FortiClientEMS 7.2.0 - B&B Bezpieczeństwo w biznesie

Fortinet opublikował nową wersję FortiClient EMS oraz FortiClient – 7.2.0! EMS 7.2 wprowadza funkcję zarządzania certyfikatami, która umożliwia łatwe tworzenie, przechowywanie i używanie certyfikatów dla różnych usług EMS w sposób scentralizowany. Pojawił się również Connector AD – który ma na celu ulepszenie architektury EMS do użytku w środowiskach chmurowych. Dodatkowo pojawiło się również wsparcie dla FortiAnalyzer Cloud, integracja z FortiPAM oraz kilka nowości dotyczących reguł ZTNA.

Nowe funkcjonalności w 7.2.0:

New Features – 7.2.0

Wildcard support for ZTNA FQDN rules
Logging to FortiAnalyzer Cloud
FortiGate ZTNA service portal support
Inline CASB solution for SaaS applications
FortiPAM integration
FortiEDR Zero Trust tagging rule and visibility
Selecting closest gateway for VPN connection
Improved certificate UX
AD connector
Authentication server configuration for onboarding

Rozwiązane problemy (FortiClient EMS 7.2.0):

License

Bug ID	Description
818702	Log viewer fails to check for license expiration: type object `'License'` has no attribute `'get'`.
821767	FortiClient Cloud displays license expiry error when license has not expired.
870207	EMS crashes after user applies incorrect license.

Multitenancy

Bug ID	Description
848558	Non-default site sends `LIC_ED\|0\|` to FortiClient.
873029	FortiClient shows as disconnected and license for all multitenancy sites are removed and returned to global site after upgrading EMS from 7.0.7 to 7.2.0.

Administration

Bug ID	Description
678899	LDAP configuration persists in EMS multitenancy global/default/non-default administration users.
853647	EMS displays no administrators found error.
853830	EMS console times out. Inactivity timeout logs off administrator despite EMS activity.
871765	Active Directory (AD) connector fails to start after upgrade from 7.0.7 to 7.2.0 if authentication credential expired.

Dashboard

Bug ID	Description
781654	EMS does not remove dashboard outbreak alerts when endpoint disconnects.

Onboarding

Bug ID	Description
819203	Authorized user group name is not full path.
822126	Delete SAML configuration message shows incorrect active users.
835182	The DELETE statement conflicts with the REFERENCE constraint `fk_Forticlient_Users_Users_machine_user_id`.
866140	Authorized groups do not work with SAML verification.

ZTNA connection rules

Bug ID	Description
832635	Off-fabric FortiClient certificate serial number does not sync to FortiOS.

System Settings

Bug ID	Description
823701	FortiClient Cloud does not allow enabling Enforce User Verification.
839677	EMS displays notification: Failed to send email alerts. Please check SMTP server configuration.

Endpoint management

Bug ID	Description
727076	EMS does not process uploaded software inventory.
770364	EMS displays third-party features section for non-Windows endpoints.
801583	EMS shows clients as unprotected if they have third-party antivirus.
808266	EMS has inaccurate dashboard widget results for endpoints with Windows operating systems.
819196	The multipart identifier `cs.software_id` and `cs.is_missing` cannot be bound.
821704	EMS always reports device state as managed in verified and unverified user table even after FortiClient unregisters from EMS.
825673	EMS clears all entries after upgrade and does not allow traffic for some users.
827269	Policy is out of sync when moving endpoints using group assignment rules.
834228	EMS reports endpoint vulnerability when Vulnerability Scan is not installed on endpoint.
835705	Group assignment rules Run Rules Now option does not work.
839300	EMS fails to download PDF report of on-premise FortiSandbox events.
842539	EMS shows endpoints duplicated in multiple groups after EMS upgrade.
846033	EMS displays error during AD sync when an organizational unit’s old ancestor is deleted from the domain.

