Fortinet black logo

(Windows) Release Notes

Home FortiClient 7.2.2 (Windows) Release Notes
7.2.2
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0

Known issues

Known issues

The following issues have been identified in FortiClient (Windows) 7.2.2. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Administration

Bug ID

Description
867818 fortishield.sys and fortimon3.sys are incompatible with HVCI.

Application Firewall

Bug ID Description

814391

FortiClient Cloud application signatures block allowlisted applications.

827788

Threat ID is 0 on Firewall Events.
842534 After upgrade, Application Firewall blocks internal webpage.
844997 FortiClient loses several packets on different internal resources after connecting telemetry.
848280 Application-based split tunnel does not work.

860062

Application Firewall slows down opening of Microsoft Active Directory (AD) Users and Computers application.
869671 FortiClient (Windows) bypasses Application Firewall block after matching detection rule.
879985 Application Firewall fails to block Web.Client category HTTPS traffic.
884911 FortiClient detects IntelliJ IDEA Community Edition 2021.2.2 as Java.Debug.Wire.Protocol.Insecure.Configuration.
890001 Application Firewall blocks Tanium application under antiexploit.
891789 Application Firewall blocks CREO management tool software.
902866 Application Firewall does not block Google Drive.
907089 Application Firewall blocks MS.Windows.HTTP.Protocol.Stack.CVE-2022-21907.Code.Execution.
936039 WhatsApp_Web_File.Download and WhatsApp_Web_File.Upload App signatures do not work in FortiClient Firewall.
940481 Antivirus (AV) and Application Firewall cause network problems.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Deployment and installers

Bug ID

Description
953124 FortiClient Orchestrator notification does not appear when upgrade is scheduled.

Endpoint control

Bug ID Description

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
820483 EMS device control does not block camera device.

821024

FortiClient fails to send username to EMS, causing EMS to report it as different users.

833717

EMS shows endpoints as offline, while they show their own status as online.

834162

LDAP query for AD group check does not execute.
841764 EMS does not show third-party features in endpoint information.
855851 EMS remembered list shows FQDN duplicates.
868230 "Connection expiring due to FortiClient Connect license exceeded" error occurs.

880167

FortiClient cannot register with EMS due to selecting wrong interface to connect to EMS.
914495 Pinging a public IP address does not work for on-Fabric detection rules.
926631 Windstream hits a condition where duplicate users show in EMS and FortiClient (Windows) intermittently does not send user updates.

Endpoint management

Bug ID Description
916566 FortiClient reports USB as blocked but user can access the storage files.

GUI

Bug ID Description

795350

Multiple FortiTray icons display in Windows system tray.

872634

FortiClient shows blank page when user opens FortiClient console.

874560

GUI becomes blank after receiving EMS-pushed profile.

888185

FortiClient does not minimize after successful VPN connection.
902595 SAML prompt flashes on autoconnect.
949939 JavaScript error occurs in main process.
954711 FortiClient allows entering user personal information when EMS has disabled manually entering user details.

955209

GUI has issues after disconnecting from VPN.

955724

GUI takes around 28 seconds to display when connecting from FortiTray.

Endpoint policy and profile

Bug ID

Description
889517 EMS fails to assign the correct endpoint policy and shows FortiClient as out-of-sync despite the client syncing.
915678 FortiClient does not send acknowledged event to EMS if it disconnects and reconnects to EMS immediately after the user acknowledges the one-way message.

Install and upgrade

Bug ID

Description

769639

FortiDeviceGuard is not installed on Windows Server 2022.

783690

Reboot prompt does not display after user login.

870370

Upgrading FortiClient from FortiClient Cloud uses expired invitation code to register.

914498

After deploying FortiClient upgrade through IBM BigFix, on some endpoints, FortiClient does not start or connect to EMS telemetry .

953492

FortiClient cannot be installed on Windows 10 version 20H2 and 22H2.

955268

User can uninstall FortiClient when it is registered to EMS.

955824

Free VPN-only FortiClient (Windows) does not include FSSOMA registry value if user upgraded free VPN-only FortiClient (Windows) from 7.0, which does not have SSOMA.

Malware Protection and Sandbox

Bug ID

Description

828862

FortiClient does not allow virtual CD-ROM device.

831560

GUI shows ransomware quarantined files after restoration via EMS.
844988 FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
857041 Windows 10 security center popup shows FortiClient and Windows Defender are off.
863802 FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
871078 Antiexploit protection blocks Adobe plugin in Chrome.
872970 Bubble notifications do not appear when inserting USB drive in endpoint machine.
874312 Sandbox quarantines files with read-only access permission.

874315

Sandbox scan reports read-only file as quarantined.

874578

Real-time protection does not delete quarantined files after cullage time.

876465

FortiClient does not detect virus in network drive.

876925

Antiexploit protection blocks Microsoft signing application in Chrome.
901065 Logitech driver breaks after installing FortiClient with Malware Protection feature enabled in installer.
915300 FortiClient (Windows) detects file configured as exception as malware.

916958

FortiClient cannot detect a virus-infected file.

