SSL VPN disconnects and returns hostcheck timeout after 15 to 20 minutes of connection.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

755482

Free VPN-only client does not show token box on rekey and GUI open.

758424

Certificate works for IPsec VPN tunnel if put it in current user store but fails to work if in local machine.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

764863 Dialup IPsec VPN over IPv6 drops packets on inbound direction once FortiClient (Windows) establishes tunnel.
767947 SMS verification code/answer code overwrites IPsec VPN saved password.
771090 Save username function on IPsec VPN tunnel does not work.

772108

When no_dns_registration=1,Register This Connection's Address in DNS of NW IP properties is not selected after VPN is up.

773060 When connected to VPN on wireless connection, Surface Pro cannot access SSRS report (software hosted on internal server).

778738

IPsec VPN IPv6 remote gateway is missing.

778822

When Limit Users to One SSL-VPN Connection at a Time is enabled on FortiOS, FortiClient displays error code -8.

782698

IPsec VPN on OS start with SSL VPN failover on Wi-Fi cannot connect.

787123 FortiClient disconnects from IPsec VPN tunnel with SA hard expired error right after connecting.
790021 Multifactor authentication using Okta with email notification does not work.

793893

FortiClient search domains transfer incorrectly to endpoints.

794110

VPN before logon does not work with Okta multifactor authentication and enforcing acceptance of the disclaimer message.

794658

FortiClient does not use second FortiGate to make VPN connection when IPsec VPN resilience with VPN is up and first remote gateway becomes offline.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.

797816

SAML connection with external browser authentication and single sign on port 8020 is busy, with FortiClient returning a JavaScript error.

801599

FortiClient opens multiple browser tabs when connecting to SSL VPN via SAML using external browser.

801674

SAML internal browser authentication prompt does not show up when redirection to external browser is disabled.

802809

Routes are missing when using DHCP over IPsec VPN.

807258

VMware Horizon client does not work with application-based split tunnel.

815528

If allow_local_lan=0 and per-application split tunnel with exclude mode and full tunnel are configured, FortiClient (Windows) should block local RDP/HTTPS traffic.

821994

VPN does not disconnect if user deregisters FortiClient from the FortiSASE GUI.

Vulnerability Scan

Bug ID

Description

741241 FortiClient (Windows) finds vulnerabilities for uninstalled software.

Logs

Bug ID

Description

713287 FortiClient does not generate local logs for ZTNA.

Web Filter and plugin

Bug ID Description

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.

789017

Web Filter is enabled on FortiSASE profile on EMS when Web Filter is already enforced on the FortiGate.

812207

Blocked web client shows dropped connection message instead of URL blocked message.

812879

Web Filter blocks Chocolatey installation.

813034

FortiTray keeps notifying user to install Web Filter plugin even when Chrome has already installed the plugin.

823469

FortiClient console does not show security risk category as configured on EMS under Web Filter profile.

823477

Web Filter fails to block security risk category URLs when antivirus is enabled.

Avatar and social network login

Bug ID

Description

729140 FortiClient (Windows) fails to work when attempting to log in with Google, LinkedIn, or Salesforce.

Multitenancy

Bug ID

Description

780308 EMS automatically migrates endpoints to default site.

ZTNA connection rules

Bug ID

Description

735494

Windows 7 does not support TCP forwarding feature.

773956

FortiClient (Windows) cannot show normal webpage of Internet real server (Dropbox) with ZTNA.

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

823012

ZTNA TCP forwarding fails to work when FortiClient console is closed.

Administration

Bug ID

Description

798055 Javascript error occurs in the main process.

Other

Bug ID

Description

780651 FortiClient (Windows) does not update signatures on expected schedule.
812778 FortiShield fails to prevent user from killing FortiClient running processes.