Endpoint policy and profile

Bug ID	Description
818408	Malware Protection profile antiexploit application list includes applications that FortiClient does not support.
824666	EMS does not send FortiClient status changes via syslog.
832445	Web Filter profiles are mismatched between EMS and FortiGate for cryptomining category.
842084	Profile GUI is blank.
852508	FortiClient blocks all USB sticks after adding revision in Malware Protection profile.

Install and upgrade

Bug ID	Description
828850	Deadlocks on Users and Forticlients_users table.
835824	Upgrade from 7.0.4 to 7.0.6 fails.

FortiGuard Outbreak Alerts

Bug ID	Description
813928	EMS fails to update EOAP signatures: type object `ComplianceVerificationRuleSet` has no attribute `eoap_version`.

Zero Trust telemetry

Bug ID	Description
836156	User cannot access FortiClient Cloud.

HA

Bug ID	Description
809396	EMS generates a generic error on high availability (HA) backup.
832719	EMS shows error while trying to restore backup.

GUI

Bug ID	Description
632427	Software Inventory filter and sort actions in heading do not work.
774880	EMS user can import the same zero trust tagging rules multiple times by clicking Import button multiple times.

Deployment and installers

Bug ID	Description
842065	FortiClient cannot connect to EMS after upgrade from 7.0.2 to 7.0.7.
859123	Only FortiClient 7.0.7 appears in installers list. EMS shows no custom installers.

Zero Trust tagging

Bug ID	Description
802599	EMS should calculate zero trust network access (ZTNA) rules.
827300	Endpoint does not get correct zero trust network access tag.
832328	Endpoint is still tagged with threat ID rule after clearing firewall events.
837163	EMS shows hosts with indicators of compromise for Ransomware Evil (REvil) but shows details as No REvil_IOC_registry_key – Compromised Endpoints (0) Found.
841675	EMS receives network information but does not send it to FortiGates.
874683	EMS does not tag some endpoints with AD group after disabling Evaluate on FortiClient on the rule.
874693	When a rule set has an AD FortiClient-based rule and at least one non-FortiClient rule of any type, the AD rule is not loaded.

Endpoint control

Bug ID	Description
813439	FortiClient registered with EMS IP address does not deregister from EMS when administrator enforces invitation-only registration for all endpoints.
825559	FortiClient fails to register with EMS when Enforce invitation-only registration for is enabled.
840199	EMS stops allowing client connections.
848147	EMS sends malformed SAML URL to FortiClient.

Performance

Bug ID	Description
801299	spUpdateIPList and trigger_users_UPDATED errors.

Endpoint security

Bug ID	Description
783287	Let’s Encrypt ACME certificate request fails due to port 80 on autotest system.

Other

Bug ID	Description
844330	EMS reports vulnerability to web server dictionary indexing/dictionary directory listing attack.
873218	Multiple FortiClient records share the same token ID.

Rozwiązane problemy (FortiClient 7.2.0):

ZTNA connection rules

Bug ID	Description
773956	FortiClient (Windows) cannot show normal webpage of real Internet server (Dropbox) with zero trust network access (ZTNA).
823012	ZTNA TCP forwarding fails to work when FortiClient console is closed.
831895	FortiClient does not send `CERT_REQ` after receiving certificate revoke command from EMS.
875739	ZTNA client certificate is missing in user certificate manager.

Web Filter and plugin

Bug ID	Description
676424	NETIO.SYS causes blue screen of death (BSOD).
784677	Web Filter plugin blocks YouTube comments with Restricted Mode has hidden comments for this video message.
804938	All Internet traffic stops when user connects a USB controller (RNDIS).
812794	When Web Filter extension is enabled, downloads in Firefox browser get canceled.
812879	Web Filter blocks Chocolatey installation.
813034	FortiTray keeps notifying user to install Web Filter plugin when Chrome has installed the plugin.
824067	Web Filter blocks HTTP traffic configured as allowed on the exclusion list.
826920	Web Filter extension does not support Edge browser.
829164	Security risk websites violation list is not in Web Filter profile.
833506	FortiClient (Windows) registry does not update restriction level value when Web Filter is disabled and reenabled.
836811	Safe Search adds wrong domain addresses such as www.google.n into host file C:\windows\system32\driver\etc.
839435	Web Filter extension has issues when downloading a PDF from www.gob.mx/curp.
840993	Upgrading FortiClient (Windows) causes Web Filter to break network connectivity.
851700	FortiClient displays Microsoft Edge extension policy anomaly detected, please restart browser popup.
860560	Web Filter blocks private IP address as unrated.

