Limitations
FortiClient desktop (Windows, macOS, Linux)
-
FortiClient blocks IPv6 traffic. Only IPv4 traffic traverses through the FortiSASE tunnel.
-
For an endpoint to be able to connect to FortiSASE via an SSL VPN tunnel, the FortiSASE environment must have at least one SSL VPN allow policy configured. See Adding policies to perform granular firewall actions and inspection.
FortiClient Android
On certain Android devices, when the CA certificate is downloaded from FortiSASE and manually installed on an Android device, untrusted certificate warnings for this certificate are seen constantly. This behavior is the result of Android system limitations on certain devices.
FortiClient Cloud
-
The FortiSASE license includes the FortiClient Cloud instance that licenses and provisions endpoints. You cannot access the FortiClient Cloud instance to configure it. You must use FortiSASE with the included FortiClient Cloud instance. You cannot apply a FortiSASE license to an existing FortiClient Cloud instance.
Authentication
- Other methods of user authentication will not work once SAML SSO is enabled.
- Not all options for LDAP server configuration are available on FortiSASE.
- Deauthenticating a Secure Web Gateway SSO user does not direct user to reauthenticate on device without clearing browser cache first.
FortiSandbox
To connect to a FortiSandbox appliance behind a firewall, you must open ports 514 and 443.