Fortinet white logo
Fortinet white logo

Existing known issues

Existing known issues

The following issues have been identified in a previous version of FortiClient (macOS) and remain in FortiClient (macOS) 7.2.6.

Application Firewall

Bug ID

Description

834839

Web Filter does not block traffic when proxy mode and Application Firewall are disabled.

943703

Application firewall block/allow/monitor based on individual applications does not work as expected.

948718

Block count for Application Firewall is not accurate.

957984 Application Firewall reports violations for network service protocols when it is set to monitor in EMS.

Avatar and social login information

Bug ID

Description

777013

Avatar, whether changed or existing, does not show on FortiAnalyzer.

857857

Avatar page goes blank if user logs in with LinkedIn account.

954273

After FortiClient upgrades through script, avatar page does not load properly and shows a blank page.

Deployment and installers

Bug ID

Description

882705 EMS deployment fails if endpoint reboots during deployment package installation process.
935387 Installer downloaded from EMS is not deleted when EMS is changed.

967007

FortiClient (macOS) installed through mobile device management displays certificate trust prompt.

975804 FortiClientUninstaller is damaged error occurs during FortiClient (macOS) deployment.

Endpoint control

Bug ID

Description

958511 FortiClient (macOS) does not support Microsoft Entra ID (formerly known as Azure Active Directory) verification when joining EMS.
967008 Revoking client certificate from EMS also revokes the EMS CA certificate, which causes unnecessary keychain prompt.

1029889

ffconfig leaves behind zombie processes.

1035687

Configuring Action for EMS invalid certificates as Warn, then Deny does not work as expected.

Endpoint management

Bug ID

Description

891264 EMS creates duplicate records for domain-joined Ubuntu endpoints.

Endpoint policy and profile

Bug ID

Description

906951 GUI does not reflect profile changes unless user manually restarts the FortiClient (macOS) console.

FSSOMA

Bug ID

Description

956538

FortiClient (macOS) does not support multiple FortiAuthenticator server addresses.

GUI

Bug ID

Description

786779

About page version infomation is cut off when displaying with copyright information.

857148

GUI shows duplicate FortiClient consoles.

954876

Backup Comments option does not work.

967169

GUI is stuck on blank screen.

968068 FortiClient responds slowly and shows blank page when opening GUI.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.

828781 FortiClient (macOS) behaves inconsistently when uninstalling it through commands in terminal and the FortiClientUninstaller GUI tool.

929219

FortiClient is upgradable from full to free version.

951945

Uninstaller shows Install Now prompt instead of Remove now.

955448

Manual upgrade from 7.2.0 removes manually added VPN tunnels.

976951

FortiClient allows downgrade from full to free VPN-only client, which results in disordered GUI.

975336

macOS deployment fails if installer name has space.

License

Bug ID

Description

889767 License expiration shows unwanted +0000 at end of warning message.

Logs

Bug ID

Description

711763

FortiClient does not point to usfgd1.fortigate.com for EMS web profile setting:Location-US | Server-Fortiguard (Legacy).

872875 Disabling Client-Based Logging When On-Fabric in EMS does not work for macOS endpoints.
951917 The device MAC address field for FortiClient (macOS)-related events under FortiAnalyzer shows 00:00:00:00:00:00 instead of device MAC address.
1002118 fctlogupload causes CPU to spike to 100%.

Malware Protection and Sandbox

Bug ID

Description

551282 Sandbox exception for trusted sources does not work and FortiClient (macOS) uploads files sourced from Apple Inc.
719920 FortiClient cannot submit files downloaded from Thunderbird to FortiClient Cloud Sandbox (PaaS).
829415 When next generation antivirus is enabled, FortiClient (macOS) shows real time protection (RTP) as disabled.

855555

Enabling real-time protection and setting <block_removable_media> to 1 causes FortiClient (macOS) to fail to block a USB device.

921370 User cannot stop manually triggered AV scan in FortiClient.
949187 Cloud Sandbox fails to work and treats EICAR file as clean.

Quarantine management

Bug ID

Description

868798 Custom quarantine message does not work.

Remote Access

Bug ID

Description

720236 FortiClient (macOS) does not support DH groups 19-21.

800529

GUI has issue with Settings > VPN Options > Do not Warn Invalid Server Certificate.

866971

System Preferences for FortiClient (macOS) network extension is under different name compared to 7.0.7.