GUI

Bug ID	Description
828339	GUI returns blank page after install.
836820	German GUI shows realtime scan events as detected virus threats.
841355	FortiClient (Windows) shows Remote Access tab when administrator configured it to be hidden.
863751	GUI becomes blank.
864653	FortiClient (Windows) garbles Chinese name display.

Endpoint control

Bug ID	Description
766241	Endpoint summary reports FortiClient (Windows) antivirus software as third-party feature.
777473	FortiClient Cloud is unaware of UID change when it sends a new UID to FortiClient.
815384	After FortiClient (Windows) status is off-Fabric, Web Filter service start is delayed.
832627	Logging does not work after ZTNA logging is enabled in System Settings profile.
833848	FortiClient reports incorrect Windows version to EMS.
839197	FortiClient (Windows) does not reconnect to EMS after deployment over VPN.
839800	Option to hide Application Firewall in FortiClient (Windows) GUI does not work.
841149	Endpoint tries to use ZTNA certificate when ZTNA option is disabled.
842680	FortiClient (Windows) does not send ADGUID.
846147	EMS does not display user information details from Active Directory (AD) domain.

FSSOMA

Bug ID	Description
868524	Single sign on configuration tool does not generate preshared key and server information in the installer.

Install and upgrade

Bug ID	Description
691328	Upgrade does not upgrade AV engine as deployed through an EMS installer.
839744	FortiClient loses Telemetry connection and does not reconnect when administrator assigns the endpoint to a new group with a different installer.
848255	Upgrading FortiClient from 7.0.6 to 7.0.7 fails when it is registered to EMS.
862161	FortiClient upgrades to include full features when it should not.
875875	FortiClient loses all tags after deployment.

Onboarding

Bug ID	Description
864582	After PC reboot, FortiClient repeatedly tries to log in with SAML when EMS is disconnected.

Zero Trust tags

Bug ID	Description
821391	User in AD group zero trust tag does not tag users in security groups.
704234	Zero trust tagging rule set syntax to check registry key value is unclear.
832623	AV Signature is up-to-date rule not does count days.

Vulnerability Scan

Bug ID	Description
767604	jar file detection does not support YARA rule.
811796	Vulnerability compliance check includes Python vulnerability for all applications.