919007

On-demand scan for mapped drives is not possible.
919499 Windows Security Center shows that FortiClient (Windows) is inactive when FortiClient (Windows) is running and up-to-date.
935610 Windows context menu popup takes long time to display when AV exclusions are added.
936105 USB media blocks all devices.
940272 AV and Sandbox profiles do not allow copying files to a share folder.
943466 FortiClient deletes suspicious file even though the configurated action in the profile is to quarantine the file.
946390 RTP blocks Word and Excel file access from network shared drive (NAS).
950411 Sandbox exclusions do not work.
950896 FortiClient installed on server blocks PowerShell scripts and causes performance issues.
952073 Windows notification about virus protection is out-of-date and red icon on WSC.
956963 FortiClient Spoolsv is blocked when Windows Antimalware Scan is enabled.

Zero Trust tags

Bug ID Description

819120

Zero trust tag rule for AD group does not work when registering FortiClient to EMS with onboarding user.
956947 Zero Trust tags disappear from FortiClient (Windows) avatar if a different user logs in to Windows machine.

Software Inventory

Bug ID

Description
737970 Software Inventory on EMS does not properly reflect software changes (adding/deleting) on Windows endpoints.
844392 Software Inventory shows last installation time in future.

Zero Trust Telemetry

Bug ID

Description
917708 FortiClient cannot connect to EMS if installed on same machine.

945911

FortiClient is stuck at syncing state after enabling registry tagging rule.

952565

FortiClient does not show error after reconnecting with deleted invitation code.

Remote Access

Bug ID

Description

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

773920 Endpoint switches network connection after IPsec VPN connection, causing VPN to disconnect.

775633

Priority based IPSec resiliency tunnel, auto failover to second remote gateway doesn't work
783412 Browser traffic goes directly to ZTNA site when SSL VPN is connected.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.
815528 If <allow_local_lan=0>, per-application split tunnel is enabled, exclude mode is enabled, and a full tunnel is up, FortiClient (Windows) does not block local RDP/HTTPS traffic.
816826 SAML VPN connection has "ErrorCode=-6005" issue when it reaches 31%.

835042

After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.
837861 Always up fails to keep SSL VPN connection up when endpoint is left idle overnight.

838030

Citrix application shows blank pages on SSL VPN tunnel.
841144 Users disconnect from VPN after screen locks on endpoint.
841970 GUI gets stuck while connecting SAML SSL VPN with Azure AD and Duo (multifactor authentication).
843122 Daily error (-6005) occurs with SAML SSL VPN.
850494 VPN fails to connect at 98% to hotspot/Wi-Fi when dual stack is enabled.
851600 FortiClient fails to connect to SSL VPN with FQDN resolving to multiple IP addresses when it cannot reach resolved IP address.
854237 FortiClient fails to connect at 98% when connecting to hot spot/Wi-Fi when dual stack is enabled on gateway device.
858806 IKE/IPsec VPN sends the same token code multiple times within a second.
859061 Azure autologin des not work.
861231 VPN configured with <on_os_start> does not start on Windows Server.
863138 TapiSrv does not run.
869362 FortiClient (Windows) has issues reconnecting to SSL VPN without reauthentication.
869477 If a self-test fails, FortiClient (Windows) does not enter FIPS error mode and shut down completely.
869577 FortiClient only adds FQDN route every second or third disconnect/reconnect.
869862 FortiSSLVPNclient.exe does not correctly use predefined VPN profiles for corporate or personal VPNs.
870087 Windows feature DeadGatewayDetection bypasses default route via VPN.
871346 FortiClient (Windows) cannot remember username and password for tunnel with SAML login with built-in browser, FortiAuthenticator, and Save Password and autoconnect selected.
871374 VPN tunnel with SAML login does not warn user when opening multiple connections with Limit Users to One SSL-VPN Connection at a Time enabled.
872315 IPsec VPN resiliency based on ping response does not work.
872339 Per-user autoconnect does not work after restarting FortiClient.

873490

SSL VPN failover does not show the correct error message when user provides wrong credentials.
874208 FortiClient (Windows) cannot dial up SSL VPN tunnel with ECDSA certificate.
874298 Always up does not work for SAML SSL VPN tunnel with single FQDN resolved to multiple IP addresses.
874310 Using closest gateway based on ping speed and TCP round trip does not work for SSL VPN resilience if using different ports for the remote gateways.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
874759 SSL VPN has DNS issues if AWS Route53 is configured for name resolution.
875631 Dialup IPsec VPN does not allow multiple valid server certificates for client use simultaneously.
875999 FortiClient does not show GUI prompt to enter PIN for SSL VPN certificate stored on USB PKI/SmartCard device.
876429 FortiClient (Windows) ignores redundant_sort_method=0 configuration option for IPsec VPN IKEv2 tunnel using multiple VPN gateways.
876643 Connecting to an IKEv2 tunnel with EAP disabled from FortiTray with certificate only does not work.

877640

If FortiClient is registered to EMS, IPsec VPN tunnel fails to connect when it is configured to connect on OS start.

878070

After device wakes from sleep, FortiClient intermittently grays out SAML button.

878652

VPN secure remote access notification prompt displays multiple times with cutoff text.
882408 FortiClient (Windows) fails to renew password when user changes password in Windows login screen.
884926 Okta SAML token popup displays in low resolution.
885285 SSL VPN network profile is public instead of domain.
887631 Using closest gateway based on TCP round trip for IPsec VPN resilience does not work if ping is disabled for first gateway.

