Fortinet black logo

(Windows) Release Notes

Home FortiClient 7.2.3 (Windows) Release Notes
7.2.3
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0

Known issues

Known issues

The following issues have been identified in FortiClient (Windows) 7.2.3. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Administration

Bug ID

Description
867818 fortishield.sys and fortimon3.sys are incompatible with HVCI.

Application Firewall

Bug ID Description

814391

FortiClient Cloud application signatures block allowlisted applications.

827788

Threat ID is 0 on Firewall Events.
842534 After upgrade, Application Firewall blocks internal webpage.
844997 FortiClient loses several packets on different internal resources after connecting telemetry.

860062

Application Firewall slows down opening of Microsoft Active Directory (AD) Users and Computers application.
869671 FortiClient (Windows) bypasses Application Firewall block after matching detection rule.
879985 Application Firewall fails to block Web.Client category HTTPS traffic.
884911 FortiClient detects IntelliJ IDEA Community Edition 2021.2.2 as Java.Debug.Wire.Protocol.Insecure.Configuration.
890001 Application Firewall blocks Tanium application under antiexploit.
891789 Application Firewall blocks CREO management tool software.
902866 Application Firewall does not block Google Drive.
958651 Application Firewall violation list always shows violated programs as the same as applications, which is not as accurate as Windows.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Deployment and installers

Bug ID

Description
783690 Reboot prompt does not display after user login.
870370 Upgrading FortiClient from FortiClient Cloud uses expired invitation code to register.
953124 FortiClient Orchestrator notification does not appear when upgrade is scheduled.

Endpoint control

Bug ID Description

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
820483 EMS device control does not block camera device.

833717

EMS shows endpoints as offline, while they show their own status as online.

834162

LDAP query for AD group check does not execute.
841764 EMS does not show third-party features in endpoint information.
855851 EMS remembered list shows FQDN duplicates.
868230 "Connection expiring due to FortiClient Connect license exceeded" error occurs.

975391

FortiClient 7.2.1 and later versions report a different user to EMS than 7.0.7 did.

979669

User avatar fails to upload to FortiAnalyzer.

Endpoint management

Bug ID Description
916566 FortiClient reports USB as blocked but user can access the storage files.

GUI

Bug ID Description

872634

FortiClient shows blank page when user opens FortiClient console.

874560

GUI becomes blank after receiving EMS-pushed profile.

888185

FortiClient does not minimize after successful VPN connection.
902595 SAML prompt flashes on autoconnect.

955209

GUI has issues after disconnecting from VPN.

Endpoint policy and profile

Bug ID

Description
889517 EMS fails to assign the correct endpoint policy and shows FortiClient as out-of-sync despite the client syncing.
915678 FortiClient does not send acknowledged event to EMS if it disconnects and reconnects to EMS immediately after the user acknowledges the one-way message.

Endpoint security

Bug ID

Description
960595 Some FortiClient (Windows) endpoints cannot reach FortiClient Cloud.
975704 FortiClient does not report most recent completed scan timestamp to EMS and causes last scan time to show incorrectly on EMS dashboard.

Install and upgrade

Bug ID

Description

769639

FortiDeviceGuard is not installed on Windows Server 2022.

955268

User can uninstall FortiClient when it is registered to EMS.
960301 FortiClient fails to install due to orphaned registry key.
982033 Windows application (native launchers) fail to launch after upgrade from previous standalone version.

982747

Firefox extension cannot be uninstalled automatically.

Malware Protection and Sandbox

Bug ID

Description

828862

FortiClient does not allow virtual CD-ROM device.

831560

GUI shows ransomware quarantined files after restoration via EMS.
844988 FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
857041 Windows 10 security center popup shows FortiClient and Windows Defender are off.
863802 FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
871078 Antiexploit protection blocks Adobe plugin in Chrome.
872970 Bubble notifications do not appear when inserting USB drive in endpoint machine.
874312 Sandbox quarantines files with read-only access permission.

874315

Sandbox scan reports read-only file as quarantined.

874578

Real-time protection does not delete quarantined files after cullage time.

876465

FortiClient does not detect virus in network drive.

876925

Antiexploit protection blocks Microsoft signing application in Chrome.
901065 Logitech driver breaks after installing FortiClient with Malware Protection feature enabled in installer.
915300 FortiClient (Windows) detects file configured as exception as malware.

919007

On-demand scan for mapped drives is not possible.
919499 Windows Security Center shows that FortiClient (Windows) is inactive when FortiClient (Windows) is running and up-to-date.
946756 EMS logs USB events logged when there is an allow rule configured.
948985 update_task downloads AV signature from FDS, but AV engine fails to verify the signature. FortiClient (Windows) does not keep copy of problem signature.
956963 FortiClient Spoolsv is blocked when Windows antimalware scan is enabled.
966195 Antimalware detects W64/AI.Pallas Suspicious and fails to quarantine.
967202 FortiClient does not receive signature updates.
972036 Sandbox agent uses high CPU/memory/I/O when connecting to external SSD.
972671 If Malware Protection is enabled, Valorant fails to work.
976366 Windows 10 login page is stuck when FortiClient has long AV exclusion list.

