Fortinet black logo

EMS Release Notes

Home FortiClient 6.0.1 EMS Release Notes

Special Notices

6.0.1
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
Copy Link
Copy Doc ID 89844669-9746-11e8-9cc7-00505692583a:775182
Download PDF

Special Notices

Deploying FortiClient upgrade to Windows 7

FortiClient EMS disables TLS 1.0, 1.1 for all incoming SSL connections. On Microsoft Windows 7 (and likely Windows Server 2008 R2) devices, the WinHTTP library FortiClient uses for file downloads does not use TLS 1.0/1.1 by default. When deploying FortiClient from EMS 6.0.1 to Windows 7 endpoints that already have FortiClient 6.0.1 or older installed, the deployment may fail.

This issue only exists when deploying from EMS 6.0.1 to Windows 7 endpoints with FortiClient installed. It does not exist when:

  • Deploying to Windows 8.1 or 10
  • Deploying from EMS 6.0.0 or older
  • The endpoint does not have FortiClient installed

There are various ways to address this issue.

Enabling TLS 1.2 on Windows 7 using registry settings

Follow the discussions in Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows to add a registry setting.

  1. Install the Windows Update Hot Fix:

    Update to enable TLS 1.1 and 1.2 as default secure protocols in WinHTTP (KB3140245)

    note icon

    If regular Windows Update is enabled by default, this KB is already installed.
  2. Create a DWORD registry entry: DefaultSecureProtocols in the path:
    • On systems running x86 architecture:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

    • On systems running x64 architecture

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

    3. Set the value to 0x00000A00 to enable both TLS 1.1 and 1.2.

Enabling TLS 1.0 and 1.1 in EMS

EMS 6.0.1 provides an option in System Settings to enable support for TLS 1.0 and 1.1 for file downloads. The EMS administrator may use this option when deploying FortiClient upgrades to Windows 7 endpoints. Once deployment is complete, you can disable the option.

Previous
Next

Special Notices

Deploying FortiClient upgrade to Windows 7

FortiClient EMS disables TLS 1.0, 1.1 for all incoming SSL connections. On Microsoft Windows 7 (and likely Windows Server 2008 R2) devices, the WinHTTP library FortiClient uses for file downloads does not use TLS 1.0/1.1 by default. When deploying FortiClient from EMS 6.0.1 to Windows 7 endpoints that already have FortiClient 6.0.1 or older installed, the deployment may fail.

This issue only exists when deploying from EMS 6.0.1 to Windows 7 endpoints with FortiClient installed. It does not exist when:

  • Deploying to Windows 8.1 or 10
  • Deploying from EMS 6.0.0 or older
  • The endpoint does not have FortiClient installed

There are various ways to address this issue.

Enabling TLS 1.2 on Windows 7 using registry settings

Follow the discussions in Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows to add a registry setting.

  1. Install the Windows Update Hot Fix:

    Update to enable TLS 1.1 and 1.2 as default secure protocols in WinHTTP (KB3140245)

    note icon

    If regular Windows Update is enabled by default, this KB is already installed.
  2. Create a DWORD registry entry: DefaultSecureProtocols in the path:
    • On systems running x86 architecture:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

    • On systems running x64 architecture

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

    3. Set the value to 0x00000A00 to enable both TLS 1.1 and 1.2.

Enabling TLS 1.0 and 1.1 in EMS

EMS 6.0.1 provides an option in System Settings to enable support for TLS 1.0 and 1.1 for file downloads. The EMS administrator may use this option when deploying FortiClient upgrades to Windows 7 endpoints. Once deployment is complete, you can disable the option.

Previous
Next