Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.4. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and upgrade

Bug ID

Description

749331 Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
773219 FortiClient (Windows) should not allow user to uninstall it if settings are unlocked.

Application Firewall

Bug ID Description
717628 Application Firewall causes issues with Motorola RMS high availability client.

776007

Application Firewall conflict with Windows firewall causes issues updating domain group policies.

790397

FortiClient (Windows) blocks IPv6 traffic.

GUI

Bug ID Description
773355

FortiClient has display issue with umlauts on the Web Filter tab.

793577 Disclaimer message is unreadable.

Zero Trust tags

Bug ID Description

726835

FortiOS cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.

731525 FortiClient (Windows) does not properly detect Zero Trust tag that requires endpoint to not have antivirus signature up-to-date.
770636 FortiClient (Windows) does not remove Zero Trust Network Access (ZTNA) tag for antivirus signature being up-to-date.
782394 ZTNA user identity tags do not work.

782869

Zero trust tag fails to work for file with environments variable in its file path.

Endpoint control

Bug ID Description
738813 FortiESNAC process causes high CPU.

753663

When using off-net profile with antivirus protection enabled, FortiClient (Windows) does not show Malware Protection in navigation bar.

779267

FortiClient does not get updated profile and does not sync.

780368 With password protection for disconnection, Allow User to Shutdown When Registered to EMS fails to work.

802261

FortiClient does not trigger tag message for network event changes.

Endpoint management

Bug ID Description
760816 Group assignment rules based on IP addresses do not work when using split tunnel.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

762303 FortiClient (Windows) cannot restore the backup file when the backup file's file path contains a multibyte character.

Endpoint policy and profile

Bug ID

Description

774890 FortiClient (Windows) does not receive updated profile after syncing imported Web Filter profile from EMS.

Performance

Bug ID

Description

749348 Performance issues after upgrade.

Zero Trust Telemetry

Bug ID

Description

683542 FortiClient (Windows) fails to register to EMS if registration key contains a special character: " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~".

Malware Protection and Sandbox

Bug ID

Description

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

760073 FortiClient (Windows) compatibility with USB.
762125 fortimon3.sys causes blue screen of death during Slack calls.

774010

FortiClient (Windows) does not block access to removable media.

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

Remote Access

Bug ID

Description

649426 IPsec/SSL VPN per-app VPN split tunnel does not work.

711402

FortiClient (Windows) does not establish per-user autoconnect VPN tunnel, and per-machine autoconnect VPN tunnel remains connected after logging in to Windows.

727695

FortiClient (Windows) on Windows 10 fails to block SSL VPN when it has a prohibit host tag applied.

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

729610 When using Spanish characters, saving username and password are activated, but FortiClient (Windows) saves encrypted password incorrectly.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

731127 Configuring SSL VPN tunnel with SAML login displays Empty username is not allowed error.
743106 IPsec VPN XAuth does not work with ECDSA certificates.
744544 FortiClient (Windows) always saves SAML credentials.

744597

SSL VPN disconnects and returns hostcheck timeout after 15 to 20 minutes of connection.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

755482

Free VPN-only client does not show token box on rekey and GUI open.

758424

Certificate works for IPsec VPN tunnel if put it in current user store but fails to work if in local machine.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

763611 Slow upload speed on ssl-vpn dual-stack.
764863 Dialup IPsec VPN over IPv6 drops packets on inbound direction once FortiClient (Windows) establishes tunnel.
765184 RADIUS authentication failover between two servers.
767947 SMS verification code/answer code overwrites IPsec VPN saved password.

767998

Free VPN-only client does not hide Action for invalid EMS certificate setting.

771090 Save username function on IPsec VPN tunnel does not work.

772108

When no_dns_registration=1,Register This Connection's Address in DNS of NW IP properties is not selected after VPN is up.

773060 When connected to VPN on wireless connection, Surface Pro cannot access SSRS report (software hosted on internal server).

776888

FortiClient does not dynamically display button to disconnect VPN unless you reopen the FortiClient (Windows) window.

782352

FortiClient fails to perform XAuth with RSA certificates being used

782393 Application-based split VPN tunnel issue when using VipWebAppServer.exe application.

782698

IPsec VPN on OS start with SSL VPN failover on Wi-Fi cannot connect.

786348 Error code -8 or -14 occurs when Limit Users to One SSL-VPN Connection at a Time is enabled on FortiOS with SAML authentication.
787123 FortiClient disconnects from IPsec VPN tunnel with SA hard expired error right after connecting.
788765 German characters "" and/or "$" in the user password activates the SAML button in the GUI.
790021 Multifactor authentication using Okta with email notification does not work.