Zero Trust tags

Bug ID Description

819120

Zero trust tag rule for AD group does not work when registering FortiClient to EMS with onboarding user.

Software Inventory

Bug ID

Description
737970 Software Inventory on EMS does not properly reflect software changes (adding/deleting) on Windows endpoints.
844392 Software Inventory shows last installation time in future.

Remote Access

Bug ID

Description

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

773920 Endpoint switches network connection after IPsec VPN connection, causing VPN to disconnect.

775633

Priority based IPSec resiliency tunnel, auto failover to second remote gateway doesn't work
783412 Browser traffic goes directly to ZTNA site when SSL VPN is connected.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.
815528 If <allow_local_lan=0>, per-application split tunnel is enabled, exclude mode is enabled, and a full tunnel is up, FortiClient (Windows) does not block local RDP/HTTPS traffic.

835042

After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.
837861 Always up fails to keep SSL VPN connection up when endpoint is left idle overnight.

838030

Citrix application shows blank pages on SSL VPN tunnel.
841144 Users disconnect from VPN after screen locks on endpoint.
841970 GUI gets stuck while connecting SAML SSL VPN with Azure AD and Duo (multifactor authentication).
843122 Daily error (-6005) occurs with SAML SSL VPN.
850494 VPN fails to connect at 98% to hotspot/Wi-Fi when dual stack is enabled.
861231 VPN configured with <on_os_start> does not start on Windows Server.
863138 TapiSrv does not run.
869362 FortiClient (Windows) has issues reconnecting to SSL VPN without reauthentication.
869477 If a self-test fails, FortiClient (Windows) does not enter FIPS error mode and shut down completely.
869577 FortiClient only adds FQDN route every second or third disconnect/reconnect.
869862 FortiSSLVPNclient.exe does not correctly use predefined VPN profiles for corporate or personal VPNs.
870087 Windows feature DeadGatewayDetection bypasses default route via VPN.
871346 FortiClient (Windows) cannot remember username and password for tunnel with SAML login with built-in browser, FortiAuthenticator, and Save Password and autoconnect selected.
871374 VPN tunnel with SAML login does not warn user when opening multiple connections with Limit Users to One SSL-VPN Connection at a Time enabled.
872315 IPsec VPN resiliency based on ping response does not work.
872339 Per-user autoconnect does not work after restarting FortiClient.
874208 FortiClient (Windows) cannot dial up SSL VPN tunnel with ECDSA certificate.
874298 Always up does not work for SAML SSL VPN tunnel with single FQDN resolved to multiple IP addresses.
874310 Using closest gateway based on ping speed and TCP round trip does not work for SSL VPN resilience if using different ports for the remote gateways.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
874759 SSL VPN has DNS issues if AWS Route53 is configured for name resolution.
875631 Dialup IPsec VPN does not allow multiple valid server certificates for client use simultaneously.
875999 FortiClient does not show GUI prompt to enter PIN for SSL VPN certificate stored on USB PKI/SmartCard device.
876429 FortiClient (Windows) ignores redundant_sort_method=0 configuration option for IPsec VPN IKEv2 tunnel using multiple VPN gateways.
876643 Connecting to an IKEv2 tunnel with EAP disabled from FortiTray with certificate only does not work.

877640

If FortiClient is registered to EMS, IPsec VPN tunnel fails to connect when it is configured to connect on OS start.

878070

After device wakes from sleep, FortiClient intermittently grays out SAML button.

878652

VPN secure remote access notification prompt displays multiple times with cutoff text.
882408 FortiClient (Windows) fails to renew password when user changes password in Windows login screen.
884926 Okta SAML token popup displays in low resolution.
887631 Using closest gateway based on TCP round trip for IPsec VPN resilience does not work if ping is disabled for first gateway.
891202 Autoconnect only when off-fabric does not work properly with user account and multifactor authentication (MFA) (FortiToken) for XAuth.
892314 On-connect script does not execute .
893237 FortiClient (Windows) does not provide opportunity to reinput password during autoconnect after identity provider password change.
893677 Autoconnect and always-up do not work when two gateways are configured for SAML SSL VPN with Redundancy Sort Method.
896213 GUI is stuck in VPN connecting status.
896400 VPN autoconnects when endpoint is woken from hibernation.
898873 SSL VPN tries to reconnect after screen is unlocked even when VPN tunnel is up and updated ZTNA tags are not synced to FortiGate.
901247 FortiClient does not exclude Five9 application from VPN.
903159 FortiClient does not save SSL VPN credentials for tunnel with dual stack and Save Password enabled.
904871 IPsec VPN connection takes long time to connect and shows Connect button when connection is in progress.

905651

FortiSASE VPN always up has issues when shifting endpoints from one public network to another.
907248 FortiClient (Windows) cannot connect to FortiSASE SAML VPN tunnel that uses OneLogin as identity provider (IdP) with built-in browser when IdP requires client certificate.
909145 Secure remote access tunnel default host tag message for prohibited connection is empty.

