Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in FortiClient (Windows) 6.4.1. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Application Firewall

Bug ID Description

564595

Application Firewall does not block BitTorent peer-to-peer traffic.

618613 Issue accessing/running SSH session while Application Firewall is enabled.

Logs

Bug ID Description
577549 NSS AEP 4.0: clientfeature=unknown logged for cloudscan (cloud-based malware protection).
650334 Feature lists for log setting are not consistent between EMS and FortiClient (Windows).

Endpoint control

Bug ID Description

587327

Device detection/VPN autoconnect frequency is too frequent.

588059 On-net checked conditions by ESNAC do not match with configuration when only using EMS.

621924

FortiClient does not send full path for some running processes.

623928

End user avatar does not show up.

626429

Incorrect on-/off-fabric profile determination.

627338

EMS does not show correct user information in endpoint summary when Google/LinkedIn option selected for avatar option.

628245

FortiClient loses all tabs except Remote Access for 30 seconds after connecting to VPN.

630966

EMS reports wrong install dates in software inventory.

633206

FortiClient (Windows) loses avatar after deployment.

638107

Endpoints with multiple interfaces with active default routes do not have matching FortiGate information.

645056

AV is installed and running compliance verification rule does not work.

647960

FortiClient does not tag endpoint with an AV signature is updated rule with McAfee.

648153

FortiClient gets stuck at being registered to EMS but not in a reachable state.

648632

FortiClient should send (MAC, IP address) tuple list to EMS

648651

FortiClient reaches an Unable to retrieve EMS Details state after user closes connection key popup.

649033

VPN is stuck and user cannot cancel or close the connection attempt.

653566

EMS reports Sandbox as installed but not enabled when FortiClient (Windows) is registered to EMS.

657208

EMS fails to push assigned on-fabric detection rules to endpoints in some cases.

657615

Endpoint network information display issue.

GUI

Bug ID

Description

611379

Avatar page shows inconsistent pictures after switching users.

620262

Signature version does not get refresh after update_task is done.

620677

SAML SSL VPN tunnel shows wrong username.

622139

In User Identity, clicking signout button when logged into cloud service does not update avatar page.

622149

In User Identity, clicking any cloud service opens the service login page, even if user is already logged in.

622161

In User Identity, after successful logout, user information does not revert to what it was before logging in.

627477

GUI should not display SAML login button when connecting from FortiTray and requiring user to renew expired password.

631273

FortiClient (Windows) should not allow user to save username/password if they are disabled in EMS.

Install and deployment

Bug ID

Description

586279

VDI VMware instant-clone desktops do not generate new FCTID.

622685

FortiClient (Windows) uninstalled from EMS leaves many files.

632273

Upgraded FortiClient does not register to EMS when connection key is enforced via assigned gateway list.

Malware Protection and Sandbox

Bug ID

Description

589416

AV exclusion list should not be case-sensitive.

598846

FortiClient allows user to open attached file before FortiClient (Windows) receives Sandbox result for the attachment.

618245

FortiClient does not protect certain ADS file operations.

623254

Real-time and on-demand scans cannot always quarantine/remove the malware that they find.

634353

FortiClient initial scan ignores %localappdata% exclusion.

648304

FortiClient fails to scan injected DVD files when scanning removable media on insertion is enabled.

657832

FortiClient installed on device with outdated version of Windows 7 does not update signatures.

Remote Access

Bug ID

Description

537299

FortiClient (Windows) does not use correct SSL VPN split DNS server.

625059

IPsec VPN with push authorization takes fifteen seconds for FortiClient (Windows) to display connected status.

627339

With SAML login, FortiClient (Windows) fails to establish VPN connection if FortiOS SSL VPN setting Require Client Certificate is enabled.

631751

SAML login does not work for IPv6.

645174

FortiClient sometimes does not use the remoteauthtimeout value configured on FortiOS for SSL VPN.

648876

Attempt to connect to a tunnel that requires a certificate fails when configured with certifcate filter.

649426

IPsec/SSL VPN per-app VPN split tunnel does not work properly.

649688

With per-app VPN split tunnel, websites with HTTP defined in <fqdn> do not work properly.

651127

FortiClient fails to connect to SSL VPN when using SAML authentication with PingID as the identity provider.

655957

When prompt_certificate=0, GUI does not show certificate dropdown list.

656723

Split DNS does not function on Windows 8.1.

660902

FortiClient (Windows) cannot connect to VPN when push tokens are enabled and the certificate is untrusted.

Workaround: If FortiClient (Windows) does not trust the server certificate, you must enable Enable Invalid Server Certificate Warning in VPN settings. Accept the certificate during VPN connection to allow the VPN with push token enabled to connect.

674145

When registered to EMS 6.4.2, an IPsec VPN tunnel may fail to come up because the IPsec VPN IKE mode changes from aggressive to main.

Vulnerability Scan

Bug ID

Description

656814 FortiClient does not parse vulnerability scan results correctly for Microsoft Office applications.

Web Filter

Bug ID Description
620169 Installing Web Filter plugin only tries to install Chrome plugin.

635681

FortiProxy causes FactoryTalk application to crash.

644776

Web Filter plugin fails to block file download with exclusion list.

648066

Sentinel S1 interoperability issues with FortiClient.

Other

Bug ID

Description

262835

FortiClient process may fail to quit after shutting down FortiClient.

649563

fcconfig CLI command issues.

