Softpedia >Windows >Security >Security Related >FortiClient >  Changelog

FortiClient Changelog

What's new in FortiClient 7.0.0.0029

Jul 26, 2021
  • Zero Trust Agent with Multi-factor Authentication (MFA):
  • The Zero Trust Agent supports ZTNA tunnels, single sign-on (SSO), and device posture check to FortiOS access proxy

New in FortiClient 6.4.3.1608 (Feb 11, 2021)

  • GUI:
  • Add error message when FortiClient tries to connect to FortiClient Cloud 6.2.
  • GUI displays incorrect logs settings compared to EMS profile logs settings.
  • Rename Security Fabric Agent to Zero Trust Fabric Agent.
  • Two tokens are delivered via email when moving cursor with Tab key and clicking Connect button.
  • FortiClient should show SASE tunnel under SASE SIA heading, not Corporate VPN.
  • Endpoint control:
  • FortiClient does not report error message when it fails to register to FortiClient Cloud with invitation code.
  • FortiClient (Windows) keeps reregistering to EMS with a different UID and generates duplicated record in EMS.
  • Malware Protection and Sandbox:
  • FortiClient cannot get signature from FortiManager using HTTPS due to certificate check failure.
  • Attempts to restore quarantined files from USB drives fail.
  • Antiransomware feature causes DNS queries to fail, affecting several applications.
  • Antivirus does not register to Windows Security Center on Windows 10.
  • Remote Access:
  • IPsec VPN-connected client registers local adapter IP address to DNS server, causing FSSO and client traffic to fail.
  • FortiClient (Windows) cannot connect SSL VPN tunnel using Azure identity provider for SAML.
  • Windows restart does not remove SSL VPN tunnel established by VPN before logon.
  • When registering FortiClient (Windows) to 6.4.2 EMS, IPsec VPN tunnel that EMS pushed does not work properly.
  • Auto-Connect only when Off-Fabric does not work.
  • Application-based split tunnel only works on Windows 10.
  • Autoconnect and always up features do not work.
  • Autoconnect does not work properly.
  • Web Filter and plugin:
  • Web FIlter violations table only lists last blocked URL.

New in FortiClient 6.2.4 Build 0931 (Feb 28, 2020)

  • Fabric Telemetry:
  • On-net profile is seen after bootup in an off-net network.
  • Install and upgrade:
  • Uninstall option disappears on Control Panel > Programs and Features.
  • Windows Server 2012 randomly crashes and shows blue screen of death (BSOD) after FortiClient (Windows) installation.
  • FSSO:
  • FortiClient (Windows) Mobility Agent and PC virtual Ethernet interfaces.
  • Remote Access:
  • FortiClient (Windows) will rekey after FortiGate rekey a few seconds later.
  • FortiClient (Windows) does not trust certificates that Windows trusts.
  • IPsec VPN autoconnect does not connect with certificate authentication.
  • Other:
  • FortiClient (Windows) causes BSOD due to FortiShield.
  • FortiSheld blocks FortiClient.exe from changing registry.
  • FortiProxy blocks web application.

New in FortiClient 6.2.3 Build 0912 (Feb 7, 2020)

