FortiClient 歷史版本列表 Page1

更新時間：2023-11-27
更新細節：

更新時間：2019-12-20
更新細節：

What's new in this version:

Avatar:
- After upgrading FortiClient, the user avatar is missing on both FortiClient and EMS

Endpoint control:
- FortiClient does not register to new FortiGate when EMS changes/updates its gateway list
- FortiESNAC causes endpoint to query for domain name
- FortiClient (Windows) fails to register to other reachable EMS in EMS list if current one becomes offline
- FortiClient can get stuck while synchronizing and never receive profile
- FortiClient still reports its state as offline/onnet when unregistered from EMS
- FortiClient fails to connect or disconnect to EMS

Install and upgrade:
- Light installer should not work on any clients registered to EMS
- Should remove VPN-only in applications and features after installing full version over free client

Malware Protection:
- FortiClient AV cannot quarantine files on Remote Desktop Session host with User profile disk
- FortiClient AV causes PC to become unusable when opening Microsoft Outlook
- Observed memory leak by Fortiae.exe
- FortiClient fails to send avatar to EMS

Remote Access:
- Toggling Prefer SSL VPN DNS setting from Enabled to Disabled does not clear the DNS entries for local adapters
- FortiClient does not connect to IPsec VPN if multiple Diffie Hellman groups are selected
- Failed to see VPN before logon option on Windows 10 x64 1803 with fresh FortiClient install
- With proxy server in the middle, SSL VPN tunnel requires that a machine certificate can bypass it
- User Name is empty on GUI after VPN is up
- Remote Access cannot display tunnel and related information after disconnecting
- Tunnel with RegEx as certificate filter fails to make VPN connection from FortiTray after clicking Connect first time
- VPN before login feature does not work on Windows 10 LTSB
- FortiClient (Windows) fails to make VPN connect with certificate in current user or without certificate on Windows 7
- FortiClient (Windows) should not allow VPN connection from FortiTray after free three-day VPN access

Sandbox:
- FortiSandbox does not scan attachments opened from Microsoft Outlook 2016
- FortiClient with FortiSandbox setting Blocking File Access on Mapped Drive when using PDF 995 application
- FortiClient sends incorrect checksum for detected Sandbox Cloud quarantined files

Vulnerability Scan:
- FortiClient fails to patch vulnerability for Java JRE 8.0.1310.11
- FortiClient fails to update vulnerabilities to EMS without starting new VCM scan

Web Filter:
- FortiClient Web Filter warning page Proceed button does not work
- FortiClient (Windows) treats rated websites as unrated URLs and blocks them
- FortiClient Web Filter marks Lifesize application/URL under hacking and blocks it
- Web Filter does not block http://www.google.com/drive

Other:
- Severe network degradation (extremely slow network) on Windows VM when FortiClient is loaded
- FortiClient diagnostic tool does not do anything if FortiClient is not installed
- FortiClient System Tray Controller has memory leak and high CPU
- FortiAnalyzer is missing FortiClient logs
- Host Tag Monitor should not tag applications excluded from vulnerability compliance check
- FortiClient does not send assigned policy to FortiAnalzyer
- FortiClient reports to FortiAnalyzer that endpoint quarantine and endpoint control state change every two minutes
- BSOD was observed with FortiClient with crash inside fortiaptfilter.sys
- You can delete files in FortiClient folder even if FortiShield is running
- FCDblog.exe process keeps crashing on Windows 10 x64 platform when FortiClient is registered to EMS
- FortiClient sends garbled social info to FortiAnalyzer
- FortiTray does not run after EMS deployment

更新時間：2019-10-03
更新細節：

更新時間：2019-05-17
更新細節：

What's new in this version:

FortiClient 6.2.0
Expanding Fabric family:
- Dynamic endpoint grouping/tagging and EMS connector (endpoint compliance)
- Software Inventory logging to FortiAnalyzer
- Remote logging support for FortiClient (Linux)
- Automated syncing of the FortiGate Web Filter profile


FortiClient 6.0.5.0209
- Change log not available for this version


FortiClient 6.0.4.0182
- Change log not available for this version


FortiClient 6.0.3.0155

Split DNS support for SSL VPN:
- FortiClient (Windows) now supports split DNS tunneling for SSL VPN

Basic USB device control:
- You can use the USB device control feature to restrict access to USB ports on endpoints