Remote Access

Bug ID	Description
684913	SAML authentication on SSL VPN with realms does not work.
687765	VPN using SAML authentication displays a certificate warning with a DigiCert certificate.
706023	FortiClient (Windows) loses DNS settings after restarting computer.
744544	FortiClient (Windows) always saves SAML credentials.
765686	When `autoconnect-only-when-offnet` is enabled, VPN autoconnects when endpoint shifts from off- to on-fabric.
776329	IPsec VPN connection from tray fails to launch IPsec VPN service with certificate and ping-based redundant sort method.
789669	DNS suffix is not injected when connecting to SSL VPN over IPV6.
802323	VPN before login fails to connect with host check rule configured immediately after reboot.
812898	SSL VPN autoconnect does not work and results in IPsec VPN errors.
821395	SAML SSL VPN and autoconnect when off-fabric does not reconnect.
822763	Remote Access Connect button does not work.
824165	SSL VPN does not reconnect when using tunnel-based connection over point-to-point tunneling protocol.
825442	ZScaler client connector does not work with application-based split tunnel.
826170	FortiClient removes the SSL VPN password from the GUI if the network interface is disconnected and reconnected.
827612	update_task.exe execution window pops up while connecting to SSL VPN.
829763	With host check enabled, SAML login does not show proper warning message if it fails to connect.
830067	Connecting to IPsec VPN displays Update failed – Error occurred! error.
832036	VPN autoconnect does not always work with special Azure AD build.
832953	VPN tunnel does not always connect automatically if network is disrupted or if the device is in sleep mode even if always up is enabled.
834874	Autoconnect does not work after restart when the Remote Access profile only has an IPsec VPN tunnel and the SSL VPN option disabled.
834883	On-fabric rule for VPN tunnel name does not work when the tunnel name uses special characters.
836148	FortiClient does not try to connect to a realm with name https://X.Y:10443/Z if X and Z are the same values.
836400	SSL VPN dual stack full tunnel leaks IPv6 access via local NIC.
838380	FortiClient (Windows) removes user credentials to the autoconnect VPN tunnel after a couple restarts.
840685	The VPN before logon icon does not show in certain conditions.
840720	User cannot modify IPsec VPN advanced settings for personal VPN profile.
844190	Upon connecting to SAML VPN, FortiClient (Windows) displays Update failed – Error occurred! popup.
852036	FortiClient cannot correctly handle a certificate having a Japanese character in the issuer or subject name.
859498	Current connection feature does not work as expected.
864430	Machine SSL VPN does not work with existing user autoconnect configuration.
866494	Certificate-only SSL VPN tunnel fails to connect if it is configured to be a machine autoconnect tunnel.
867202	IPsec VPN with certificate authentication fails to connect if it is configured to be a machine autoconnect tunnel.
868568	VPN before logon feature fails to work with IPsec and SSL VPN tunnel.
868931	If user attempts to connect to SSL VPN using incorrect credentials for the second time, FortiClient (Windows) does not notify the user of incorrect credentials and is stuck in an idle state.
870035	Machine IPsec VPN with signature certificate authentication and user autoconnect IPsec VPN with preshared key does not work.
871091	`tunnel-connect-without-reauth` for SSL VPN does not reconnect automatically.
872132	If FortiClient (Windows) cannot reach the first remote gateway, it fails to connect to the redundant VPN tunnel and the connection is stuck at 10%.
872237	Per-user autoconnect with redundant VPN gateways does not work if Enable Invalid Server Certificate Warning is on.

Malware Protection and Sandbox

Bug ID	Description
606634	FortiClient fails to remove quarantined files after days configured with cullage option.
650383	Number of blocked exploits attempts does not work properly.
730172	FortiClient causes VMware Horizon Agent to disconnect from VMware Connection Server.
758665	Antiexploit protection list does not include Chrome and Firefox.
784126	FortiClient (Windows) shows antiexploit bubble message when the option is disabled in the EMS profile.
784306	FortiClient causes blue screen of death (BSOD) when ACR1281 card reader is plugged in.
817933	Antiransomware fails to recover files that W32/GenKryptik.FQWI!tr.ransom ransomware encrypted.
820068	FortiClient on Lenovo laptop with mobile WWAN results in BSOD at login.
820511	Promethean ActivBoard does not work with FortiClient.
820565	FortiClientVirusCleaner.exe has Failed to download supporting files error.
826055	FortiDeviceGuard causes BSOD.
857482	FortiClient (Windows) built-in AV engine is not updated to 6.00282.
859749	Antiransomware feature fails to detect W64/Filecoder.EJ!tr.ransom ransomware.

Zero Trust telemetry

Bug ID	Description
837859	FortiClient (Windows) has issues connecting to EMS after upgrade.

Avatar and social login information

Bug ID	Description
729140	FortiClient (Windows) fails to allow login with Google, LinkedIn, or Salesforce.
802471	`enable_manually_entering` parameter does not work.
825913	FortiClient (Windows) reports system user changes to EMS inconsistently.

Endpoint management

Bug ID	Description
770637	FortiClient (Windows) cannot unquarantine endpoint with one-time access code.

Logs

Bug ID	Description
713287	FortiClient (Windows) does not generate local logs for ZTNA.
873945	FortiClient (Windows) logs disconnecting from SSL VPN to FortiAnalyzer as a connection in security event logging.

Administration

Bug ID	Description
798055	JavaScript error occurs in the main process

Performance

Bug ID	Description
827743	Corporate endpoints experience BSOD after FortiClient installation. Non-corporate endpoints do not experience BSOD.

