Resolved issues
The following issues have been fixed in version 7.4.5. For inquiries about a particular bug, contact Customer Service & Support.
Deployment and installers
|
Bug ID |
Description |
|---|---|
| 1212810 | FortiClient does not upgrade after installer has been pushed to the endpoint. |
Malware Protection
|
Bug ID |
Description |
|---|---|
| 1199087 | A crash may occur in the antivirus RTP service. The antiransomware service may fail to observe the scan inclusion list. |
Onboarding
|
Bug ID |
Description |
|---|---|
| 1196704 |
During a FortiClient EMS switch, the ZTNA certificate from the old EMS is not removed after switching to the new FortiClient EMS server. |
Privilege Access Management
|
Bug ID |
Description |
|---|---|
| 1127812 |
Warning or error messages appear behind a shadow and do not allow continuing. |
|
1192930 |
Cannot connect to VPN when FortiClientPAMSetup_7.4.3.1790_x64 is installed side by side with Ivanti. |
|
1195403 |
Video freezes when being recorded and played on FortiPAM or from backup file. |
Remote Access
|
Bug ID |
Description |
|---|---|
| 1194067 |
VPN connection status is not updated after tunnel for OS_Start_To_Connect is up. |
Remote Access - IPsec VPN
|
Bug ID |
Description |
|---|---|
|
1237189 |
VPN configuration installations may fail if the DNS priority setting is changed from FortiClient EMS. |
|
1168356 |
Communication issues after upgrade. |
|
1191792 |
Last Disconnect Reason shows Crash for a DPD error. |
|
1195916 |
"Crashed" error when FortiClient tries to establish an IKEv2 IPsec tunnel using transport mode AUTO. |
| 1091700 | High volume of LDAP traffic when endpoint connects to tunnel. |
|
1180286 |
ECDSA certificate-based IKEv2 tunnel fails to establish. |
|
1186077 |
Certificate error when connecting to IPsec IKEv2 tunnel if "set peertype peer" is set on FortiGate. |
|
1186588 |
Network lockdown captive portal detection is failing when using an invalid certificate. |
|
1187353 |
Cannot auto-connect to the IPsec VPN using Entra ID logon session information. |
|
1190617 |
Extending two-factor-email-expiry, remote-auth-timeout and negotiate-timeout do not work for IKEv2 local user。 |
|
1194172 |
FortiClient does not disconnect IPsec tunnel gracefully before machine reboot. |
|
1195748 |
Network lockdown is enforced when the VPN is connected. |
|
1199155 |
Save username option from EMS does not work properly when trying to connect to IKEv2 tunnel. |
|
1199352 |
Missing DH-Group 28 for IPSEC phase 1 and phase 2 settings. |
|
1205084 |
IPsec VPN tunnel that requires client certificate fails to connect after upgrade to 7.4.4. |
|
1210330 |
Intermittent connection issue to IPSec VPN with error: Last Disconnect Reason: VpnParameterConfigError. |
|
1212116 |
No traffic passes over VPN tunnel when using SHA512. |
|
1213765 |
IPsec VPN tunnel with SHA-512 (IKEv2) is established successfully but no data transmission from FortiClient to FortiGate through the tunnel. |
|
1215480 |
FortiVNAError when establishing IPsec VPN tunnel after fresh installation of FortiClient. |
|
1215952 |
The DPD configuration does not work as expected. |
| 1217208 | Unclear IPsec error messages. |
Remote Access - SSL VPN
|
Bug ID |
Description |
|---|---|
| 1184072 |
SSL VPN host check fails when both GUID and version (e.g., 4.18.23110.3) are specified. |
| 1192332 |
SSL VPN tunnels are not listed in FortiTray if the IPsec section is disabled in the EMS remote access profile containing only SSL VPN tunnels. |
| 1194015 |
Security alert for untrusted server certificate when the SSL VPN tunnel tries to autoconnect. |
|
1198658 |
SAML-based SSL VPN tunnel does not work when multiple gateways are configured for VPN resilience. |
| 1199635 |
Enforce Acceptance of Disclaimer Message does not work for SSL VPN tunnels. |
|
1199759 |
Unable to establish SSL VPN. |
|
1208884 |
SSL VPN does not work with LoginTC (Radius Server) and 2FA. |
Vulnerability Scan
|
Bug ID |
Description |
|---|---|
| 1140857 |
False positives in vulnerability scan results on Windows 11 23H2. |
Web Filter and plugin
|
Bug ID |
Description |
|---|---|
| 1255625 | FortiClient (Windows) 7.4.5 fails to recognize the newly issued April 16, 2026 Digicert CA used by FortiGuard Anycast servers, which results in failed communication for the following updates:
See CSB-260303-1 for more information. |
| 1193198 |
Website loading is slow with the Web Filter Browser Extension. |
| 1198223 |
Incorrect destination port for URLs in FortiClient Web Filter logs. |
| 1199364 |
FortiClient Web Filter Extension fails to block |
ZTNA
|
Bug ID |
Description |
|---|---|
|
1008632 |
When visiting SaaS application web pages using ZTNA, web pages can stall or return an ERR_CERT_COMMON_NAME_INVALID error. |
ZTNA TCP/UDP Forwarding
|
Bug ID |
Description |
|---|---|
| 1045428 |
ZTNA destination rules work only with full FQDN and not hostname. |
| 1177255 |
Wildcard ZTNA destinations do not exclude the EMS FQDN and/or allow to specify exceptions from the wildcard domain. |
Security Posture Tags
|
Bug ID |
Description |
|---|---|
|
1170327 |
FortiGate sometimes cannot resolve IP for client in security posture tag after the user disconnects and connects VPN immediately. |
| 1175158 |
FortiClient cannot receive a tag from a combination rules randomly. |
|
1205691 |
The |
Zero Trust Telemetry (On Boarding)
|
Bug ID |
Description |
|---|---|
| 1078953 |
SaaS and SaaS group ZTNA applications with UDP protocol fail to work. |
| 1183973 |
After de-registeration from cloud EMS, FortiClient auto-registers back to cloud EMS on reboot. |
|
1187361 |
Autoconnect is triggered even when the endpoint is on fabric. |
Other
|
Bug ID |
Description |
|---|---|
| 1119669 | FortiClient frequently loses user identity information. |
Vulnerabilities and Exposures
FortiClient (Windows) 7.4.5 is no longer vulnerable to the following CVE references. Visit https://fortiguard.com/psirt for more information.
| Bug ID | Description |
|---|---|
| 1198148 |
CVE-2025-6965 |
|
1193312 |