909244

SSL VPN split DNS name resolution stops working.
909573 With MFA and autoconnect enabled, user account password becomes empty after logging in to Windows.
909702 Saved username and password disappear while testing autoconnect only when offnet.
909755 SSL VPN split tunnel does not work for Microsoft Teams.
910533 When a tunnel has two gateways, SAML login is configured, and FortiClient (Windows) can reach the first FortiGate, built-in browser for XAuth failover to second FortiGate does not work.

912110

A network error prevented updates from being downloaded. pops up when FortiClient (Windows) establishes SSL VPN.
912703 Deregistered FortiClient (Windows) can connect with tunnel that has ZTNA tag assigned.
913217 Cancel button fails to work with IPsec VPN connection.
914018 SSL VPN SAML login fails to work if using YubiKey for MFA.
914987 Windows 10 cannot connect when AES and strong crypto is used in FortiGate.
916240 User from India cannot connect to SSL VPN using SAML authentication while same user can connect from the U.S.
916581 Static DNS entry is registered when on-fabric.
918322 FortiShield blocks FortiClient (Windows) application due to registry issue.

920383

FortiClient always enables Turn off smart multi-homed name resolution on Windows after successful connection.
930740 FortiClient (Windows) does not allow setting up SSL VPN tunnel if password contains Polish characters: ł , ą, and ń.
933991 FortiClient does not trust SSL VPN gateway that is signed by Internal Intermediate Cert even though the PC trusts it.
941259 When enabling Register this connection's addresses in DNS on the adapter, after a restart, the option is disabled.
942668 Split DNS on SSL VPN only resolves the first DNS server.
949977 FortiClient disclaimer does not work for IPsec VPN.
950787 Domain filter cannot block access to specific server FQDN.
952808 FIPS-CC SSL VPN FortiClient (Windows) use MD5 to generate share key to encrypt login post data.
953160 SAML token reuse does not work for SSL VPN if Disable Connect/Disconnect option is enabled in EMS Remote Access profile.
954004 DTLS tunnel cannot establish when handshake packet has a large MTU.
954352 DNS servers do not display on the virtual adapter with IPsec VPN. CLI shows the IP address.
955674 FortiClient (Windows) showing IPsec VPN connection down GUI notification while autoconnecting.
956472 FortiClient fails to resolve SRV records with split DNS.
956729 Web Filter blocks FortiClient itself imitated URL when trying to connect to SSL VPN with SAML login.
956949 FortiClient endpoint traffic is blocked when connecting to SSL VPN full tunnel.
956967 FortiSandbox exclusions path with wildcard does not work for cache files/folders such as Chrome.
957175 With external browser for SSL VPN SAML login authentication, FortiClient (Windows) cannot save user password when logging off, logging in, or rebooting.
962995 FortiSASE Secure Internet Access VPN frequently disconnects and requires user to log in again.
963554 Lookup by name to internal resources fails when IPv6 is enabled on NIC.
964036 Gateway selection (e.g. saml-login) based on ping speed or TCP round trip does not work.
966713 Certificate-only tunnels do not autoconnect if user does not connect the tunnel once before logging out of Windows.
968151 SAML-login resilience tunnel automatic failover to second remote gateway after first one is unreachable does not work.
969587 VPN disconnects periodically when power mode is set to Recommended.
969600 FortiGSLB SAML SSL VPN connection has -6005 error.
969601 Launching the FortiClient GUI from the system tray takes more than 30 seconds and sometimes does not open.
969995 Autoconnect does not work reliably with IPsec VPN using username/password with OTP and client certificate.
970005 DNS over TCP does not work with FortiClient (Windows) connected to FortiSASE and split DNS configured.
970620 SAML SSL VPN still connects to SAML without asking for credentials even save password is disabled.
971554 When connected to IPsec VPN, FortiClient sends access request when password renewal was canceled.
971698 FortiClient disconnects VPN when screen is locked but the user is not logged out.
972004 Enable Invalid Server Certificate Warning does not work for IPsec VPN with SAML-based authentication.
972089 VPN is stuck at 98% when connected to iPhone hotspot.
972387 SSLVPNCmdLine tool has error using PSExec and SYSTEM account.
973808 Non-English OS, such as Spanish, on a non-compliant endpoint fails to show warning when trying to connect to VPN.
974129 Script has error while initiating SAML VPN.
974756 FortiClient (Windows) fails to access Azure databases if using defined cloud-based"Microsoft-Office365" for the application-based split tunnel.
976194 If always up is enabled and device switches from Azure user to local user, IPsec VPN autoconnects.
976343 FortiClient sends the same MAC address of different network adapters with IPsec VPN.
977196 Prelogon VPN causes Windows login to take long time.
977214 If local and remote destination networks are the same, when exclusive routing is disabled, traffic to remote destination can go through VPN tunnel.
978155 Application Firewall behaves incorrectly with Epic browser.
979166 Black screen displays on VPN before logon.
979646 FortiClient cannot connect to VPN [-7200] or [-6006] while using SAML and external browser.