Other

Bug ID	Description
850528	FortiClient (Windows) does not always get IPv4 address from https://ipify.org.

Znane problemy do rozwiązania (FortiClient EMS 7.2.0):

Multitenancy

Bug ID	Description
777642	Global site does not list FortiCloud license- and account-related logs.
816600	Non-default site database does not update EMS serial number after new license upload.
820803	License distribution modal shows incorrect information.
868478	FortiSASE input field is invisible for future license when the current FortiSASE is deselected in the add/edit site form.

Dashboard

Bug ID	Description
817485	Drilldown on macOS vulnerability includes unrelated vulnerabilities.
821570	Vulnerability count on vulnerability widgets does not match the actual number of vulnerabilities.

Endpoint management

Bug ID	Description
786738	Anti-Ransomware Events tab is visible after disabling the feature in Feature Select.
792447	EMS fails to show zero trust network access (ZTNA) feature in endpoint details enabled/disabled features section.
792652	EMS cannot delete domain.
798409	EMS does not display detected paths of vulnerabilities.
823047	After upgrading from 6.4.4 to 7.0.4, FCM Events table grows exponentially.
831108	User cannot download PDF report of Cloud Sandbox events on EMS.
831359	Forensics Analysis Download Report option opens the report instead of downloading it.
836134	Inverse selection with ! does not work for deployment package, profile, and features under All Endpoints view.
845739	VMware clones in EMS duplicate UUID.
861603	Cloud Sandbox scan event details are not visible.
868104	FortiClient does not reconnect to EMS after deploying 7.2.0 Beta 1 over 7.0.7 GA.
874908	Moving device in workgroup shows error.

Endpoint policy and profile

Bug ID	Description
466124	User cannot change `<nat_alive_freq>` value.
826013	Setting Vulnerability Scan patch status to Not does not work.
826940	EMS does not save `<temp_whitelist_timeout>` in an endpoint profile.
833819	Backing up configuration files on FortiClient Cloud results in import errors.
868534	Web Filter profile synced from FortiGate keeps disabled status links in the exception list.

License

Bug ID	Description
823690	EMS includes Removable Media Access feature when using ZTNA user-based license.
827875	Non-default site’s License information page shows irrelevant license information.
828944	EMS does not show A new license has been detected… if synced with FortiCloud account.
834686	Allocating license to site resets if changes are done to default site license.
846993	Multitenancy-enabled EMS removes license from multiple sites.
868174	EMS shows features for future license.

Fabric devices

Bug ID	Description
850144	FortiClient Cloud connection fails during HA failover.

Zero Trust tagging

Bug ID	Description
810778	FortiClient tag information is not shared equally to connected FortiGate Fabric devices.
843774	ZTNA monitor shows VPN connected IP address when IP address range matches with LAN IP address.
875503	Error 400 „Can only enable up to 10 rules set” displays while trying to reenable EMS ZTNA tag.

Deployment and installers

Bug ID	Description
714496	FortiClient Cloud upgrade keeps installer on instance and causes disk to have no space.
764999	EMS does not list FortiClient versions in official installer list if FortiGuard distribution server (FDS) blocks EMS from downloading said versions.
783690	The system does not prompt for reboot after user login.
824936	EMS fails to deploy FortiClient when manually created FortiClient installer is updated.
874652	After updating the FortiClient version on an assignable installer on FortiClient Cloud, the zip file contains installers for both versions.
878308	EMS displays incorrect date for next scheduled scan.

System Settings

Bug ID	Description
753951	EMS does not recognize disabling Use FortiManager for client software/signature updates > Failover.
820889	FortiGuard services setting for FortiManager selector switch shows as disabled after configuring and logging out of EMS.
829631	User cannot disable Delete Timeout option.
861109	EMS does not send email alerts for AD events.

Logs

Bug ID	Description
827295	FortiClient cannot connect to FortiClient Cloud.
856952	FortiClient EMS is missing update daemon logs.
871050	EMS does not send FortiClient logon message offline to syslog server (FortiAuthenticator).

