Resolved issues
The following issues have been fixed in version 7.2.2. For inquiries about a particular bug, contact Customer Service & Support.
ZTNA connection rules
Web Filter and plugin
Bug ID |
Description |
---|---|
867483 | Web Filter does not give warning message. |
915287 | Extension does not properly apply safe mode HTTP header restrictions. |
919419 |
Web Filter with FortiGuard Anycast spamming blocks (Unknown) alerts in Notifications. |
GUI
Bug ID |
Description |
---|---|
913777 |
Action for cookies should be moved from Advanced > VPN to Settings. |
926401 | GUI error log should be in info log Failed to load REG_SSLVPN_SERVICE_PORT . |
943787 |
Message keeps popping up on endpoint after user acknowledges it. |
Endpoint control
Application Firewall
Bug ID |
Description |
---|---|
853451 | FortiClient blocks PIA VPN. |
853808 |
Excluding IPS signatures from Application Firewall (Detect and Block Exploits) is not possible. |
876265 | Zip Files become corrupt with Application Firewall enabled. |
897207 | Application Firewall blocks Microsoft 365 Defender device isolation . |
FSSOMA
Bug ID |
Description |
---|---|
841316 | Some FortiClient single-sign on mobility agent (FSSOMA) versions do not present client certificate to FortiAuthenticator. |
862021 | Local account can access Internet if FSSOMA is logged in and user locks the screen. |
888721 | SSOMA does not report the domain/user information to FortiAuthenticator in hybrid Azure Active Directory (AD) setup. |
893985 | FSSOMA creates issue with tenant ID on FortiAuthenticator in standard AD setup. |
Configuration
Bug ID |
Description |
---|---|
864571 |
Configuration backup file contains wrong default port of 65535. |
897927 | FortiClient causes reboot on domain controllers . |
Install and upgrade
Bug ID |
Description |
---|---|
896152 | FortiClient shows Update failed - Error occurred! popup after reboot. |
905132 | Failed to upgrade FSSO 7.2.0 to 7.2.1 with installer that FortiClientSSOConfigurationTool created. |
907340 | Telemetry connection requires reboot after install. |
915493 | Reboot popup does not display. |
926815 | Host_verification_xml is
missing after upgrading FortiClient 7.2.0 to 7.2.1. |
Logs
Bug ID |
Description |
---|---|
923245 | FortiClient logs do not include time zone . |
935428 |
Frequent log floods other logs in FortiTray and makes debugging difficult. |
945992 |
Diagnostic result is missing FortiClient (Windows) local log. |
Zero Trust tags
Bug ID |
Description |
---|---|
928574 | Logged in Domain tags do not work for Azure AD domains. |
931490 |
ZTNA tag is not removed after vulnerability is resolved. |
932828 |
Registry key ZTNA tag does not work when comparing DWORD type data. |
911533 |
AD group ZTNA tag does not calculate on EMS and FortiClient. |
919595 |
ZTNA tag rule does not work for Bitlocker disk encryption. |
Vulnerability Scan
Bug ID |
Description |
---|---|
908266 | FortiClient fails to detect vulnerabilities due to FCM skipping certain VIDs when scanning. |
920439 | Vulnerability scan reports excluded applications. |
944404 | Upgrade OpenSSL to 3.1.2: third party component upgrade required for security reasons. |
Remote Access
Bug ID |
Description |
---|---|
702764 | IPsec VPN connection fails with error: Certificate Was Not Loaded. |
800934 | DH group settings are not read-only for tunnel that EMS pushed. |
801747 | New XML tag
<block_outside_dns> should be configured per-tunnel. |
811458 | Connecting to SSL VPN fails after installing Windows update KB5013942. |
824165 | SSL VPN reconnection does not work when using turn-based FortiClient connection vs. PPP method. |
838231 | Some users fail when using SAML authentication with SSL VPN. |
851093 | IPv6 DNS requests do not work. |
855836 | Remote VPN is visible when on-fabric when it should be hidden. |
858696 | FortiClient (Windows) cannot connect to SSL VPN with SAML via Satellite ISP. |
886928 | VPN before logon displays FortiClient credentials prompt if using user@domain.local format for username. |
893958 | FortiClient (Windows) does not support autoconnect in this session (CREDENTIALPROVIDER). |
904923 | SSL VPN with external DHCP servers requires DHCP option 12 hostname. |
905354 | Split tunnel with SSL VPN does not work. |
906617 | SSL VPN with certificate and token does not work as expected when connecting from tray icon in Windows 10 x64. |
907361 | IPsec VPN IKE v1 and v2 blocking IPv6 does not work. |
907518 | FortiClient can connect to VPN without proper remote secure access tag. |
909699 | Autoconnect only when off-net fails to connect if remote gateway network is down then up. |