Vulnerability Scan

Bug ID

Description

795393

Vulnerability events are not removed from EMS after successful patch.
849485 FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
869253 FortiClient (Windows) detects vulnerability when the required KB is installed.

955762

FortiClient does not detect known vulnerable software.

Logs

Bug ID

Description

716803

When logged in to Windows as domain user, avatar does not show properly on FortiAnalyzer 7.0.
849043 SSL VPN add/close action does not show on FortiGate Endpoint Event section.

874835

FortiClient (Windows) repeatedly logs security event logging - IPsec VPN "Disconnect" to FortiAnalyzer.

948156

Excessive logging causes high I/O.

948887

FortiClient does not send Windows log of Exchange Server logon failure (Event ID 4625).
965729 FortiClient (Windows) does not send Web Filter monitor and block categories logs to FortiAnalyzer.
979323 FortiClient does not send any logs to FortiAnalyzer unless Log All URLs is enabled.

Web Filter and plugin

Bug ID Description
519066 User cannot print to WSD network printer when FortiProxy is enabled.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
836906 After FortiClient install, extended uptime results in audio cracking.
871325 Web Filter breaks DW Spectrum.
875298 Exclusion list does not work properly with regular expressions.
876273 Restricted mode has issue in Edge when moving from off- to on-fabric.

883568

Web Filter causes Docker pull command to fail and connectivity issues afterward.
884420 Web Filter extension does not categorize sites properly.
890433 Firefox extension is stuck on older version.
903426

User cannot access internal application with Web Filter enabled.

Workaround: Add a simple rule to allow HTTP/HTTPS server IP addresses.
904840 When a user is performing a device recovery in iTunes, error 3500 occurs.
909060 User cannot update information on internal portal with Web Filter active.
911410 Safe Search restriction level does not apply properly if it is enabled for both Web and Video Filters.
939986 Web Filter blocks LUXTRUST middleware.

952715

FortiClient (Windows) blocks access to internal website after receiving EMS profile.
962343 FortiClient does not block unrated sites when it cannot reach FortiGuard servers.
962502 Web Filter does not respect exclusion list when imported from FortiGate with web category overrides.

Avatar and social network login

Bug ID

Description

878050

FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

950503

FortiClient does not use image that user uploaded as their avatar.

License

Bug ID

Description

874676

EMS tags endpoint with existing ZTNA host tags for vulnerabilities and AV after license is updated from Endpoint Protection Platform to Remote Access.

ZTNA connection rules

Bug ID

Description

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

831943

ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.

836246

Going from off-Fabric to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.

839589

ZTNA TCP forwarding not working for GoAnywhere application.
857909 FortiClient (Windows) does not support enabling encryption for ZTNA TCP forwarding rules acquired from ZTNA service portal.
857999 FortiClient does not support use of external browser for SAML authentication for ZTNA rules acquired through service portal.
872153 Old certificate is not deleted when FortiClient is uninstalled or upgraded.
874290 PowerShell with .NET framework 5, 6, or 7 does not work with TCP ZTNA.
913267 FortiClient (Windows) fails to export ZTNA web portal settings.
918045 FortiClient (Windows) requests ZTNA certificate when switching between user accounts.
919832 ZTNA stops working after days with the error message No ZTNA client certificate was provided.

949999

SAML authentication does not work with Azure AD certificate-based authentication.
952888 IPv6 DNS servers bypass inline CASB IPv4 access proxies.
954563 TFAP ZTNA SAML authentication popup does not show up if user closes it without authenticating.

954946

ZTNA TCP forwarding does not show the untrusted certificate prompt warning with SAML authentication.

955377

FortiClient (Windows) blocks ZTNA because device is offline.

955437

With multiple browsers installed and external browser used for SAML authentication, choosing browser option does not show up if user does not choose any.
955570 FortiClient switches to default site.
965476 User cannot access website with certificate warning and Forticlient DNS Root certificate signs the certificate.
967199 No ZTNA client certificate was provided error occurs when trying to access HTTPS page.
975845 FortiClient must notify end user that certificate is not trusted for ZTNA connection when disallow_invalid_server_certificate is enabled.

976003

Web access with ZTNA proxy using FQDN fails to work.

976028

ZTNA feature driver fortitransctrl fails to start and causes ZTNA TCP forwarding to not work as expected.

FSSOMA

Bug ID

Description
900953 SSOMA does not send SSO sessions information to FortiAuthenticator.

909844

FSSO sessions drop earlier than expected.

Onboarding

Bug ID

Description

811976

FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.

819989

FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

872136

User verification period option does not work as configured.

Other

Bug ID

Description
834389 FortiClient has incompatibility with Fuji Nexim software.
897741 Virus cleaner does not scan PC.
901972 NETIO.SYS causes BSOD.
919017 FortiClient changes the checksum hash of the installer for Baramundi Management Agent.
952013 FortiClient (Windows) cannot access YouTube channel when channel_id is set to Warning in EMS.
952737 FortiClient FortiTray has high CPU usage.
964456 FortiClient does not allow Windows DNS only secure dynamic updates.
Previous
Next

Known issues

The following issues have been identified in FortiClient (Windows) 7.2.3. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Administration

Bug ID

Description
867818 fortishield.sys and fortimon3.sys are incompatible with HVCI.