890000

FortiClient 7.2.0 configured with on-os-start-connect is slow compared to 7.0.7.
891202 Autoconnect only when off-fabric does not work properly with user account and multifactor authentication (MFA) (FortiToken) for XAuth.
892314 On-connect script does not execute .
893237 FortiClient (Windows) does not provide opportunity to reinput password during autoconnect after identity provider password change.
893677 Autoconnect and always-up do not work when two gateways are configured for SAML SSL VPN with Redundancy Sort Method.
896213 GUI is stuck in VPN connecting status.
896400 VPN autoconnects when endpoint is woken from hibernation.
898873 SSL VPN tries to reconnect after screen is unlocked even when VPN tunnel is up and updated ZTNA tags are not synced to FortiGate.
901247 FortiClient does not exclude Five9 application from VPN.
903159 FortiClient does not save SSL VPN credentials for tunnel with dual stack and Save Password enabled.
904871 IPsec VPN connection takes long time to connect and shows Connect button when connection is in progress.

905651

FortiSASE VPN always up has issues when shifting endpoints from one public network to another.
909145 Secure remote access tunnel default host tag message for prohibited connection is empty.

909244

SSL VPN split DNS name resolution stops working.
909573 With MFA and autoconnect enabled, user account password becomes empty after logging in to Windows.
909755 SSL VPN split tunnel does not work for Microsoft Teams.
910533 When a tunnel has two gateways, SAML login is configured, and FortiClient (Windows) can reach the first FortiGate, built-in browser for XAuth failover to second FortiGate does not work.

912110

A network error prevented updates from being downloaded. pops up when FortiClient (Windows) establishes SSL VPN.
912703 Deregistered FortiClient (Windows) can connect with tunnel that has ZTNA tag assigned.
912980

IPsec VPN fails to connect if vpn-ems-sn-check is enabled and FortiClient is registered to custom site.

Workaround: Always establish Fortinet Security Fabric between FortiGate and EMS default site before you attempt IPsec VPN connection if vpn-ems-sn-check is enabled and FortiClient is registered to custom site.
913217 Cancel button fails to work with IPsec VPN connection.
914018 SSL VPN SAML login fails to work if using YubiKey for MFA.
914987 Windows 10 cannot connect when AES and strong crypto is used in FortiGate.
916240 User from India cannot connect to SSL VPN using SAML authentication while same user can connect from the U.S.
916581 Static DNS entry is registered when on-fabric.
918322 FortiShield blocks FortiClient (Windows) application due to registry issue.

920383

FortiClient always enables Turn off smart multi-homed name resolution on Windows after successful connection.
922941 Connecting to SSL VPN with FQDN resolved to both IPv4 and IPv6 as remote gateway gets stuck at 98%.
929442 ZTNA TCP forwarding with remote LDAP authentication does not work for SMB.
933603 SSL VPN connection drops intermittently.
933991 FortiClient does not trust SSL VPN gateway that is signed by Internal Intermediate Cert even though the PC trusts it.
938977 SSL VPN throughput degrades with DTLS enabled.
941259 When enabling Register this connection's addresses in DNS on the adapter, after a restart, the option is disabled.
942104 SSL VPN with multifactor authentication set for user with FortiToken Mobile process stops at 98% and FortiClient (Windows) does not establish connection.
942668 Split DNS on SSL VPN only resolves the first DNS server.
944266 SAML login always up does not work.
945874 When disconnecting from VPN, FortiClient (Windows) does not restore Register this connection's IP to DNS configuration.
945888 VPN before logon does not prompt for one-time password (OTP) token request if using FortiToken Mobile with FortiAuthenticator for OTP.
947381 When prefer_sslvpn_dns=0 and SSL VPN is up, FortiClient adds dns-suffix to all network interfaces.
948611 With customize host check fail warning off and ZTNA tags assigned, FortiClient (Windows) show warning box with empty message when trying to establish VPN.
949977 FortiClient disclaimer does not work for IPsec VPN.
950787 Domain filter cannot block access to specific server FQDN.
952808 FIPS-CC SSL VPN FortiClient (Windows) use MD5 to generate share key to encrypt login post data.
953160 SAML token reuse does not work for SSL VPN if Disable Connect/Disconnect option is enabled in EMS Remote Access profile.
953693 Special characters in password incorrectly change VPN Connect button to SAML Login.
954004 DTLS tunnel cannot establish when handshake packet has a large MTU.
954352 DNS servers do not display on the virtual adapter with IPsec VPN. CLI shows the IP address.
955248 SSL VPN does not work with local machine certificate-based tunnel when initiated from FortiTray.
955674 FortiClient (Windows) showing IPsec VPN connection down GUI notification while autoconnecting.
955887 SAML login VPN tunnel does not showing Save Password if using external browser for authentication.
956202 FortiClient (Windows) reaches a state where it cannot connect after updating a VPN tunnel without a certificate to have a certificate.
956729 Web Filter blocks FortiClient itself imitated URL when trying to connect to SSL VPN with SAML login.
956967 FortiSandbox exclusions path with wildcard does not work for cache files/folders such as Chrome.
957175 With external browser for SSL VPN SAML login authentication, FortiClient (Windows) cannot save user password when logging off, logging in, or rebooting.