894027 FortiClient on macOS Ventura system proxy with proxy autoconfiguration file does not work with IPsec VPN, but works with SSL VPN.
898971 SSL VPN with SAML drops with Login error. Remote denied the request. error.
921191 After VPN is up, FortiClient (macOS) fails to access internal websites.
944870 FortiClient on macOS Ventura breaks DNS when connected to VPN after short period of time.
948566 Enabling local LAN option does not work as expected.
975879 IPsec VPN phase 2 setting NO PFS should not configure/show the DH groups for phase 2.
976220 FortiClient (macOS) does not warn user before starting to connect if user provided empty username and/or password.
976852 IPsec VPN redundancy based on ping speed or TCP RTT sorting method does not work.
977725 FortiClient split tunnel has limitation.
978147 DHCP option 12 - hostname needed in the scenario of SSL VPN with external DHCP servers.
978270 DNS fails to apply to IPsec VPN tunnel interface after disabling mode_config in IPsec VPN IKEv1 and setting manual mode.
978321 FortiToken input prompt GUI shows Password instead of FortiToken Code for IPsec VPN IKEv2 tunnel.
978792 GUI is stuck in VPN connecting page when VPN is connected.
985277 Split tunnel VPN macOS client does not connect to local LAN.
987299 Multifactor authentication prompt does not show for external RADIUS users with token authentication enabled.
1026704 Autoconnect does not continuously attempt to reconnect.

Remote Access - IPsec VPN

Bug ID

Description

952987 FortiClient (macOS) does not clear IPsec VPN tunnel saved password if connection fails due to wrong credentials.
954632 IPsec VPN fails to update password in keychain store when trying to renew expired AD password with autoconnect enabled.

Remote Access - SSL VPN

Bug ID

Description

772247 SAML authentication times out with SSL VPN.

854265

SSL VPN connects after sleep.

870585 When using Okta for SAML VPN authentication, saving password and autoconnect fail to work.

866711

SSL VPN with SAML and FIDO2 authentication does not work with built-in browser.

Software Inventory

Bug ID

Description

860954

Sending software inventory list or updates to EMS does not happen in real time.

Third-party compatibility

Bug ID

Description

961542

Conflict occurs between FortiClient and Microsoft Defender due to the system processes used in overlapping real-time protection features.

Workaround: enable passive mode on Microsoft Defender.

Vulnerability Scan

Bug ID

Description

771833 FortiClient tags endpoint as vulnerable when EMS administrator has enabled Exclude Application Vulnerabilities Requiring Manual Update from Vulnerability.

Web Filter and plugin

Bug ID

Description

873803 In-browser message does not show after switching device user without system reboot.
878055 Web access does not work.
898303 Web Filter does not work when administrator pushes extensions through Jamf in mobile device management platform.
918616 Video meetings have lag.
955529 Teams and other applications that use video crash and fail to work.
971067 FortiClient with Web Filter enabled does not allow login to Netflix account.
998541 Web Filter on Only when Endpoint is Off-Fabric does not work properly.
1019409 Web Filter HTTP mode does not work properly.
1022664 When FortiClient (macOS) blocks all Web Filter categories, exclusions do not work properly.
1026797 Web Filter Proceed button does not work properly.

Real-time protection

Bug ID

Description

855570 RTP scans files regardless of the maximum file size setting for scanning files.
949258 GUI shows no events under Realtime Protection events.
951380 RTP creates folder when Word and Excel files are saved on network shared drive (NAS).

Zero Trust tags

Bug ID

Description

794385 FortiClient (macOS) detects third party antivirus tag.

ZTNA connection rules

Bug ID

Description

853281 FortiClient (macOS) does not show the inline CASB database signatures on the About page.
864821 ZTNA does not have proper logging for SaaS portals.

905880

ZTNA certificate prompt displays when deploying FortiClient with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.

938962

FortiClient keeps prompting ztagent wants to sign using key Imported Private Key when selecting Always trust.

961800

When ZTNA is enabled, pfctl rules affect DNS traffic.

994025 ZTNA fails to work when no port number is specified on the destination rule.
1032986 ZTNA destination-based SMB drive access fails to load for the first time when authentication is enabled.

1094278

ZTNA fails to process when destination rule is configured with port range.