Application Firewall

Bug ID Description

814391

FortiClient Cloud application signatures block allowlisted applications.

827788

Threat ID is 0 on Firewall Events.
842534 After upgrade, Application Firewall blocks internal webpage.
844997 FortiClient loses several packets on different internal resources after connecting telemetry.

860062

Application Firewall slows down opening of Microsoft Active Directory (AD) Users and Computers application.
869671 FortiClient (Windows) bypasses Application Firewall block after matching detection rule.
879985 Application Firewall fails to block Web.Client category HTTPS traffic.
884911 FortiClient detects IntelliJ IDEA Community Edition 2021.2.2 as Java.Debug.Wire.Protocol.Insecure.Configuration.
890001 Application Firewall blocks Tanium application under antiexploit.
891789 Application Firewall blocks CREO management tool software.
902866 Application Firewall does not block Google Drive.
958651 Application Firewall violation list always shows violated programs as the same as applications, which is not as accurate as Windows.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Deployment and installers

Bug ID

Description
783690 Reboot prompt does not display after user login.
870370 Upgrading FortiClient from FortiClient Cloud uses expired invitation code to register.
953124 FortiClient Orchestrator notification does not appear when upgrade is scheduled.

Endpoint control

Bug ID Description

804552

FortiClient shows all feature tabs without registering to EMS after upgrade.

815037

After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
820483 EMS device control does not block camera device.

833717

EMS shows endpoints as offline, while they show their own status as online.

834162

LDAP query for AD group check does not execute.
841764 EMS does not show third-party features in endpoint information.
855851 EMS remembered list shows FQDN duplicates.
868230 "Connection expiring due to FortiClient Connect license exceeded" error occurs.

975391

FortiClient 7.2.1 and later versions report a different user to EMS than 7.0.7 did.

979669

User avatar fails to upload to FortiAnalyzer.

Endpoint management

Bug ID Description
916566 FortiClient reports USB as blocked but user can access the storage files.

GUI

Bug ID Description

872634

FortiClient shows blank page when user opens FortiClient console.

874560

GUI becomes blank after receiving EMS-pushed profile.

888185

FortiClient does not minimize after successful VPN connection.
902595 SAML prompt flashes on autoconnect.

955209

GUI has issues after disconnecting from VPN.

Endpoint policy and profile

Bug ID

Description
889517 EMS fails to assign the correct endpoint policy and shows FortiClient as out-of-sync despite the client syncing.
915678 FortiClient does not send acknowledged event to EMS if it disconnects and reconnects to EMS immediately after the user acknowledges the one-way message.

Endpoint security

Bug ID

Description
960595 Some FortiClient (Windows) endpoints cannot reach FortiClient Cloud.
975704 FortiClient does not report most recent completed scan timestamp to EMS and causes last scan time to show incorrectly on EMS dashboard.

Install and upgrade

Bug ID

Description

769639

FortiDeviceGuard is not installed on Windows Server 2022.

955268

User can uninstall FortiClient when it is registered to EMS.
960301 FortiClient fails to install due to orphaned registry key.
982033 Windows application (native launchers) fail to launch after upgrade from previous standalone version.

982747

Firefox extension cannot be uninstalled automatically.

Malware Protection and Sandbox

Bug ID

Description

828862

FortiClient does not allow virtual CD-ROM device.

831560

GUI shows ransomware quarantined files after restoration via EMS.
844988 FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
857041 Windows 10 security center popup shows FortiClient and Windows Defender are off.
863802 FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
871078 Antiexploit protection blocks Adobe plugin in Chrome.
872970 Bubble notifications do not appear when inserting USB drive in endpoint machine.
874312 Sandbox quarantines files with read-only access permission.

874315

Sandbox scan reports read-only file as quarantined.

874578

Real-time protection does not delete quarantined files after cullage time.

876465

FortiClient does not detect virus in network drive.

876925

Antiexploit protection blocks Microsoft signing application in Chrome.
901065 Logitech driver breaks after installing FortiClient with Malware Protection feature enabled in installer.
915300 FortiClient (Windows) detects file configured as exception as malware.

919007

On-demand scan for mapped drives is not possible.
919499 Windows Security Center shows that FortiClient (Windows) is inactive when FortiClient (Windows) is running and up-to-date.
946756 EMS logs USB events logged when there is an allow rule configured.
948985 update_task downloads AV signature from FDS, but AV engine fails to verify the signature. FortiClient (Windows) does not keep copy of problem signature.
956963 FortiClient Spoolsv is blocked when Windows antimalware scan is enabled.
966195 Antimalware detects W64/AI.Pallas Suspicious and fails to quarantine.
967202 FortiClient does not receive signature updates.
972036 Sandbox agent uses high CPU/memory/I/O when connecting to external SSD.
972671 If Malware Protection is enabled, Valorant fails to work.
976366 Windows 10 login page is stuck when FortiClient has long AV exclusion list.