Vulnerability Scan

Bug ID

Description

795393

Vulnerability events are not removed from EMS after successful patch.
849485 FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
869253 FortiClient (Windows) detects vulnerability when the required KB is installed.

947921

Vulnerability scan shows false positive for Adobe Acrobat 2020 v 20.005.30514.10514.

955762

FortiClient does not detect known vulnerable software.

Logs

Bug ID

Description

716803

When logged in to Windows as domain user, avatar does not show properly on FortiAnalyzer 7.0.
811746 FortiClient sends duplicated and old logs to FortiAnalyzer.
849043 SSL VPN add/close action does not show on FortiGate Endpoint Event section.

874835

FortiClient (Windows) repeatedly logs security event logging - IPsec VPN "Disconnect" to FortiAnalyzer.

876810

FortiClient does not indicate VPN user in logs when connection succeeds.

948156

Excessive logging causes high I/O.

948887

FortiClient does not send Windows log of Exchange Server logon failure (Event ID 4625).

Web Filter and plugin

Bug ID Description
519066 User cannot print to WSD network printer when FortiProxy is enabled.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
836906 After FortiClient install, extended uptime results in audio cracking.
871325 Web Filter breaks DW Spectrum.
875298 Exclusion list does not work properly with regular expressions.
876273 Restricted mode has issue in Edge when moving from off- to on-fabric.
884420 Web Filter extension does not categorize sites properly.
890433 Firefox extension is stuck on older version.
903426

User cannot access internal application with Web Filter enabled.

Workaround: Add a simple rule to allow HTTP/HTTPS server IP addresses.
904840 When a user is performing a device recovery in iTunes, error 3500 occurs.
909060 User cannot update information on internal portal with Web Filter active.
911410 Safe Search restriction level does not apply properly if it is enabled for both Web and Video Filters.
932019 Bypass Private IP does not work on Edge and Chrome.
939986 Web Filter blocks LUXTRUST middleware.
943046 FortiClient web access is blocked after EMS server firmware is rolled back from 7.0.9 to 7.0.8.
943103 Web Filter prevents Slack from launching.
951738 FortiClient (Windows) throws JavaScript error when clicking Launch FortiClient in SSL VPN web portal.

951749

Web Filter incognito mode spams notification.

952715

FortiClient (Windows) blocks access to internal website after receiving EMS profile.

Avatar and social network login

Bug ID

Description

878050

FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

License

Bug ID

Description

874676

EMS tags endpoint with existing ZTNA host tags for vulnerabilities and AV after license is updated from Endpoint Protection Platform to Remote Access.

ZTNA connection rules

Bug ID

Description

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

831943

ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.

836246

Going from off-Fabric to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.

839589

ZTNA TCP forwarding not working for GoAnywhere application.
857909 FortiClient (Windows) does not support enabling encryption for ZTNA TCP forwarding rules acquired from ZTNA service portal.
857999 FortiClient does not support use of external browser for SAML authentication for ZTNA rules acquired through service portal.
872153 Old certificate is not deleted when FortiClient is uninstalled or upgraded.
874290 PowerShell with .NET framework 5, 6, or 7 does not work with TCP ZTNA.
885014 ZTNA fails to resolve FQDN destination hosts with certain domains.
913267 FortiClient (Windows) fails to export ZTNA web portal settings.
918045 FortiClient (Windows) requests ZTNA certificate when switching between user accounts.
919134 ZTNA works if <disallow_invalid_server_certificate> is enabled and server certificate is invalid.
919832 ZTNA stops working after days with the error message No ZTNA client certificate was provided.
926403 Ports list does not work in ZTNA TCP forwarding rule for scenario with EMS rule or scenario with portal, wildcard, and ports list.

943921

ZTNA is disabled but device keeps prompting for ZTNA certificate when accessing internal website.
949507 FortiClient (Windows) has ZTNA multiple client certificates in certificate store.

949701

FortiClient (Windows) has duplicate ZTNA Destinations when using EMS 7.2.1.

949999

SAML authentication does not work with Azure AD certificate-based authentication.

954946

ZTNA TCP forwarding does not show the untrusted certificate prompt warning with SAML authentication.

955377

FortiClient (Windows) blocks ZTNA because device is offline.

955437

With multiple browsers installed and external browser used for SAML authentication, choosing browser option does not show up if user does not choose any.

FSSOMA

Bug ID

Description
900953 SSOMA does not send SSO sessions information to FortiAuthenticator.

909844

FSSO sessions drop earlier than expected.
935090 SSOMA stops sending SSO session information to FortiAuthenticator while service is running on host.

Onboarding

Bug ID

Description

811976

FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.

819989

FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

872136

User verification period option does not work as configured.

Other

Bug ID

Description
834389 FortiClient has incompatibility with Fuji Nexim software.
897741 Virus cleaner does not scan PC.
901972, 943567 NETIO.SYS causes BSOD.
919017 FortiClient changes the checksum hash of the installer for Baramundi Management Agent.
942082 FortiClient causes Windows 10 BSOD ntoskrnl.exe when Cisco AnyConnect VPN is connected.

952737

FortiTray has high CPU usage.