1099562 ZTNA wildcard FQDN fails to work.

Existing known issues

Existing known issues

The following issues have been identified in a previous version of FortiClient (macOS) and remain in FortiClient (macOS) 7.2.6.

Application Firewall

Bug ID

Description

834839

Web Filter does not block traffic when proxy mode and Application Firewall are disabled.

943703

Application firewall block/allow/monitor based on individual applications does not work as expected.

948718

Block count for Application Firewall is not accurate.

957984 Application Firewall reports violations for network service protocols when it is set to monitor in EMS.

Avatar and social login information

Bug ID

Description

777013

Avatar, whether changed or existing, does not show on FortiAnalyzer.

857857

Avatar page goes blank if user logs in with LinkedIn account.

954273

After FortiClient upgrades through script, avatar page does not load properly and shows a blank page.

Deployment and installers

Bug ID

Description

882705 EMS deployment fails if endpoint reboots during deployment package installation process.
935387 Installer downloaded from EMS is not deleted when EMS is changed.

967007

FortiClient (macOS) installed through mobile device management displays certificate trust prompt.

975804 FortiClientUninstaller is damaged error occurs during FortiClient (macOS) deployment.

Endpoint control

Bug ID

Description

958511 FortiClient (macOS) does not support Microsoft Entra ID (formerly known as Azure Active Directory) verification when joining EMS.
967008 Revoking client certificate from EMS also revokes the EMS CA certificate, which causes unnecessary keychain prompt.

1029889

ffconfig leaves behind zombie processes.

1035687

Configuring Action for EMS invalid certificates as Warn, then Deny does not work as expected.

Endpoint management

Bug ID

Description

891264 EMS creates duplicate records for domain-joined Ubuntu endpoints.

Endpoint policy and profile

Bug ID

Description

906951 GUI does not reflect profile changes unless user manually restarts the FortiClient (macOS) console.

FSSOMA

Bug ID

Description

956538

FortiClient (macOS) does not support multiple FortiAuthenticator server addresses.

GUI

Bug ID

Description

786779

About page version infomation is cut off when displaying with copyright information.

857148

GUI shows duplicate FortiClient consoles.

954876

Backup Comments option does not work.

967169

GUI is stuck on blank screen.

968068 FortiClient responds slowly and shows blank page when opening GUI.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.

828781 FortiClient (macOS) behaves inconsistently when uninstalling it through commands in terminal and the FortiClientUninstaller GUI tool.

929219

FortiClient is upgradable from full to free version.

951945

Uninstaller shows Install Now prompt instead of Remove now.

955448

Manual upgrade from 7.2.0 removes manually added VPN tunnels.

976951

FortiClient allows downgrade from full to free VPN-only client, which results in disordered GUI.

975336

macOS deployment fails if installer name has space.

License

Bug ID

Description

889767 License expiration shows unwanted +0000 at end of warning message.

Logs

Bug ID

Description

711763

FortiClient does not point to usfgd1.fortigate.com for EMS web profile setting:Location-US | Server-Fortiguard (Legacy).

872875 Disabling Client-Based Logging When On-Fabric in EMS does not work for macOS endpoints.
951917 The device MAC address field for FortiClient (macOS)-related events under FortiAnalyzer shows 00:00:00:00:00:00 instead of device MAC address.
1002118 fctlogupload causes CPU to spike to 100%.

Malware Protection and Sandbox

Bug ID

Description

551282 Sandbox exception for trusted sources does not work and FortiClient (macOS) uploads files sourced from Apple Inc.
719920 FortiClient cannot submit files downloaded from Thunderbird to FortiClient Cloud Sandbox (PaaS).
829415 When next generation antivirus is enabled, FortiClient (macOS) shows real time protection (RTP) as disabled.

855555

Enabling real-time protection and setting <block_removable_media> to 1 causes FortiClient (macOS) to fail to block a USB device.

921370 User cannot stop manually triggered AV scan in FortiClient.
949187 Cloud Sandbox fails to work and treats EICAR file as clean.

Quarantine management

Bug ID

Description

868798 Custom quarantine message does not work.

Remote Access

Bug ID

Description

720236 FortiClient (macOS) does not support DH groups 19-21.

800529

GUI has issue with Settings > VPN Options > Do not Warn Invalid Server Certificate.

866971

System Preferences for FortiClient (macOS) network extension is under different name compared to 7.0.7.