Administration

Bug ID	Description
828490	Permission Denied : Your permissions might have been updated error message displays for all admin roles.
867746	Deleting large domain quickly fails.

Performance

Bug ID	Description
759729	Possible slow httpd file handle leak.

HA

Bug ID	Description
824066	spHAKeepAlive deadlock causes failover.
860787	With always on high availability (HA) on multitenancy-enabled in multisubnet environment, FCEMS_monitor stops and EMS loses all configured license seats.
860903	The \\FCM_Default_Filesync\\ directory increases in size until space is exhausted. This causes the EMS consoles to change nodes.

ZTNA connection rules

Bug ID	Description
838317	ZTNA status display should be updated in endpoint details.
868825	ZTNA service portal does not allow for external browser for SAML authentication.

Endpoint control

Bug ID	Description
857179	EMS sends `FCKARPLY: CONT\|0` if DAS cannot access the database.
863131	GUI does not show quarantine files or shows inconsistent ones.

GUI

Bug ID	Description
717433	Patching a vulnerability for a specific endpoint patches it on others.
819205	License widget shows Forensic license as NaN used of X when no license is in use.
870219	EMS deployment only shows domain netbios name under endpoint groups.
871491	Deselecting an item from item list removes the deselected item.

Avatar and social login information

Bug ID	Description
830117	EMS fails to update email address from personal information form in FortiClient.

FortiGuard outbreak alert

Bug ID	Description
819025	With multiple sites, EMS fails to display FortiGuard outbreak detection rules downloaded from FDS.

FortiClient Cloud API

Bug ID

Description

585763

User cannot log in to FortiClient Cloud if they are using the same browser for login to on-premise EMS.Workaround: Clear the browser client cache or use a different browser.

832144

User cannot call APIs in FortiClient Cloud.

Workaround: Clear the browser client cache or use a different browser.

Other

Bug ID	Description
766163	Browser causes FortiClient Cloud issues.
847870	FortiClient Cloud does not include packaged installer when sending email invitation.
868556	EMS is missing newly added signature information in FortiGuard signature information page.

Znane problemy do rozwiązania (FortiClient 7.2.0):

Application Firewall

Bug ID	Description
814391	FortiClient Cloud application signatures block allowlisted applications.
827788	Threat ID is 0 on Firewall Events.
844997	FortiClient loses several packet on different internal resources after connecting telemetry.
853451	FortiClient blocks PIA VPN.
853808	FortiClient (Windows) blocks Veeam with messages related to Remote.CMD.Shell and VeeamAgent.exe.
860062	Application Firewall slows down opening of Microsoft Active Directory Users and Computers application.

Configuration

Bug ID	Description
730415	FortiClient backs up configuration that is missing locally configured ZTNA connection rules.

Endpoint control

Bug ID	Description
753151	Updating endpoint status from endpoint notified to deployed takes a long time.
804552	FortiClient shows all feature tabs without registering to EMS after upgrade.
815037	After administrator selects Mark All Endpoints As Uninstalled, FortiClient (Windows) connected with verified user changes to unverified user.
821024	FortiClient fails to send username to EMS, causing EMS to report it as different users.
827200	EMS displays no user for some devices.
833717	EMS shows endpoints as offline, while they show their own status as online.
834162	LDAP query for Active Directory group check does not execute.
841764	EMS does not show third-party features in endpoint information.
855851	EMS remembered list shows FQDN duplicates.
878514	FortiClient cannot get tenant ID after EMS administrator deploys FortiClient 7.2.0 over 7.0.7 from the EMS server.
879108	EMS considers the endpoint as on-Fabric when it does not meet all rules in an on-Fabric detection rule set.

Endpoint management

Bug ID	Description
836134	Inverse selection with ! does not work for deployment package, profile, and features under All Endpoints view.

GUI

Bug ID	Description
847903	Console stops working on Citrix servers with ntdll.dll crash.