  • Application Firewall:
  • Application Firewall performance issues.
  • After upgrading FortiClient (Windows), ping responses are delayed.
  • Endpoint control:
  • FortiClient (Windows) does not send avatar to FortiAnalyzer.
  • FortiESNAC.exe high memory usage.
  • FortiClient (Windows) Telemetry timer does not work properly.
  • Cannot shut down FortiClient (Windows) after unregistering from EMS.
  • FortiClient (Windows) Telemetry gets stuck in syncing state after user tries to manually register to EMS.
  • Install and upgrade:
  • Installer created in EMS does not include uninstall action.
  • GPO update fails due to FortiClient (Windows) FortiShield blocking modification of a registry key.
  • BSOD occurs when FortiClient (Windows) is installed with Safetica data loss protection software.
  • Fct_secsvr is not properly installed after deploying a FortiClient (Windows) upgrade.
  • FortiClient (Windows) /uninstall does not work via the CLI.
  • Installation error due to dependency on Internet Explorer 8.
  • FortiClient (Windows) loses settings after upgrade on x86 platforms.
  • Malware Protection:
  • Cloud malware scan daemon must remove license check.
  • FortiClient (Windows) does not start scan on USB insertion post-reboot.
  • Remote Access:
  • FortiClient (Windows) registers all interface IP addresses to the DNS server when SSL VPN tunnel is up.
  • FortiClient (Windows) does not use correct SSL VPN split DNS server.
  • FortiClient (Windows) displays issues when connecting to VPN.
  • FortiClient (Windows) cannot connect to VPN using a saved username.
  • Token request popup does not appear when in lock screen for VPN before logon.
  • VPN client does not learn all routes specified in SSL VPN portal with split tunnel or SSL VPN IPv4 policies when pushing approximately 1000 routes.
  • FortiClient (Windows) provides SHA1 cipher only for SSL VPN.
  • SSL VPN disappears from FortiTray.
  • Sandbox:
  • FortiClient (Windows) Sandbox fails to apply new Sandbox Detection level after EMS updates Sandbox Detection level.
  • FortiClient (Windows) fails to update Sandbox state when Sandbox disables authorization for the Sandbox.
  • Vulnerability Scan:
  • Vulnerability Scan does not always scan on next startup if off during scheduled scan time.
  • Other:
  • FortiClient (Windows) fails to open after clicking the FortiTray icon.
  • Cannot quit FCDBLog.exe.
  • FortiClient (Windows) system tray crashes.
  • Original FortiClient (Windows) configuration files are deleted after restoring the configuration.

New in FortiClient 6.2.2 Build 0877 (Dec 20, 2019)

  • Avatar:
  • After upgrading FortiClient, the user avatar is missing on both FortiClient and EMS.
  • Endpoint control:
  • FortiClient does not register to new FortiGate when EMS changes/updates its gateway list.
  • FortiESNAC causes endpoint to query for domain name.
  • FortiClient (Windows) fails to register to other reachable EMS in EMS list if current one becomes offline.
  • FortiClient can get stuck while synchronizing and never receive profile.
  • FortiClient still reports its state as offline/onnet when unregistered from EMS.
  • FortiClient fails to connect or disconnect to EMS.
  • Install and upgrade:
  • Light installer should not work on any clients registered to EMS.
  • Should remove VPN-only in applications and features after installing full version over free client.
  • Malware Protection:
  • FortiClient AV cannot quarantine files on Remote Desktop Session host with User profile disk.
  • FortiClient AV causes PC to become unusable when opening Microsoft Outlook.
  • Observed memory leak by Fortiae.exe.
  • FortiClient fails to send avatar to EMS.
  • Remote Access:
  • Toggling Prefer SSL VPN DNS setting from Enabled to Disabled does not clear the DNS entries for local adapters.
  • FortiClient does not connect to IPsec VPN if multiple Diffie Hellman groups are selected.
  • Failed to see VPN before logon option on Windows 10 x64 1803 with fresh FortiClient install.
  • With proxy server in the middle, SSL VPN tunnel requires that a machine certificate can bypass it.
  • User Name is empty on GUI after VPN is up.
  • Remote Access cannot display tunnel and related information after disconnecting.
  • Tunnel with RegEx as certificate filter fails to make VPN connection from FortiTray after clicking Connect first time.
  • VPN before login feature does not work on Windows 10 LTSB.
  • FortiClient (Windows) fails to make VPN connect with certificate in current user or without certificate on Windows 7.
  • FortiClient (Windows) should not allow VPN connection from FortiTray after free three-day VPN access.
  • Sandbox:
  • FortiSandbox does not scan attachments opened from Microsoft Outlook 2016.
  • FortiClient with FortiSandbox setting Blocking File Access on Mapped Drive when using PDF 995 application.
  • FortiClient sends incorrect checksum for detected Sandbox Cloud quarantined files.
  • Vulnerability Scan:
  • FortiClient fails to patch vulnerability for Java JRE 8.0.1310.11.
  • FortiClient fails to update vulnerabilities to EMS without starting new VCM scan.
  • Web Filter:
  • FortiClient Web Filter warning page Proceed button does not work.
  • FortiClient (Windows) treats rated websites as unrated URLs and blocks them.
  • FortiClient Web Filter marks Lifesize application/URL under hacking and blocks it.
  • Web Filter does not block http://www.google.com/drive.
  • Other:
  • Severe network degradation (extremely slow network) on Windows VM when FortiClient is loaded.
  • FortiClient diagnostic tool does not do anything if FortiClient is not installed.
  • FortiClient System Tray Controller has memory leak and high CPU.
  • FortiAnalyzer is missing FortiClient logs.
  • Host Tag Monitor should not tag applications excluded from vulnerability compliance check.
  • FortiClient does not send assigned policy to FortiAnalzyer.
  • FortiClient reports to FortiAnalyzer that endpoint quarantine and endpoint control state change every two minutes.
  • BSOD was observed with FortiClient with crash inside fortiaptfilter.sys.
  • You can delete files in FortiClient folder even if FortiShield is running.
  • 583073
  • FCDblog.exe process keeps crashing on Windows 10 x64 platform when FortiClient is registered to EMS.
  • FortiClient sends garbled social info to FortiAnalyzer.
  • FortiTray does not run after EMS deployment.