955861

FortiClient (Windows) fails to send complete video to PAM if launching Windows-native application when maximum duration is reached.
Previous
Next

Known issues

The following issues have been identified in FortiClient (Windows) 7.2.2. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Administration

Bug ID

Description
867818 fortishield.sys and fortimon3.sys are incompatible with HVCI.

Application Firewall

Bug ID Description

814391

FortiClient Cloud application signatures block allowlisted applications.

827788

Threat ID is 0 on Firewall Events.
842534 After upgrade, Application Firewall blocks internal webpage.
844997 FortiClient loses several packets on different internal resources after connecting telemetry.
848280 Application-based split tunnel does not work.

860062

Application Firewall slows down opening of Microsoft Active Directory (AD) Users and Computers application.
869671 FortiClient (Windows) bypasses Application Firewall block after matching detection rule.
879985 Application Firewall fails to block Web.Client category HTTPS traffic.
884911 FortiClient detects IntelliJ IDEA Community Edition 2021.2.2 as Java.Debug.Wire.Protocol.Insecure.Configuration.
890001 Application Firewall blocks Tanium application under antiexploit.
891789 Application Firewall blocks CREO management tool software.
902866 Application Firewall does not block Google Drive.
907089 Application Firewall blocks MS.Windows.HTTP.Protocol.Stack.CVE-2022-21907.Code.Execution.
936039 WhatsApp_Web_File.Download and WhatsApp_Web_File.Upload App signatures do not work in FortiClient Firewall.
940481 Antivirus (AV) and Application Firewall cause network problems.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Deployment and installers

Bug ID

Description
953124 FortiClient Orchestrator notification does not appear when upgrade is scheduled.

Endpoint control

Bug ID Description

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
820483 EMS device control does not block camera device.

821024

FortiClient fails to send username to EMS, causing EMS to report it as different users.

833717

EMS shows endpoints as offline, while they show their own status as online.

834162

LDAP query for AD group check does not execute.
841764 EMS does not show third-party features in endpoint information.
855851 EMS remembered list shows FQDN duplicates.
868230 "Connection expiring due to FortiClient Connect license exceeded" error occurs.

880167

FortiClient cannot register with EMS due to selecting wrong interface to connect to EMS.
914495 Pinging a public IP address does not work for on-Fabric detection rules.
926631 Windstream hits a condition where duplicate users show in EMS and FortiClient (Windows) intermittently does not send user updates.

Endpoint management

Bug ID Description
916566 FortiClient reports USB as blocked but user can access the storage files.

GUI

Bug ID Description

795350

Multiple FortiTray icons display in Windows system tray.

872634

FortiClient shows blank page when user opens FortiClient console.

874560

GUI becomes blank after receiving EMS-pushed profile.

888185

FortiClient does not minimize after successful VPN connection.
902595 SAML prompt flashes on autoconnect.
949939 JavaScript error occurs in main process.
954711 FortiClient allows entering user personal information when EMS has disabled manually entering user details.

955209

GUI has issues after disconnecting from VPN.

955724

GUI takes around 28 seconds to display when connecting from FortiTray.

Endpoint policy and profile

Bug ID

Description
889517 EMS fails to assign the correct endpoint policy and shows FortiClient as out-of-sync despite the client syncing.
915678 FortiClient does not send acknowledged event to EMS if it disconnects and reconnects to EMS immediately after the user acknowledges the one-way message.

Install and upgrade

Bug ID

Description

769639

FortiDeviceGuard is not installed on Windows Server 2022.

783690

Reboot prompt does not display after user login.

870370

Upgrading FortiClient from FortiClient Cloud uses expired invitation code to register.

914498

After deploying FortiClient upgrade through IBM BigFix, on some endpoints, FortiClient does not start or connect to EMS telemetry .

953492

FortiClient cannot be installed on Windows 10 version 20H2 and 22H2.

955268

User can uninstall FortiClient when it is registered to EMS.

955824

Free VPN-only FortiClient (Windows) does not include FSSOMA registry value if user upgraded free VPN-only FortiClient (Windows) from 7.0, which does not have SSOMA.

Malware Protection and Sandbox

Bug ID

Description

828862

FortiClient does not allow virtual CD-ROM device.

831560

GUI shows ransomware quarantined files after restoration via EMS.
844988 FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
857041 Windows 10 security center popup shows FortiClient and Windows Defender are off.
863802 FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
871078 Antiexploit protection blocks Adobe plugin in Chrome.
872970 Bubble notifications do not appear when inserting USB drive in endpoint machine.
874312 Sandbox quarantines files with read-only access permission.

874315

Sandbox scan reports read-only file as quarantined.

874578

Real-time protection does not delete quarantined files after cullage time.

876465

FortiClient does not detect virus in network drive.

876925

Antiexploit protection blocks Microsoft signing application in Chrome.
901065 Logitech driver breaks after installing FortiClient with Malware Protection feature enabled in installer.
915300 FortiClient (Windows) detects file configured as exception as malware.

916958

FortiClient cannot detect a virus-infected file.