Install and upgrade

Bug ID	Description
749331	Windows Security setting in Windows displays FortiClient is snoozed when FortiEDR is installed.
769639	FortiDeviceGuard is not installed on Windows Server 2022.

Zero Trust tags

Bug ID	Description
819120	Zero trust tag rule for Active Directory group does not work when registering FortiClient to EMS with onboarding user.

Malware Protection and Sandbox

Bug ID	Description
820098	Sandbox does not release blocked file.
828862	FortiClient does not allow virtual CD-ROM device.
831560	GUI shows ransomware quarantined files after restoration via EMS.
833264	Antiexploit blocks Chrome without sharing payload details.
844962	FortiClient (Windows) does not block phone mobile storage when default removable media access is set to block.
844988	FortiClient (Windows) does not block USB drive with attempt to copy contents even if WPD/USB is set to block in profile.
857041	Windows 10 security center popup shows FortiClient and Windows Defender are off.
861296	AV scan exclusion list does not work for shared/network drive files.
863802	FortiClient (Windows) cannot detect SentinelOne when they have product on OS level.
876925	Antiexploit protection blocks Microsoft signing application in Chrome.

Remote Access

Bug ID	Description
728240	SSL VPN negate split tunnel IPv6 address does not work.
728244	Negate split tunnel IPv4 address does not work for dual stack mode using IPv6 access.
730756	For SSL VPN dual stack, GUI only shows IPv4 address.
755105	When VPN is up, changes for IP properties-> Register this connection’s IP to DNS are not restored after VM reboot from power off.
762986	FortiClient (Windows) does not use second FortiGate to connect to resilient tunnel from FortiTray if it cannot reach first remote gateway.
763611	If dual stack is enabled and user connects tunnel with IPv6 and tunnel is established successfully, then the user tries to access IPv4 server to upload/download files, the network speed is slow.
773920	Endpoint switches network connection after IPsec VPN connection, causing VPN to disconnect.
775633	Priority based IPSec resiliency tunnel, auto failover to second remote gateway doesn’t work
783412	Browser traffic goes directly to ZTNA site when SSL VPN is connected.
795334	Always up feature does not work as expected when trying to connect to VPN from tray.
811458	FortiClient (Windows) cannot connect to SSL VPN after installing Windows update KB5013942.
814488	SSL VPN with `<on_os_start_connect>` enabled does not work when the machine is put into sleep mode and changes networks.
821879	VPN autoconnect does not work with IKEv2 IPsec VPN and user certificates.
824674	After connecting to VPN with VPN before logon option, FortiClient tray icon menu shows Connect to [VPN name] instead of Disconnect.
834604	Upgrading FortiClient (Windows) free VPN-only client to the latest build removes VPN tunnels.
835042	After upgrading FortiClient (Windows), OpenVPN connection fails while FortiClient (Windows) VPN runs with application-based split tunnel enabled.
837861	Always up fails to keep SSL VPN connection up when endpoint is left idle overnight.
838030	Citrix application shows blank pages on SSL VPN tunnel.
838231	Users fail to connect when using SAML authentication with SSL VPN.
841144	Users disconnect from VPN after screen locks on endpoint.
841641	File/print server stops replying to pings.
841970	GUI gets stuck while connecting SAML SSL VPN with Azure AD and Duo (multifactor authentication).
842560	FortiClient disables PolicyAgent and IKEEXT services when connecting to dial-up IPsec VPN.
843122	Daily error (-6005) occurs with SAML SSL VPN.
847990	Network adapter keeps DNS registration disabled after FortiClient (Windows) disconnects from SSL VPN.
850494	VPN fails to connect at 98% to hotspot/Wi-Fi when dual stack is enabled.
850822	FortiClient cannot connect to IPsec VPN if multiple Diffie-Hellman groups are selected.
851093	IPv6 DNS requests do not work.
852507	When connecting to SSL VPN using FortiSSLVPNclient.exe, the VPN adapter IP address is incorrect.
853368	The assigned SSL VPN IP address appears in GUI but is not assigned to SSL VPN FortiClient (Windows) virtual interface.
854237	FortiClient fails to connect at 98% when connecting to hot spot/Wi-Fi when dual stack is enabled on gateway device.
858696	FortiClient cannot connect to SSL VPN with SAML via Satelite ISP.
859061	Azure autologin des not work.
859703	FortiClient (Windows) cannot reconnect to SSL VPN without credentials.
861231	VPN configured with `<on_os_start>` does not start on Windows Server.
863138	TapiSrv does not run.
877314	EMS-configured autoconnect tunnel does not have higher priority than a user’s previously selected autoconnect tunnel.
877320	Autoconnect on install is not triggered if FortiClient is installed and registered to EMS during the same Windows logon session.
877640	If FortiClient is registered to EMS, IPsec VPN tunnel fails to connect when it is configured to connect on OS start.
877917	FortiClient Cloud SSL VPN is stuck at 40% to connect with FortiProxy enabled.
878070	After device wakes from sleep, FortiClient intermittently grays out SAML button.
878291	After registering to EMS using FortiSASE invitation code, FortiClient shows unable to reach tunnel gateway error.
878652	VPN secure remote access notification prompt displays multiple times with cutoff text.
878880	VPN drops between FortiClient and FortiGate if Dead Peer Detection is selected.