New in FortiClient 6.2.0 (May 17, 2019)

  • Expanding Fabric family:
  • This section lists the new features added to FortiClient and EMS for the expanding Fortinet Security Fabric family:
  • Dynamic endpoint grouping/tagging and EMS connector (endpoint compliance)
  • Software Inventory logging to FortiAnalyzer
  • Remote logging support for FortiClient (Linux)
  • Automated syncing of the FortiGate Web Filter profile

New in FortiClient 6.0.5 build 0209 (Mar 25, 2019)

  • Updated description of Auto Connect in Save password, auto connect, and always up.

New in FortiClient 6.0.3.0155 (Oct 24, 2018)

  • Split DNS support for SSL VPN:
  • FortiClient (Windows) now supports split DNS tunneling for SSL VPN.
  • Basic USB device control:
  • You can use the USB device control feature to restrict access to USB ports on endpoints
  • Malware Protection:
  • The following issues have been fixed in version 6.0.3.:
  • FortiClient (Windows) AV causes compilation error.
  • Black screen for a few minutes after login/logoff.
  • FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button
  • Shows it as valid.
  • FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more
  • Than X days ago, regardless of version.
  • AV RTP does not register to the Security Center in Windows 10 RS5.
  • Skype-received files do not trigger Sandbox scan.
  • Able to delete/restore quarantine file via virus alert popup when managed via EMS.
  • FortiClient (Windows) failed to block USB access for the first insertion when using the system
  • Built-in policy to block USB access.
  • Web Filter:
  • Safe Search does not work.
  • FortiClient (Windows) Web Filter enable/disable setting change failed to apply.
  • Application Firewall:
  • Application Firewall cannot be set to invisible.
  • Remote Access:
  • 404746 SSL VPN with certificate authorization does not work from tray, but works from console.
  • 450272 IPsec resiliency error message '"failed to launch IPsec service".
  • 472223 Unable to select certificate for SSL VPN.
  • 486712 Connecting to FortiGate clears authorized machine configuration (NAC node).
  • 496190 Current personal VPN vibrates back to others in dual registration mode.
  • 504185 FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN
  • failure.
  • 508186 Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel.
  • 508392 With IPv6 as remote gateway, custom port changes to the default after editing/saving.
  • 508400 Failed to remove split tunnel.
  • 510060 Save password, Auto-connect, and Always up do not display when VPN is down.
  • 510375 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username
  • or password).
  • 510748 If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x
  • completes, but FortiClient (Windows) does not work after reboot.
  • 510860 If Prompt on connect is selected, certificate filter does not work properly.
  • 510945 Right-click is not working for username and password VPN fields.
  • 511084 RSA new PIN mode does not work for IPsec v4/v6 tunnel.
  • 511100 FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is
  • registered to FortiGate.
  • 511110 FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray.
  • 511844 FortiClient (Windows) failed to show IP address for IPsec VPN.
  • 513171 FortiClient (Windows) not displaying actual username used for SSL VPN tunnel.
  • 513802 FortiClient (Windows) should report that VPN connection failed after two wrong passwords.
  • 514666 Connected SSL VPN failed to display tunnel info when password contained special characters.
  • 516090 FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2.
  • 516156 Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key.
  • 516469 Should not display certificate dropdown for tunnel without certificate configured.
  • FortiClient (Windows) malware GUI says malware is quarantined when it is not.
  • Default tab not working.
  • Vulnerability schedule scan weekly is undefined in GUI.
  • Install and upgrade:
  • GUI is blank.
  • Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0.
  • Update Diagnostic Tool's collected information.
  • Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled.
  • Fortitray.exe running PowerShell error prompt.
  • Unable to open FortiClient (Windows) GUI in Windows 10 Education.
  • Install and uninstall:
  • FortiClient (Windows) has many leftover files after uninstallation.
  • Other:
  • Remembered FortiGate list needs to refresh after clicking Forget.
  • MSFT_HW_API does not survive ephemeral Microsoft service outages

New in FortiClient 5.6.0.1075 (Jun 19, 2017)

  • Updated to add support for FortiSandbox 2.4.0

New in FortiClient 5.4.2.0860 (Jan 18, 2017)

  • Removed 389753 from Resolved Issues.
  • Added 389240 and 390356 to Resolved Issues.
  • Moved 295413 to Known Issues.
  • Updated description of 390265.
  • Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7

New in FortiClient 5.4.1.0840 (Jan 18, 2017)

  • Added special notice about FortiClient upgrade on Windows XP

New in FortiClient 5.4.0.0780 (Dec 9, 2015)

  • FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
  • Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
  • When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.
  • FortiSandbox Integration:
  • FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
  • FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
  • As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
  • This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).
  • Web Filtering:
  • Enhanced Real-Time Protection Implementation :
  • The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.
  • Web Filtering:
  • Web Browser Usage and Duration:
  • If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
  • l Anestimateofthedurationorlengthofstayonthewebsite
  • These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
  • from various endpoints may be viewed in FortiView.
  • This feature requires FortiAnalyzer 5.4.0 or newer.
  • VPN:
  • Authorized Machine Detection:
  • For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
  • l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
  • l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
  • The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
  • This applies to FortiClient (Windows) only.
  • New SSL VPN Windows Driver
  • The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
  • Endpoint Control What’s New in FortiClient (Windows) 5.4.0
  • New IPsec VPN Windows Driver:
  • FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.
  • Endpoint Control:
  • Integration with the New Enterprise Management Server
  • The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
  • FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
  • FortiGate Network Access Control with EMS Integration:
  • When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
  • This feature requires FortiOS 5.4.0 or newer.
  • Quarantine an Infected Endpoint from the FortiGate or EMS
  • A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
  • Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
  • The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.
  • FortiClient GUI:
  • This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
  • Importing FortiGate CA Certificate after Endpoint Control Registration
  • When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
  • When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
  • The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.
  • Enhancement to On-net/Off-net Configuration:
  • The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
  • There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.
  • FortiClient will be on-net if:
  • Otherwise, it is off-net.
  • FortiClient GUI AntiVirus Settings Page:
  • With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.
  • The following may be selected on the AV settings page:
  • FortiClient (Windows) 5.4.0:
  • The use of FortiSandbox requires that file scanning is enabled.
  • FortClient Banner Design:
  • If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.
  • Logging:
  • Enhancement to FortiClient Logs
  • FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.