919007

On-demand scan for mapped drives is not possible.
919499 Windows Security Center shows that FortiClient (Windows) is inactive when FortiClient (Windows) is running and up-to-date.
935610 Windows context menu popup takes long time to display when AV exclusions are added.
936105 USB media blocks all devices.
940272 AV and Sandbox profiles do not allow copying files to a share folder.
943466 FortiClient deletes suspicious file even though the configurated action in the profile is to quarantine the file.
946390 RTP blocks Word and Excel file access from network shared drive (NAS).
950411 Sandbox exclusions do not work.
950896 FortiClient installed on server blocks PowerShell scripts and causes performance issues.
952073 Windows notification about virus protection is out-of-date and red icon on WSC.
956963 FortiClient Spoolsv is blocked when Windows Antimalware Scan is enabled.

Zero Trust tags

Bug ID Description

819120

Zero trust tag rule for AD group does not work when registering FortiClient to EMS with onboarding user.
956947 Zero Trust tags disappear from FortiClient (Windows) avatar if a different user logs in to Windows machine.

Software Inventory

Bug ID

Description
737970 Software Inventory on EMS does not properly reflect software changes (adding/deleting) on Windows endpoints.
844392 Software Inventory shows last installation time in future.

Zero Trust Telemetry

Bug ID

Description
917708 FortiClient cannot connect to EMS if installed on same machine.

945911

FortiClient is stuck at syncing state after enabling registry tagging rule.

952565

FortiClient does not show error after reconnecting with deleted invitation code.

Remote Access

Bug ID

Description

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

773920 Endpoint switches network connection after IPsec VPN connection, causing VPN to disconnect.

775633

Priority based IPSec resiliency tunnel, auto failover to second remote gateway doesn't work
783412 Browser traffic goes directly to ZTNA site when SSL VPN is connected.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.
815528 If <allow_local_lan=0>, per-application split tunnel is enabled, exclude mode is enabled, and a full tunnel is up, FortiClient (Windows) does not block local RDP/HTTPS traffic.
816826 SAML VPN connection has "ErrorCode=-6005" issue when it reaches 31%.

835042

After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.
837861 Always up fails to keep SSL VPN connection up when endpoint is left idle overnight.

838030

Citrix application shows blank pages on SSL VPN tunnel.
841144 Users disconnect from VPN after screen locks on endpoint.
841970 GUI gets stuck while connecting SAML SSL VPN with Azure AD and Duo (multifactor authentication).
843122 Daily error (-6005) occurs with SAML SSL VPN.
850494 VPN fails to connect at 98% to hotspot/Wi-Fi when dual stack is enabled.
851600 FortiClient fails to connect to SSL VPN with FQDN resolving to multiple IP addresses when it cannot reach resolved IP address.
854237 FortiClient fails to connect at 98% when connecting to hot spot/Wi-Fi when dual stack is enabled on gateway device.
858806 IKE/IPsec VPN sends the same token code multiple times within a second.
859061 Azure autologin des not work.
861231 VPN configured with <on_os_start> does not start on Windows Server.
863138 TapiSrv does not run.
869362 FortiClient (Windows) has issues reconnecting to SSL VPN without reauthentication.
869477 If a self-test fails, FortiClient (Windows) does not enter FIPS error mode and shut down completely.
869577 FortiClient only adds FQDN route every second or third disconnect/reconnect.
869862 FortiSSLVPNclient.exe does not correctly use predefined VPN profiles for corporate or personal VPNs.
870087 Windows feature DeadGatewayDetection bypasses default route via VPN.
871346 FortiClient (Windows) cannot remember username and password for tunnel with SAML login with built-in browser, FortiAuthenticator, and Save Password and autoconnect selected.
871374 VPN tunnel with SAML login does not warn user when opening multiple connections with Limit Users to One SSL-VPN Connection at a Time enabled.
872315 IPsec VPN resiliency based on ping response does not work.
872339 Per-user autoconnect does not work after restarting FortiClient.

873490

SSL VPN failover does not show the correct error message when user provides wrong credentials.
874208 FortiClient (Windows) cannot dial up SSL VPN tunnel with ECDSA certificate.
874298 Always up does not work for SAML SSL VPN tunnel with single FQDN resolved to multiple IP addresses.
874310 Using closest gateway based on ping speed and TCP round trip does not work for SSL VPN resilience if using different ports for the remote gateways.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
874759 SSL VPN has DNS issues if AWS Route53 is configured for name resolution.
875631 Dialup IPsec VPN does not allow multiple valid server certificates for client use simultaneously.
875999 FortiClient does not show GUI prompt to enter PIN for SSL VPN certificate stored on USB PKI/SmartCard device.
876429 FortiClient (Windows) ignores redundant_sort_method=0 configuration option for IPsec VPN IKEv2 tunnel using multiple VPN gateways.
876643 Connecting to an IKEv2 tunnel with EAP disabled from FortiTray with certificate only does not work.

877640

If FortiClient is registered to EMS, IPsec VPN tunnel fails to connect when it is configured to connect on OS start.

878070

After device wakes from sleep, FortiClient intermittently grays out SAML button.

878652

VPN secure remote access notification prompt displays multiple times with cutoff text.
882408 FortiClient (Windows) fails to renew password when user changes password in Windows login screen.
884926 Okta SAML token popup displays in low resolution.
885285 SSL VPN network profile is public instead of domain.
887631 Using closest gateway based on TCP round trip for IPsec VPN resilience does not work if ping is disabled for first gateway.