Zero Trust tags

Bug ID Description

819120

Zero trust tag rule for AD group does not work when registering FortiClient to EMS with onboarding user.

Software Inventory

Bug ID

Description
737970 Software Inventory on EMS does not properly reflect software changes (adding/deleting) on Windows endpoints.
844392 Software Inventory shows last installation time in future.

Remote Access

Bug ID

Description

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

773920 Endpoint switches network connection after IPsec VPN connection, causing VPN to disconnect.

775633

Priority based IPSec resiliency tunnel, auto failover to second remote gateway doesn't work
783412 Browser traffic goes directly to ZTNA site when SSL VPN is connected.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.
815528 If <allow_local_lan=0>, per-application split tunnel is enabled, exclude mode is enabled, and a full tunnel is up, FortiClient (Windows) does not block local RDP/HTTPS traffic.

835042

After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.
837861 Always up fails to keep SSL VPN connection up when endpoint is left idle overnight.

838030

Citrix application shows blank pages on SSL VPN tunnel.
841144 Users disconnect from VPN after screen locks on endpoint.
841970 GUI gets stuck while connecting SAML SSL VPN with Azure AD and Duo (multifactor authentication).
843122 Daily error (-6005) occurs with SAML SSL VPN.
850494 VPN fails to connect at 98% to hotspot/Wi-Fi when dual stack is enabled.
861231 VPN configured with <on_os_start> does not start on Windows Server.
863138 TapiSrv does not run.
869362 FortiClient (Windows) has issues reconnecting to SSL VPN without reauthentication.
869477 If a self-test fails, FortiClient (Windows) does not enter FIPS error mode and shut down completely.
869577 FortiClient only adds FQDN route every second or third disconnect/reconnect.
869862 FortiSSLVPNclient.exe does not correctly use predefined VPN profiles for corporate or personal VPNs.
870087 Windows feature DeadGatewayDetection bypasses default route via VPN.
871346 FortiClient (Windows) cannot remember username and password for tunnel with SAML login with built-in browser, FortiAuthenticator, and Save Password and autoconnect selected.
871374 VPN tunnel with SAML login does not warn user when opening multiple connections with Limit Users to One SSL-VPN Connection at a Time enabled.
872315 IPsec VPN resiliency based on ping response does not work.
872339 Per-user autoconnect does not work after restarting FortiClient.
874208 FortiClient (Windows) cannot dial up SSL VPN tunnel with ECDSA certificate.
874298 Always up does not work for SAML SSL VPN tunnel with single FQDN resolved to multiple IP addresses.
874310 Using closest gateway based on ping speed and TCP round trip does not work for SSL VPN resilience if using different ports for the remote gateways.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
874759 SSL VPN has DNS issues if AWS Route53 is configured for name resolution.
875631 Dialup IPsec VPN does not allow multiple valid server certificates for client use simultaneously.
875999 FortiClient does not show GUI prompt to enter PIN for SSL VPN certificate stored on USB PKI/SmartCard device.
876429 FortiClient (Windows) ignores redundant_sort_method=0 configuration option for IPsec VPN IKEv2 tunnel using multiple VPN gateways.
876643 Connecting to an IKEv2 tunnel with EAP disabled from FortiTray with certificate only does not work.

877640

If FortiClient is registered to EMS, IPsec VPN tunnel fails to connect when it is configured to connect on OS start.

878070

After device wakes from sleep, FortiClient intermittently grays out SAML button.

878652

VPN secure remote access notification prompt displays multiple times with cutoff text.
882408 FortiClient (Windows) fails to renew password when user changes password in Windows login screen.
884926 Okta SAML token popup displays in low resolution.
887631 Using closest gateway based on TCP round trip for IPsec VPN resilience does not work if ping is disabled for first gateway.
891202 Autoconnect only when off-fabric does not work properly with user account and multifactor authentication (MFA) (FortiToken) for XAuth.
892314 On-connect script does not execute .
893237 FortiClient (Windows) does not provide opportunity to reinput password during autoconnect after identity provider password change.
893677 Autoconnect and always-up do not work when two gateways are configured for SAML SSL VPN with Redundancy Sort Method.
896213 GUI is stuck in VPN connecting status.
896400 VPN autoconnects when endpoint is woken from hibernation.
898873 SSL VPN tries to reconnect after screen is unlocked even when VPN tunnel is up and updated ZTNA tags are not synced to FortiGate.
901247 FortiClient does not exclude Five9 application from VPN.
903159 FortiClient does not save SSL VPN credentials for tunnel with dual stack and Save Password enabled.
904871 IPsec VPN connection takes long time to connect and shows Connect button when connection is in progress.

905651

FortiSASE VPN always up has issues when shifting endpoints from one public network to another.
907248 FortiClient (Windows) cannot connect to FortiSASE SAML VPN tunnel that uses OneLogin as identity provider (IdP) with built-in browser when IdP requires client certificate.
909145 Secure remote access tunnel default host tag message for prohibited connection is empty.