New in FortiClient 5.2.4.0650 (Aug 18, 2015)

  • Windows 10 Support:
  • FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
  • OpenSSL Library:
  • The OpenSSL library has been updated to the latest version 1.0.2d.
  • Quarantine Endpoint from FortiGate:
  • FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.

New in FortiClient 5.2.3.0633 (May 6, 2015)

  • Log upload to Syslog server:
  • FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
  • OpenSSL library:
  • The OpenSSL library has been updated to the latest version 1.0.1k.

New in FortiClient 5.2.0.0591 (Jul 30, 2014)

  • Antivirus
  • Malware cleanup in safe mode:
  • Malware that is already on a Microsoft Windows computer system that could not be removed in normal mode, may be removed by running FortiClient in safe mode. Only the FortiClient Antivirus feature is available in safe mode. Full or custom antivirus scans can be started from while in safe mode. The resulting log files and any quarantined files, will be available both in safe mode, as well as after returning to normal mode.
  • The FortiClient installer always runs a quick antivirus scan on the target host system before proceeding with the installation. In case a virus on an infected system prevents downloading of the new FortiClient package, you can boot into safe mode, run the FortiClient installer to scan and quarantine the virus or malware, and then proceed with the installation.
  • Protection against security threats in URLs has moved to the Antivirus module:
  • Malicious and Phishing URLs were previously configured and blocked as part of the Web Filtering feature. These are in the Security Risk category. This category has now been moved to become part of the Antivirus feature. When a custom FortiClient installation is created without the antivirus module, these threats are blocked by the Web Filtering feature.
  • View real-time protection events in the console:
  • When an antivirus real-time protection event has occurred you can select to view these events in the FortiClient console. Select AntiVirus > Threats Detected and select Real-time Protection events. The realtime_scan.log will open in the default viewer.
  • Removable media scan:
  • In FortiClient v5.2 you can select to perform an antivirus scan of all connected devices with removable storage. Select AntiVirus > Scan Now > Removable media Scan to scan these connected devices. When performing a Full Scan, removable storage is also scanned.
  • One-click button to enable antivirus:
  • In the FortiClient console, you can enable the antivirus feature using a single button visible in the header. This is convenient in the event that you are on a tab other than the Antivirus tab. The button is visible only when Realtime Protection is disabled.
  • Web Filtering
  • Manual URL filter list support:
  • FortiClient now supports URL filters configured in the FortiOS security profile and applied to the FortiClient Profile.
  • Web Security:
  • FortiClient Parental Control has been renamed Web Security. When FortiClient is registered to a FortiGate, Web Security is named Web Filter.
  • VPN
  • VPN over IPv6:
  • VPN connections to the FortiGate can be established on a network that is configured with IPv6. New connections may be configured from the FortiClient console or through the XML configuration file. IPv6 is supported for IPsec and SSL VPN.
  • Advanced VPN configuration in the FortiClient console:
  • VPN configurations through the FortiClient console have been simplified since FortiClient v5.0. Only a few configuration entries were required and advanced configuration required use of the XML configuration file. In FortiClient v5.2, you can access IPsec VPN advanced settings in the FortiClient console. These advanced settings are useful when setting up connections to an IPsec VPN server other than a FortiGate.
  • Simplified FortiClient console for VPN only installations:
  • FortiClient features may be customized in one of three ways:
  • In the standard FortiClient installer,
  • In the FortiClient Configurator tool,
  • In the FortiGate FortiClient Profile, you can turn off and hide unused features.
  • When only the VPN feature is selected with any of these three methods, FortiClient will present a simplified console, with no tabs on the left-hand side.
  • VPN auto-connect based on DHCP off-net determination:
  • VPN auto-connect ensures that FortiClient creates a VPN connection to the FortiGate when considered to be off-net. A site administrator, who has configured Endpoint Control on their FortiGate, may choose to enable VPN auto-connect in the Endpoint Control profile.
  • Computer endpoints or clients in the network should use the designated DHCP server for IP address assignments. The DHCP server sends a special tag within the protocol to identify if the client is on-net or off-net. The on-net status indicates that the endpoint is within the corporate network protected by the FortiGate.
  • When the client is off-net, FortiClient will automatically attempt to establish a VPN connection to the VPN server indicated in the FortiGate Endpoint Control configuration. When the client is on-net, no VPN connection is required.
  • VPN auto-connect improvements:
  • VPN auto-connect/always-up regardless of how the VPN connection ended.
  • Application Firewall
  • Updated Application Firewall Engine:
  • FortiClient now uses a common Application Firewall detection engine with FortiOS. This provides enhanced detection coverage. Signatures configured in the FortiGate security profile are available to FortiClient.
  • When the application being blocked is web-based, a message is displayed to the user in the web browser. For non-browser applications, a system tray notification is displayed. Notifications are disabled by default to reduce distractions to every day use of the system.
  • Endpoint Control
  • Improvements to the Endpoint Control page:
  • The FortiGate Endpoint Protection > FortiClient Profiles page has been simplified. VPN auto-connect based on DHCP off-net determination.