Vulnerability Scan

Bug ID	Description
849485	FortiClient wrongly detects AnyDesk vulnerabilities CVE-2021-44426 and CVE-2021-44425.
859508	FortiClient detects wrong vulnerability in patched AutoCAD software.

Logs

Bug ID	Description
849043	SSL VPN add/close action does not show on FortiGate Endpoint Event section.
857784	FortiClient (Windows) cannot send OS logs/system events to FortiAnalyzer.

Web Filter and plugin

Bug ID	Description
776089	FortiClient (Windows) does not block malicious sites when Web Filter is disabled.
825633	Error revokes certificate accessing outlook.office365.com using Web Filter.
829265	Endpoint displays Microsoft Teams offline error.
836906	After FortiClient install, extended uptime results in audio cracking.
842966	Web Filter fails to activate when off-fabric.
859979	FortiClient blocks web browsing traffic which Web Filter allows.

Avatar and social network login

Bug ID	Description
830117	EMS fails to update email address for endpoint from personal information form in FortiClient (Windows).
831366	EMS does not show correct username if user logs in with Google or Linkedin cloud service or chooses user input.
878050	FortiClient avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

License

Bug ID	Description
830899	FortiClient (Windows) loses license.

ZTNA connection rules

Bug ID	Description
814953	Using an external browser for SSH ZTNA requires restarting FortiClient on Windows 11.
831943	ZTNA client certificate is not removed from user certificate store after FortiClient uninstall.
836246	Going from off-Fabric to on-Fabric does not stop the ZTNA service and keeps endpoint from connecting.
839589	ZTNA TCP forwarding not working for GoAnywhere application.
860430	ZTNA web server displays certificate error when browsing inside of application.
871342	Allow ZTNA error message showing on browser to be configurable.
877128	User in different country cannot create a ZTNA tunnel.

FSSOMA

Bug ID	Description
854882	FortiClient (Windows) does not send EMS tenant ID to FortiAuthenticator.
861953	Single sign-on mobility agent (SSOMA) does not send ID to FortiAuthenticator.
862021	Local account can access Internet if FortiClient SSOMA logged-in AD user locks the screen.

Onboarding

Bug ID	Description
811976	FortiClient (Windows) may prioritize using user information from authentication user registered to EMS.
819989	FortiClient (Windows) does not show login prompt when installed with installer using LDAP/local verification.

Other

Bug ID	Description
834389	FortiClient has incompatibility with Fuji Nexim software.
835743	Windows does not boot up after Windows updates.
865938	FortiClient causes RPC service unavailable error and blank screen when trying to connect via RDP to the server.

Notatki producenta: FortiClient 7.2.0

Pozdrawiamy,

Zespół B&B
Bezpieczeństwo w biznesie

Post Views: 4 096

FortiClient forticlient 7.2 forticlient ems