890000

FortiClient 7.2.0 configured with on-os-start-connect is slow compared to 7.0.7.
891202 Autoconnect only when off-fabric does not work properly with user account and multifactor authentication (MFA) (FortiToken) for XAuth.
892314 On-connect script does not execute .
893237 FortiClient (Windows) does not provide opportunity to reinput password during autoconnect after identity provider password change.
893677 Autoconnect and always-up do not work when two gateways are configured for SAML SSL VPN with Redundancy Sort Method.
896213 GUI is stuck in VPN connecting status.
896400 VPN autoconnects when endpoint is woken from hibernation.
898873 SSL VPN tries to reconnect after screen is unlocked even when VPN tunnel is up and updated ZTNA tags are not synced to FortiGate.
901247 FortiClient does not exclude Five9 application from VPN.
903159 FortiClient does not save SSL VPN credentials for tunnel with dual stack and Save Password enabled.
904871 IPsec VPN connection takes long time to connect and shows Connect button when connection is in progress.

905651

FortiSASE VPN always up has issues when shifting endpoints from one public network to another.
909145 Secure remote access tunnel default host tag message for prohibited connection is empty.

909244

SSL VPN split DNS name resolution stops working.
909573 With MFA and autoconnect enabled, user account password becomes empty after logging in to Windows.
909755 SSL VPN split tunnel does not work for Microsoft Teams.
910533 When a tunnel has two gateways, SAML login is configured, and FortiClient (Windows) can reach the first FortiGate, built-in browser for XAuth failover to second FortiGate does not work.

912110

A network error prevented updates from being downloaded. pops up when FortiClient (Windows) establishes SSL VPN.
912703 Deregistered FortiClient (Windows) can connect with tunnel that has ZTNA tag assigned.
912980

IPsec VPN fails to connect if vpn-ems-sn-check is enabled and FortiClient is registered to custom site.

Workaround: Always establish Fortinet Security Fabric between FortiGate and EMS default site before you attempt IPsec VPN connection if vpn-ems-sn-check is enabled and FortiClient is registered to custom site.
913217 Cancel button fails to work with IPsec VPN connection.
914018 SSL VPN SAML login fails to work if using YubiKey for MFA.
914987 Windows 10 cannot connect when AES and strong crypto is used in FortiGate.
916240 User from India cannot connect to SSL VPN using SAML authentication while same user can connect from the U.S.
916581 Static DNS entry is registered when on-fabric.
918322 FortiShield blocks FortiClient (Windows) application due to registry issue.

920383

FortiClient always enables Turn off smart multi-homed name resolution on Windows after successful connection.
922941 Connecting to SSL VPN with FQDN resolved to both IPv4 and IPv6 as remote gateway gets stuck at 98%.
929442 ZTNA TCP forwarding with remote LDAP authentication does not work for SMB.
933603 SSL VPN connection drops intermittently.
933991 FortiClient does not trust SSL VPN gateway that is signed by Internal Intermediate Cert even though the PC trusts it.
938977 SSL VPN throughput degrades with DTLS enabled.
941259 When enabling Register this connection's addresses in DNS on the adapter, after a restart, the option is disabled.
942104 SSL VPN with multifactor authentication set for user with FortiToken Mobile process stops at 98% and FortiClient (Windows) does not establish connection.
942668 Split DNS on SSL VPN only resolves the first DNS server.
944266 SAML login always up does not work.
945874 When disconnecting from VPN, FortiClient (Windows) does not restore Register this connection's IP to DNS configuration.
945888 VPN before logon does not prompt for one-time password (OTP) token request if using FortiToken Mobile with FortiAuthenticator for OTP.
947381 When prefer_sslvpn_dns=0 and SSL VPN is up, FortiClient adds dns-suffix to all network interfaces.
948611 With customize host check fail warning off and ZTNA tags assigned, FortiClient (Windows) show warning box with empty message when trying to establish VPN.
949977 FortiClient disclaimer does not work for IPsec VPN.
950787 Domain filter cannot block access to specific server FQDN.
952808 FIPS-CC SSL VPN FortiClient (Windows) use MD5 to generate share key to encrypt login post data.
953160 SAML token reuse does not work for SSL VPN if Disable Connect/Disconnect option is enabled in EMS Remote Access profile.
953693 Special characters in password incorrectly change VPN Connect button to SAML Login.
954004 DTLS tunnel cannot establish when handshake packet has a large MTU.
954352 DNS servers do not display on the virtual adapter with IPsec VPN. CLI shows the IP address.
955248 SSL VPN does not work with local machine certificate-based tunnel when initiated from FortiTray.
955674 FortiClient (Windows) showing IPsec VPN connection down GUI notification while autoconnecting.
955887 SAML login VPN tunnel does not showing Save Password if using external browser for authentication.
956202 FortiClient (Windows) reaches a state where it cannot connect after updating a VPN tunnel without a certificate to have a certificate.
956729 Web Filter blocks FortiClient itself imitated URL when trying to connect to SSL VPN with SAML login.
956967 FortiSandbox exclusions path with wildcard does not work for cache files/folders such as Chrome.
957175 With external browser for SSL VPN SAML login authentication, FortiClient (Windows) cannot save user password when logging off, logging in, or rebooting.