794110

VPN before logon does not work with Okta multifactor authentication and enforcing acceptance of the disclaimer message.

794658

FortiClient does not use second FortiGate to make VPN connection when IPsec VPN resilience with VPN is up and first remote gateway becomes offline.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.

797816

SAML connection with external browser authentication and single sign on port 8020 is busy, with FortiClient returning a JavaScript error.

801674

SAML internal browser authentication prompt does not show up when redirection to external browser is disabled.

Vulnerability Scan

Bug ID

Description

741241 FortiClient (Windows) finds vulnerabilities for uninstalled software.

Web Filter and plugin

Bug ID Description
729127 Web Filter affects manufacturing execution system software.
793017 Web Filter disconnects an application's underlying connection.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.

802030

Chrome and Edge browser Web Filter plugin fails to install the first time when Sandbox is enabled.

Avatar and social network login

Bug ID

Description

729140 FortiClient (Windows) fails to work when attempting to log in with Google, LinkedIn, or Salesforce.

Multitenancy

Bug ID

Description

780308 EMS automatically migrates endpoints to default site.

ZTNA connection rules

Bug ID

Description

735494

Windows 7 does not support TCP forwarding feature.

773956

FortiClient (Windows) cannot show normal webpage of Internet real server (Dropbox) with ZTNA.

798057 ZTNA connection rule issue when FortiClient is on-fabric.

License

Bug ID

Description

776869 FortiClient (Windows) hard codes ZTNA license.

Single sign on

Bug ID

Description

803213

Fortinet single sign on fails to send user login information/machine IP address to FortiAuthenticator without default address_category setting.

Workaround: Add following XML to EMS System Settings profile as default setting:

<fssoma>

<address_category>0</address_category>

</fssoma>

Other

Bug ID

Description

780651 FortiClient (Windows) does not update signatures on expected schedule.
804062 FortiClient (Windows) fails to register to Windows Security Center.

Known issues

The following issues have been identified in FortiClient (Windows) 7.0.4. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Install and upgrade

Bug ID

Description

749331 Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
773219 FortiClient (Windows) should not allow user to uninstall it if settings are unlocked.

Application Firewall

Bug ID Description
717628 Application Firewall causes issues with Motorola RMS high availability client.

776007

Application Firewall conflict with Windows firewall causes issues updating domain group policies.

790397

FortiClient (Windows) blocks IPv6 traffic.

GUI

Bug ID Description
773355

FortiClient has display issue with umlauts on the Web Filter tab.

793577 Disclaimer message is unreadable.

Zero Trust tags

Bug ID Description

726835

FortiOS cannot get the updated VPN IP address in firewall dynamic EMS tag address when FortiClient establishes the VPN tunnel.

731525 FortiClient (Windows) does not properly detect Zero Trust tag that requires endpoint to not have antivirus signature up-to-date.
770636 FortiClient (Windows) does not remove Zero Trust Network Access (ZTNA) tag for antivirus signature being up-to-date.
782394 ZTNA user identity tags do not work.

782869

Zero trust tag fails to work for file with environments variable in its file path.

Endpoint control

Bug ID Description
738813 FortiESNAC process causes high CPU.

753663

When using off-net profile with antivirus protection enabled, FortiClient (Windows) does not show Malware Protection in navigation bar.

779267

FortiClient does not get updated profile and does not sync.

780368 With password protection for disconnection, Allow User to Shutdown When Registered to EMS fails to work.

802261

FortiClient does not trigger tag message for network event changes.

Endpoint management

Bug ID Description
760816 Group assignment rules based on IP addresses do not work when using split tunnel.

Configuration

Bug ID

Description

730415

FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

762303 FortiClient (Windows) cannot restore the backup file when the backup file's file path contains a multibyte character.

Endpoint policy and profile

Bug ID

Description

774890 FortiClient (Windows) does not receive updated profile after syncing imported Web Filter profile from EMS.

Performance

Bug ID

Description

749348 Performance issues after upgrade.

Zero Trust Telemetry

Bug ID

Description

683542 FortiClient (Windows) fails to register to EMS if registration key contains a special character: " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~".

Malware Protection and Sandbox

Bug ID

Description

730054

Allow Admin Users to Terminate Scheduled and On-Demand Scans from FortiClient Console feature does not work as expected.

760073 FortiClient (Windows) compatibility with USB.
762125 fortimon3.sys causes blue screen of death during Slack calls.

774010

FortiClient (Windows) does not block access to removable media.

793926 FortiShield blocks spoolsv.exe on Citrix virtual machine servers.

Remote Access

Bug ID

Description

649426 IPsec/SSL VPN per-app VPN split tunnel does not work.

711402

FortiClient (Windows) does not establish per-user autoconnect VPN tunnel, and per-machine autoconnect VPN tunnel remains connected after logging in to Windows.