912255 | SSL VPN stays connected even though there is no network connection to the VPN gateway when DTLS is enabled. |
914414 | When VPN before logon is configured, FortiClient does not initiate SSL VPN when Use Windows Credentials is enabled. |
918669 | Single user mode VPN disconnects if user locks then unlocks Windows. |
920805 | With multifactor authentication enabled, SSL VPN may fail to work. |
920870 | GUI does not support encryption as NCSC support defines. |
923869 | FortiClient retries multiple times to connect to VPN with Azure AD autologin when user belongs to more than 100 groups. |
925710 | For split tunnel exclusions, local routes are added with incorrect next hop on multihomed devices. |
926174 | DNS has delays on SSL VPN with Same as client system DNS error and DNS server is unreachable over VPN. |
926774 | Azure SAML VPN fails to autoconnect after machine wakes from hibernation. |
927083, 937347 | SAML login window does not come up when clicking SAML Login button. |
927825 | Host check for firewall does not work with FortiOS 7.0.12. |
929177 | IPsec VPN IKE v2 with preshared key or certificate-based with EAP enabled fails to connect. |
931326 | Invalid server address or port number. error occurs during upgrade. |
931680 | VPN before logon on Windows 11 build 7129 does not work as expected. |
938746 | Secure remote access with SAML tries to connect when it should be blocked. |
943208 | FortiClient (Windows) continuously autoconnects after manual disconnection. |
945056 |
FortiClient (Windows) does not save Azure SAML authentication cookies in local storage and is missing SAML_VPN_COOKIES key. |
947956 | FortisslVPNdaemon.exe indexes the FortiClient installed location on port 8053. |
950199 | FortiClient (Windows) sends no DTLS encrypted alert to FortiGate when disconnecting SSL VPN DTLS tunnel. |
950815 | SSL VPN SAML login fails to work when using Okta for initial authentication. |
951164 | FortiClient (Windows) does not save SAML login credentials when Save Password is enabled. |
953853 | SSL VPN SAML login shows black login page if FortiClient (Windows) cannot reach IdP. |
Malware Protection and Sandbox
Zero Trust telemetry
Bug ID |
Description |
---|---|
911495 | FortiClient fails to autoregister to FortiClient Cloud due to Telemetry key mismatch. |
922757 |
ZTNA registry tag rule crashes FortiNSNAC and causes FortiClient to fail to sync EMS profile and deregister. |
953263 |
FortiESNAC process has memory leak. |
953521 |
Feature shows as hidden when EMS does not configure it being hidden. |
Deployment and installers
Bug ID |
Description |
---|---|
942984 | EMS shows wrong scheduled time under endpoint details page for endpoint user-scheduled FortiClient (Windows) deployment. |
Endpoint management
Bug ID |
Description |
---|---|
904348 | FortiClient (Windows) and EMS detect encrption status as not enabled when only one hard disk has encryption (Bitlocker) enabled. |
PAM
Bug ID |
Description |
---|---|
864571 | Backup configuration contains wrong default port of 65535. |
868822 | PAM does not support some video parameters such as resolution, color, and so on. |
905506 | Recording shows black screen for SQL Server Management Services. |
908671 | PAM doe snot include private HTTP header (x-complete: true) to signal the file is finished uploading. |
909164 | PAM does not support live streaming. |
912655 | FortiPAM secret launchers do not launch correctly when accessing FortiPAM via external DNAT. |
914874 | FortiClient PAM component does not report that video monitoring has stopped. |
917230 | If some CLI launch (mysql shell) closes quickly, PAM GUI keep loading for 15 seconds , then response error displays. |
918352 | Client executable integrity check. |
918486 | No video-Finish received in FortiPAM. |
930761 | "Unchecked runtime.lastError: The message port closed before a response was received." error displays with PAM agent. |
931648 | FortiClient PAM is not disabled in the MSI MST when it is disabled in the installer package. |
939187 | PAM session recorded video from extension has incorrect length because information is missing in mpd file. |
946105 | PAM does not include FortiClient version, OS type, and build number. |
FortiSASE
Bug ID |
Description |
---|---|
930967 | FortiClient (Windows) cannot establish FortiSASE VPN with Azure SAML AD user and Windows Defender blocks FortiClientConsole.exe. |
Other
Common Vulnerabilities and Exposures
Bug ID |
Description |
---|---|
957936 |
FortiClient for Windows no longer is vulnerable to exposing sensitive information in the agent log. |