909244

SSL VPN split DNS name resolution stops working.
909573 With MFA and autoconnect enabled, user account password becomes empty after logging in to Windows.
909702 Saved username and password disappear while testing autoconnect only when offnet.
909755 SSL VPN split tunnel does not work for Microsoft Teams.
910533 When a tunnel has two gateways, SAML login is configured, and FortiClient (Windows) can reach the first FortiGate, built-in browser for XAuth failover to second FortiGate does not work.

912110

A network error prevented updates from being downloaded. pops up when FortiClient (Windows) establishes SSL VPN.
912703 Deregistered FortiClient (Windows) can connect with tunnel that has ZTNA tag assigned.
913217 Cancel button fails to work with IPsec VPN connection.
914018 SSL VPN SAML login fails to work if using YubiKey for MFA.
914987 Windows 10 cannot connect when AES and strong crypto is used in FortiGate.
916240 User from India cannot connect to SSL VPN using SAML authentication while same user can connect from the U.S.
916581 Static DNS entry is registered when on-fabric.
918322 FortiShield blocks FortiClient (Windows) application due to registry issue.

920383

FortiClient always enables Turn off smart multi-homed name resolution on Windows after successful connection.
930740 FortiClient (Windows) does not allow setting up SSL VPN tunnel if password contains Polish characters: ł , ą, and ń.
933991 FortiClient does not trust SSL VPN gateway that is signed by Internal Intermediate Cert even though the PC trusts it.
941259 When enabling Register this connection's addresses in DNS on the adapter, after a restart, the option is disabled.
942668 Split DNS on SSL VPN only resolves the first DNS server.
949977 FortiClient disclaimer does not work for IPsec VPN.
950787 Domain filter cannot block access to specific server FQDN.
952808 FIPS-CC SSL VPN FortiClient (Windows) use MD5 to generate share key to encrypt login post data.
953160 SAML token reuse does not work for SSL VPN if Disable Connect/Disconnect option is enabled in EMS Remote Access profile.
954004 DTLS tunnel cannot establish when handshake packet has a large MTU.
954352 DNS servers do not display on the virtual adapter with IPsec VPN. CLI shows the IP address.
955674 FortiClient (Windows) showing IPsec VPN connection down GUI notification while autoconnecting.
956472 FortiClient fails to resolve SRV records with split DNS.
956729 Web Filter blocks FortiClient itself imitated URL when trying to connect to SSL VPN with SAML login.
956949 FortiClient endpoint traffic is blocked when connecting to SSL VPN full tunnel.
956967 FortiSandbox exclusions path with wildcard does not work for cache files/folders such as Chrome.
957175 With external browser for SSL VPN SAML login authentication, FortiClient (Windows) cannot save user password when logging off, logging in, or rebooting.
962995 FortiSASE Secure Internet Access VPN frequently disconnects and requires user to log in again.
963554 Lookup by name to internal resources fails when IPv6 is enabled on NIC.
964036 Gateway selection (e.g. saml-login) based on ping speed or TCP round trip does not work.
966713 Certificate-only tunnels do not autoconnect if user does not connect the tunnel once before logging out of Windows.
968151 SAML-login resilience tunnel automatic failover to second remote gateway after first one is unreachable does not work.
969587 VPN disconnects periodically when power mode is set to Recommended.
969600 FortiGSLB SAML SSL VPN connection has -6005 error.
969601 Launching the FortiClient GUI from the system tray takes more than 30 seconds and sometimes does not open.
969995 Autoconnect does not work reliably with IPsec VPN using username/password with OTP and client certificate.
970005 DNS over TCP does not work with FortiClient (Windows) connected to FortiSASE and split DNS configured.
970620 SAML SSL VPN still connects to SAML without asking for credentials even save password is disabled.
971554 When connected to IPsec VPN, FortiClient sends access request when password renewal was canceled.
971698 FortiClient disconnects VPN when screen is locked but the user is not logged out.
972004 Enable Invalid Server Certificate Warning does not work for IPsec VPN with SAML-based authentication.
972089 VPN is stuck at 98% when connected to iPhone hotspot.
972387 SSLVPNCmdLine tool has error using PSExec and SYSTEM account.
973808 Non-English OS, such as Spanish, on a non-compliant endpoint fails to show warning when trying to connect to VPN.
974129 Script has error while initiating SAML VPN.
974756 FortiClient (Windows) fails to access Azure databases if using defined cloud-based"Microsoft-Office365" for the application-based split tunnel.
976194 If always up is enabled and device switches from Azure user to local user, IPsec VPN autoconnects.
976343 FortiClient sends the same MAC address of different network adapters with IPsec VPN.
977196 Prelogon VPN causes Windows login to take long time.
977214 If local and remote destination networks are the same, when exclusive routing is disabled, traffic to remote destination can go through VPN tunnel.
978155 Application Firewall behaves incorrectly with Epic browser.
979166 Black screen displays on VPN before logon.
979646 FortiClient cannot connect to VPN [-7200] or [-6006] while using SAML and external browser.