894027 FortiClient on macOS Ventura system proxy with proxy autoconfiguration file does not work with IPsec VPN, but works with SSL VPN.
898971 SSL VPN with SAML drops with Login error. Remote denied the request. error.
921191 After VPN is up, FortiClient (macOS) fails to access internal websites.
944870 FortiClient on macOS Ventura breaks DNS when connected to VPN after short period of time.
948566 Enabling local LAN option does not work as expected.
975879 IPsec VPN phase 2 setting NO PFS should not configure/show the DH groups for phase 2.
976220 FortiClient (macOS) does not warn user before starting to connect if user provided empty username and/or password.
976852 IPsec VPN redundancy based on ping speed or TCP RTT sorting method does not work.
977725 FortiClient split tunnel has limitation.
978147 DHCP option 12 - hostname needed in the scenario of SSL VPN with external DHCP servers.
978270 DNS fails to apply to IPsec VPN tunnel interface after disabling mode_config in IPsec VPN IKEv1 and setting manual mode.
978321 FortiToken input prompt GUI shows Password instead of FortiToken Code for IPsec VPN IKEv2 tunnel.
978792 GUI is stuck in VPN connecting page when VPN is connected.
985277 Split tunnel VPN macOS client does not connect to local LAN.
987299 Multifactor authentication prompt does not show for external RADIUS users with token authentication enabled.
1026704 Autoconnect does not continuously attempt to reconnect.

Remote Access - IPsec VPN

Bug ID

Description

952987 FortiClient (macOS) does not clear IPsec VPN tunnel saved password if connection fails due to wrong credentials.
954632 IPsec VPN fails to update password in keychain store when trying to renew expired AD password with autoconnect enabled.

Remote Access - SSL VPN

Bug ID

Description

772247 SAML authentication times out with SSL VPN.

854265

SSL VPN connects after sleep.

870585 When using Okta for SAML VPN authentication, saving password and autoconnect fail to work.

866711

SSL VPN with SAML and FIDO2 authentication does not work with built-in browser.

Software Inventory

Bug ID

Description

860954

Sending software inventory list or updates to EMS does not happen in real time.

Third-party compatibility

Bug ID

Description

961542

Conflict occurs between FortiClient and Microsoft Defender due to the system processes used in overlapping real-time protection features.

Workaround: enable passive mode on Microsoft Defender.

Vulnerability Scan

Bug ID

Description

771833 FortiClient tags endpoint as vulnerable when EMS administrator has enabled Exclude Application Vulnerabilities Requiring Manual Update from Vulnerability.

Web Filter and plugin

Bug ID

Description

873803 In-browser message does not show after switching device user without system reboot.
878055 Web access does not work.
898303 Web Filter does not work when administrator pushes extensions through Jamf in mobile device management platform.
918616 Video meetings have lag.
955529 Teams and other applications that use video crash and fail to work.
971067 FortiClient with Web Filter enabled does not allow login to Netflix account.
998541 Web Filter on Only when Endpoint is Off-Fabric does not work properly.
1019409 Web Filter HTTP mode does not work properly.
1022664 When FortiClient (macOS) blocks all Web Filter categories, exclusions do not work properly.
1026797 Web Filter Proceed button does not work properly.

Real-time protection

Bug ID

Description

855570 RTP scans files regardless of the maximum file size setting for scanning files.
949258 GUI shows no events under Realtime Protection events.
951380 RTP creates folder when Word and Excel files are saved on network shared drive (NAS).

Zero Trust tags

Bug ID

Description

794385 FortiClient (macOS) detects third party antivirus tag.

ZTNA connection rules

Bug ID

Description

853281 FortiClient (macOS) does not show the inline CASB database signatures on the About page.
864821 ZTNA does not have proper logging for SaaS portals.

905880

ZTNA certificate prompt displays when deploying FortiClient with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.

938962

FortiClient keeps prompting ztagent wants to sign using key Imported Private Key when selecting Always trust.

961800

When ZTNA is enabled, pfctl rules affect DNS traffic.

994025 ZTNA fails to work when no port number is specified on the destination rule.
1032986 ZTNA destination-based SMB drive access fails to load for the first time when authentication is enabled.

1094278

ZTNA fails to process when destination rule is configured with port range.

1099562 ZTNA wildcard FQDN fails to work.