Known issues

The following issues have been identified in FortiClient (Windows) 6.4.1. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Application Firewall

Bug ID Description

564595

Application Firewall does not block BitTorent peer-to-peer traffic.

618613 Issue accessing/running SSH session while Application Firewall is enabled.

Logs

Bug ID Description
577549 NSS AEP 4.0: clientfeature=unknown logged for cloudscan (cloud-based malware protection).
650334 Feature lists for log setting are not consistent between EMS and FortiClient (Windows).

Endpoint control

Bug ID Description

587327

Device detection/VPN autoconnect frequency is too frequent.

588059 On-net checked conditions by ESNAC do not match with configuration when only using EMS.

621924

FortiClient does not send full path for some running processes.

623928

End user avatar does not show up.

626429

Incorrect on-/off-fabric profile determination.

627338

EMS does not show correct user information in endpoint summary when Google/LinkedIn option selected for avatar option.

628245

FortiClient loses all tabs except Remote Access for 30 seconds after connecting to VPN.

630966

EMS reports wrong install dates in software inventory.

633206

FortiClient (Windows) loses avatar after deployment.

638107

Endpoints with multiple interfaces with active default routes do not have matching FortiGate information.

645056

AV is installed and running compliance verification rule does not work.

647960

FortiClient does not tag endpoint with an AV signature is updated rule with McAfee.

648153

FortiClient gets stuck at being registered to EMS but not in a reachable state.

648632

FortiClient should send (MAC, IP address) tuple list to EMS

648651

FortiClient reaches an Unable to retrieve EMS Details state after user closes connection key popup.

649033

VPN is stuck and user cannot cancel or close the connection attempt.

653566

EMS reports Sandbox as installed but not enabled when FortiClient (Windows) is registered to EMS.

657208

EMS fails to push assigned on-fabric detection rules to endpoints in some cases.

657615

Endpoint network information display issue.

GUI

Bug ID

Description

611379

Avatar page shows inconsistent pictures after switching users.

620262

Signature version does not get refresh after update_task is done.

620677

SAML SSL VPN tunnel shows wrong username.

622139

In User Identity, clicking signout button when logged into cloud service does not update avatar page.

622149

In User Identity, clicking any cloud service opens the service login page, even if user is already logged in.

622161

In User Identity, after successful logout, user information does not revert to what it was before logging in.

627477

GUI should not display SAML login button when connecting from FortiTray and requiring user to renew expired password.

631273

FortiClient (Windows) should not allow user to save username/password if they are disabled in EMS.

Install and deployment

Bug ID

Description

586279

VDI VMware instant-clone desktops do not generate new FCTID.

622685

FortiClient (Windows) uninstalled from EMS leaves many files.

632273

Upgraded FortiClient does not register to EMS when connection key is enforced via assigned gateway list.

Malware Protection and Sandbox

Bug ID

Description

589416

AV exclusion list should not be case-sensitive.

598846

FortiClient allows user to open attached file before FortiClient (Windows) receives Sandbox result for the attachment.

618245

FortiClient does not protect certain ADS file operations.

623254

Real-time and on-demand scans cannot always quarantine/remove the malware that they find.

634353

FortiClient initial scan ignores %localappdata% exclusion.

648304

FortiClient fails to scan injected DVD files when scanning removable media on insertion is enabled.

657832

FortiClient installed on device with outdated version of Windows 7 does not update signatures.

Remote Access

Bug ID

Description

537299

FortiClient (Windows) does not use correct SSL VPN split DNS server.

625059

IPsec VPN with push authorization takes fifteen seconds for FortiClient (Windows) to display connected status.

627339

With SAML login, FortiClient (Windows) fails to establish VPN connection if FortiOS SSL VPN setting Require Client Certificate is enabled.

631751

SAML login does not work for IPv6.

645174

FortiClient sometimes does not use the remoteauthtimeout value configured on FortiOS for SSL VPN.

648876

Attempt to connect to a tunnel that requires a certificate fails when configured with certifcate filter.

649426

IPsec/SSL VPN per-app VPN split tunnel does not work properly.

649688

With per-app VPN split tunnel, websites with HTTP defined in <fqdn> do not work properly.

651127

FortiClient fails to connect to SSL VPN when using SAML authentication with PingID as the identity provider.

655957

When prompt_certificate=0, GUI does not show certificate dropdown list.

656723

Split DNS does not function on Windows 8.1.

660902

FortiClient (Windows) cannot connect to VPN when push tokens are enabled and the certificate is untrusted.

Workaround: If FortiClient (Windows) does not trust the server certificate, you must enable Enable Invalid Server Certificate Warning in VPN settings. Accept the certificate during VPN connection to allow the VPN with push token enabled to connect.

674145

When registered to EMS 6.4.2, an IPsec VPN tunnel may fail to come up because the IPsec VPN IKE mode changes from aggressive to main.

Vulnerability Scan

Bug ID

Description

656814 FortiClient does not parse vulnerability scan results correctly for Microsoft Office applications.

Web Filter

Bug ID Description
620169 Installing Web Filter plugin only tries to install Chrome plugin.

635681

FortiProxy causes FactoryTalk application to crash.

644776

Web Filter plugin fails to block file download with exclusion list.

648066

Sentinel S1 interoperability issues with FortiClient.

Other

Bug ID

Description

262835

FortiClient process may fail to quit after shutting down FortiClient.

649563

fcconfig CLI command issues.