Vulnerability Scan

Bug ID

Description

795393

Vulnerability events are not removed from EMS after successful patch.
849485 FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
869253 FortiClient (Windows) detects vulnerability when the required KB is installed.

955762

FortiClient does not detect known vulnerable software.

Logs

Bug ID

Description

716803

When logged in to Windows as domain user, avatar does not show properly on FortiAnalyzer 7.0.
849043 SSL VPN add/close action does not show on FortiGate Endpoint Event section.

874835

FortiClient (Windows) repeatedly logs security event logging - IPsec VPN "Disconnect" to FortiAnalyzer.

948156

Excessive logging causes high I/O.

948887

FortiClient does not send Windows log of Exchange Server logon failure (Event ID 4625).
965729 FortiClient (Windows) does not send Web Filter monitor and block categories logs to FortiAnalyzer.
979323 FortiClient does not send any logs to FortiAnalyzer unless Log All URLs is enabled.

Web Filter and plugin

Bug ID Description
519066 User cannot print to WSD network printer when FortiProxy is enabled.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
836906 After FortiClient install, extended uptime results in audio cracking.
871325 Web Filter breaks DW Spectrum.
875298 Exclusion list does not work properly with regular expressions.
876273 Restricted mode has issue in Edge when moving from off- to on-fabric.

883568

Web Filter causes Docker pull command to fail and connectivity issues afterward.
884420 Web Filter extension does not categorize sites properly.
890433 Firefox extension is stuck on older version.
903426

User cannot access internal application with Web Filter enabled.

Workaround: Add a simple rule to allow HTTP/HTTPS server IP addresses.
904840 When a user is performing a device recovery in iTunes, error 3500 occurs.
909060 User cannot update information on internal portal with Web Filter active.
911410 Safe Search restriction level does not apply properly if it is enabled for both Web and Video Filters.
939986 Web Filter blocks LUXTRUST middleware.

952715

FortiClient (Windows) blocks access to internal website after receiving EMS profile.
962343 FortiClient does not block unrated sites when it cannot reach FortiGuard servers.
962502 Web Filter does not respect exclusion list when imported from FortiGate with web category overrides.

Avatar and social network login

Bug ID

Description

878050

FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

950503

FortiClient does not use image that user uploaded as their avatar.

License

Bug ID

Description

874676

EMS tags endpoint with existing ZTNA host tags for vulnerabilities and AV after license is updated from Endpoint Protection Platform to Remote Access.

ZTNA connection rules

Bug ID

Description

814953

Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.

831943

ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.

836246

Going from off-Fabric to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.

839589

ZTNA TCP forwarding not working for GoAnywhere application.
857909 FortiClient (Windows) does not support enabling encryption for ZTNA TCP forwarding rules acquired from ZTNA service portal.
857999 FortiClient does not support use of external browser for SAML authentication for ZTNA rules acquired through service portal.
872153 Old certificate is not deleted when FortiClient is uninstalled or upgraded.
874290 PowerShell with .NET framework 5, 6, or 7 does not work with TCP ZTNA.
913267 FortiClient (Windows) fails to export ZTNA web portal settings.
918045 FortiClient (Windows) requests ZTNA certificate when switching between user accounts.
919832 ZTNA stops working after days with the error message No ZTNA client certificate was provided.

949999

SAML authentication does not work with Azure AD certificate-based authentication.
952888 IPv6 DNS servers bypass inline CASB IPv4 access proxies.
954563 TFAP ZTNA SAML authentication popup does not show up if user closes it without authenticating.

954946

ZTNA TCP forwarding does not show the untrusted certificate prompt warning with SAML authentication.

955377

FortiClient (Windows) blocks ZTNA because device is offline.

955437

With multiple browsers installed and external browser used for SAML authentication, choosing browser option does not show up if user does not choose any.
955570 FortiClient switches to default site.
965476 User cannot access website with certificate warning and Forticlient DNS Root certificate signs the certificate.
967199 No ZTNA client certificate was provided error occurs when trying to access HTTPS page.
975845 FortiClient must notify end user that certificate is not trusted for ZTNA connection when disallow_invalid_server_certificate is enabled.

976003

Web access with ZTNA proxy using FQDN fails to work.

976028

ZTNA feature driver fortitransctrl fails to start and causes ZTNA TCP forwarding to not work as expected.

FSSOMA

Bug ID

Description
900953 SSOMA does not send SSO sessions information to FortiAuthenticator.

909844

FSSO sessions drop earlier than expected.

Onboarding

Bug ID

Description

811976

FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.

819989

FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

872136

User verification period option does not work as configured.

Other

Bug ID

Description
834389 FortiClient has incompatibility with Fuji Nexim software.
897741 Virus cleaner does not scan PC.
901972 NETIO.SYS causes BSOD.
919017 FortiClient changes the checksum hash of the installer for Baramundi Management Agent.
952013 FortiClient (Windows) cannot access YouTube channel when channel_id is set to Warning in EMS.
952737 FortiClient FortiTray has high CPU usage.
964456 FortiClient does not allow Windows DNS only secure dynamic updates.
Previous
Next