727695

FortiClient (Windows) on Windows 10 fails to block SSL VPN when it has a prohibit host tag applied.

728240

SSL VPN negate split tunnel IPv6 address does not work.

728244

Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.

729610 When using Spanish characters, saving username and password are activated, but FortiClient (Windows) saves encrypted password incorrectly.

730756

For SSL VPN dual stack, GUI only shows IPv4 address.

731127 Configuring SSL VPN tunnel with SAML login displays Empty username is not allowed error.
743106 IPsec VPN XAuth does not work with ECDSA certificates.
744544 FortiClient (Windows) always saves SAML credentials.

744597

SSL VPN disconnects and returns hostcheck timeout after 15 to 20 minutes of connection.

755105

When VPN is up, changes for IP properties-> Register this connection's IP to DNS are not restored after VM reboot from power off.

755482

Free VPN-only client does not show token box on rekey and GUI open.

758424

Certificate works for IPsec VPN tunnel if put it in current user store but fails to work if in local machine.

762986

FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.

763611 Slow upload speed on ssl-vpn dual-stack.
764863 Dialup IPsec VPN over IPv6 drops packets on inbound direction once FortiClient (Windows) establishes tunnel.
765184 RADIUS authentication failover between two servers.
767947 SMS verification code/answer code overwrites IPsec VPN saved password.

767998

Free VPN-only client does not hide Action for invalid EMS certificate setting.

771090 Save username function on IPsec VPN tunnel does not work.

772108

When no_dns_registration=1,Register This Connection's Address in DNS of NW IP properties is not selected after VPN is up.

773060 When connected to VPN on wireless connection, Surface Pro cannot access SSRS report (software hosted on internal server).

776888

FortiClient does not dynamically display button to disconnect VPN unless you reopen the FortiClient (Windows) window.

782352

FortiClient fails to perform XAuth with RSA certificates being used

782393 Application-based split VPN tunnel issue when using VipWebAppServer.exe application.

782698

IPsec VPN on OS start with SSL VPN failover on Wi-Fi cannot connect.

786348 Error code -8 or -14 occurs when Limit Users to One SSL-VPN Connection at a Time is enabled on FortiOS with SAML authentication.
787123 FortiClient disconnects from IPsec VPN tunnel with SA hard expired error right after connecting.
788765 German characters "" and/or "$" in the user password activates the SAML button in the GUI.
790021 Multifactor authentication using Okta with email notification does not work.

794110

VPN before logon does not work with Okta multifactor authentication and enforcing acceptance of the disclaimer message.

794658

FortiClient does not use second FortiGate to make VPN connection when IPsec VPN resilience with VPN is up and first remote gateway becomes offline.

795334

Always up feature does not work as expected when trying to connect to VPN from tray.

797816

SAML connection with external browser authentication and single sign on port 8020 is busy, with FortiClient returning a JavaScript error.

801674

SAML internal browser authentication prompt does not show up when redirection to external browser is disabled.

Vulnerability Scan

Bug ID

Description

741241 FortiClient (Windows) finds vulnerabilities for uninstalled software.

Web Filter and plugin

Bug ID Description
729127 Web Filter affects manufacturing execution system software.
793017 Web Filter disconnects an application's underlying connection.

776089

FortiClient (Windows) does not block malicious sites when Web Filter is disabled.

802030

Chrome and Edge browser Web Filter plugin fails to install the first time when Sandbox is enabled.

Avatar and social network login

Bug ID

Description

729140 FortiClient (Windows) fails to work when attempting to log in with Google, LinkedIn, or Salesforce.

Multitenancy

Bug ID

Description

780308 EMS automatically migrates endpoints to default site.

ZTNA connection rules

Bug ID

Description

735494

Windows 7 does not support TCP forwarding feature.

773956

FortiClient (Windows) cannot show normal webpage of Internet real server (Dropbox) with ZTNA.

798057 ZTNA connection rule issue when FortiClient is on-fabric.

License

Bug ID

Description

776869 FortiClient (Windows) hard codes ZTNA license.

Single sign on

Bug ID

Description

803213

Fortinet single sign on fails to send user login information/machine IP address to FortiAuthenticator without default address_category setting.

Workaround: Add following XML to EMS System Settings profile as default setting:

<fssoma>

<address_category>0</address_category>

</fssoma>

Other

Bug ID

Description

780651 FortiClient (Windows) does not update signatures on expected schedule.
804062 FortiClient (Windows) fails to register to Windows Security Center.