Vulnerability Scan

Bug ID

Description

795393

Vulnerability events are not removed from EMS after successful patch.
849485 FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
869253 FortiClient (Windows) detects vulnerability when the required KB is installed.

947921

Vulnerability scan shows false positive for Adobe Acrobat 2020 v 20.005.30514.10514.

955762

FortiClient does not detect known vulnerable software.

Logs

Bug ID

Description

716803

When logged in to Windows as domain user, avatar does not show properly on FortiAnalyzer 7.0.
811746 FortiClient sends duplicated and old logs to FortiAnalyzer.
849043 SSL VPN add/close action does not show on FortiGate Endpoint Event section.

874835

FortiClient (Windows) repeatedly logs security event logging - IPsec VPN "Disconnect" to FortiAnalyzer.

876810

FortiClient does not indicate VPN user in logs when connection succeeds.

948156

Excessive logging causes high I/O.

948887

FortiClient does not send Windows log of Exchange Server logon failure (Event ID 4625).

Web Filter and plugin

Bug ID Description
519066 User cannot print to WSD network printer when FortiProxy is enabled.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
836906 After FortiClient install, extended uptime results in audio cracking.
871325 Web Filter breaks DW Spectrum.
875298 Exclusion list does not work properly with regular expressions.
876273 Restricted mode has issue in Edge when moving from off- to on-fabric.
884420 Web Filter extension does not categorize sites properly.
890433 Firefox extension is stuck on older version.
903426

User cannot access internal application with Web Filter enabled.

Workaround: Add a simple rule to allow HTTP/HTTPS server IP addresses.
904840 When a user is performing a device recovery in iTunes, error 3500 occurs.
909060 User cannot update information on internal portal with Web Filter active.
911410 Safe Search restriction level does not apply properly if it is enabled for both Web and Video Filters.
932019 Bypass Private IP does not work on Edge and Chrome.
939986 Web Filter blocks LUXTRUST middleware.
943046 FortiClient web access is blocked after EMS server firmware is rolled back from 7.0.9 to 7.0.8.
943103 Web Filter prevents Slack from launching.
951738 FortiClient (Windows) throws JavaScript error when clicking Launch FortiClient in SSL VPN web portal.

951749

Web Filter incognito mode spams notification.

952715

FortiClient (Windows) blocks access to internal website after receiving EMS profile.

Avatar and social network login

Bug ID

Description

878050

FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

License

Bug ID

Description

874676

EMS tags endpoint with existing ZTNA host tags for vulnerabilities and AV after license is updated from Endpoint Protection Platform to Remote Access.

ZTNA connection rules

Bug ID

Description

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

831943

ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.

836246

Going from off-Fabric to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.

839589

ZTNA TCP forwarding not working for GoAnywhere application.
857909 FortiClient (Windows) does not support enabling encryption for ZTNA TCP forwarding rules acquired from ZTNA service portal.
857999 FortiClient does not support use of external browser for SAML authentication for ZTNA rules acquired through service portal.
872153 Old certificate is not deleted when FortiClient is uninstalled or upgraded.
874290 PowerShell with .NET framework 5, 6, or 7 does not work with TCP ZTNA.
885014 ZTNA fails to resolve FQDN destination hosts with certain domains.
913267 FortiClient (Windows) fails to export ZTNA web portal settings.
918045 FortiClient (Windows) requests ZTNA certificate when switching between user accounts.
919134 ZTNA works if <disallow_invalid_server_certificate> is enabled and server certificate is invalid.
919832 ZTNA stops working after days with the error message No ZTNA client certificate was provided.
926403 Ports list does not work in ZTNA TCP forwarding rule for scenario with EMS rule or scenario with portal, wildcard, and ports list.

943921

ZTNA is disabled but device keeps prompting for ZTNA certificate when accessing internal website.
949507 FortiClient (Windows) has ZTNA multiple client certificates in certificate store.

949701

FortiClient (Windows) has duplicate ZTNA Destinations when using EMS 7.2.1.

949999

SAML authentication does not work with Azure AD certificate-based authentication.

954946

ZTNA TCP forwarding does not show the untrusted certificate prompt warning with SAML authentication.

955377

FortiClient (Windows) blocks ZTNA because device is offline.

955437

With multiple browsers installed and external browser used for SAML authentication, choosing browser option does not show up if user does not choose any.

FSSOMA

Bug ID

Description
900953 SSOMA does not send SSO sessions information to FortiAuthenticator.

909844

FSSO sessions drop earlier than expected.
935090 SSOMA stops sending SSO session information to FortiAuthenticator while service is running on host.

Onboarding

Bug ID

Description

811976

FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.

819989

FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

872136

User verification period option does not work as configured.

Other

Bug ID

Description
834389 FortiClient has incompatibility with Fuji Nexim software.
897741 Virus cleaner does not scan PC.
901972, 943567 NETIO.SYS causes BSOD.
919017 FortiClient changes the checksum hash of the installer for Baramundi Management Agent.
942082 FortiClient causes Windows 10 BSOD ntoskrnl.exe when Cisco AnyConnect VPN is connected.

952737

FortiTray has high CPU usage.

955861

FortiClient (Windows) fails to send complete video to PAM if launching Windows-native application when maximum duration is reached.
Previous
Next