New in FortiClient 5.0.6.320 (Oct 4, 2013)

  • Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
  • Improved usability of the repackager tool
  • Repackaged clients can be upgraded
  • Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.

New in FortiClient 5.0.0.161 (Nov 28, 2012)

  • Antivirus and Antimalware:
  • Protection against the latest virus, grayware (adware/riskware) threats.
  • Client antivirus is free, and auto updates every three hours.
  • Application Firewall:
  • Block, allow, and monitor applications that send traffic to the network.
  • Bring Your Own Device (BYOD)
  • Diagnostic Tool
  • Enhancements to the FortiClient dashboard
  • Endpoint Management using FortiGate, including:
  • Automatic endpoint registration. User initiated endpoint registration.
  • Deploy VPN (IPsec/SSL) configuration
  • Enable/disable Antivirus real-time protection.
  • Manage/deploy Web Filtering and Application Firewall configuration.
  • Localization support
  • Parental Control/Web Filter:
  • Block, allow, warn, and monitor web traffic based on category.
  • Remote Access (IPsec and SSL VPN):
  • Secure Virtual Private Network access to your network.
  • Supports multiple gateways for a single tunnel.
  • Rootkit detection and removal
  • Single Sign-On Mobility Agent support with FortiAuthenticator/FSSO Collector Agent
  • Support automatic executing of a custom batch script via an IPsec VPN tunnel
  • Support multiple (maximum 10) gateway IP/FQDN in a single IPsec VPN configuration
  • Support XML configuration
  • VPN from system tray
  • VPN auto connect/always up:
  • Support ability to automatically connect to a VPN tunnel without user interaction
  • Support ability to configure the VPN to always be connected
  • Vulnerability Scan:
  • Identify system and application vulnerabilities.

New in FortiClient 3.0.400 (Feb 20, 2007)

  • Windows XP 64-bit and 2003 Server 64-bit support
  • Windows Vista support
  • Preliminary support for Windows Longhorn Server
  • No need to reboot after installation
  • OCSP support for VPN CRL checking
  • Common Access Card support for VPN
  • New options for AV scanning
  • Submit false positive samples
  • Feature Enhacements
  • Centralized Management, Antivirus, Web-Filtering, AntiSpam, Online Update and Enhanced Quality.