Malware Protection:
The following issues have been fixed in version 6.0.3.:
- FortiClient (Windows) AV causes compilation error
- Black screen for a few minutes after login/logoff
- FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button shows it as valid
- FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more than X days ago, regardless of version
- AV RTP does not register to the Security Center in Windows 10 RS5
- Skype-received files do not trigger Sandbox scan
- Able to delete/restore quarantine file via virus alert popup when managed via EMS
- FortiClient (Windows) failed to block USB access for the first insertion when using the system
- Built-in policy to block USB access

Web Filter:
- Safe Search does not work
- FortiClient (Windows) Web Filter enable/disable setting change failed to apply

Application Firewall:
- Application Firewall cannot be set to invisible

Remote Access:
- SSL VPN with certificate authorization does not work from tray, but works from console
- IPsec resiliency error message '"failed to launch IPsec service"
- Unable to select certificate for SSL VPN
- Connecting to FortiGate clears authorized machine configuration (NAC node)
- Current personal VPN vibrates back to others in dual registration mode
- FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN failure
- Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel
- With IPv6 as remote gateway, custom port changes to the default after editing/saving
- Failed to remove split tunnel
- Save password, Auto-connect, and Always up do not display when VPN is down
- 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username or password)
- If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x completes, but FortiClient (Windows) does not work after reboot
- If Prompt on connect is selected, certificate filter does not work properly
- Right-click is not working for username and password VPN fields
- RSA new PIN mode does not work for IPsec v4/v6 tunnel
- FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is registered to FortiGate
- FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray
- FortiClient (Windows) failed to show IP address for IPsec VPN
- FortiClient (Windows) not displaying actual username used for SSL VPN tunnel
- FortiClient (Windows) should report that VPN connection failed after two wrong passwords
- Connected SSL VPN failed to display tunnel info when password contained special characters
- FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2
- Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key
- Should not display certificate dropdown for tunnel without certificate configured
- FortiClient (Windows) malware GUI says malware is quarantined when it is not
- Default tab not working
- Vulnerability schedule scan weekly is undefined in GUI

Install and upgrade:
- GUI is blank
- Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0
- Update Diagnostic Tool's collected information
- Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled
- Fortitray.exe running PowerShell error prompt
- Unable to open FortiClient (Windows) GUI in Windows 10 Education

Install and uninstall:
- FortiClient (Windows) has many leftover files after uninstallation

Other:
- Remembered FortiGate list needs to refresh after clicking Forget
- MSFT_HW_API does not survive ephemeral Microsoft service outages


FortiClient 6.0.0.0067
- Change log not available for this version


FortiClient 5.6.6.1167
- Change log not available for this version


FortiClient 5.6.5.1150
- Change log not available for this version


FortiClient 5.6.4.1131
- Change log not available for this version


FortiClient 5.6.2.1117
- Change log not available for this version


FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0


FortiClient 5.4.3.0870
- Change log not available for this version


FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7


FortiClient 5.4.1.0840
- Change log not available for this version


FortiClient 5.4.0.0780

- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.


FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.


FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.


FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.

更新時間：2019-03-25
更新細節：

What's new in this version:

FortiClient 6.0.5.0209
- Change log not available for this version


FortiClient 6.0.4.0182
- Change log not available for this version


FortiClient 6.0.3.0155

Split DNS support for SSL VPN:
- FortiClient (Windows) now supports split DNS tunneling for SSL VPN

Basic USB device control:
- You can use the USB device control feature to restrict access to USB ports on endpoints

Malware Protection:
The following issues have been fixed in version 6.0.3.:
- FortiClient (Windows) AV causes compilation error
- Black screen for a few minutes after login/logoff
- FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button shows it as valid
- FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more than X days ago, regardless of version
- AV RTP does not register to the Security Center in Windows 10 RS5
- Skype-received files do not trigger Sandbox scan
- Able to delete/restore quarantine file via virus alert popup when managed via EMS
- FortiClient (Windows) failed to block USB access for the first insertion when using the system
- Built-in policy to block USB access

Web Filter:
- Safe Search does not work
- FortiClient (Windows) Web Filter enable/disable setting change failed to apply

Application Firewall:
- Application Firewall cannot be set to invisible

Remote Access:
- SSL VPN with certificate authorization does not work from tray, but works from console
- IPsec resiliency error message '"failed to launch IPsec service"
- Unable to select certificate for SSL VPN
- Connecting to FortiGate clears authorized machine configuration (NAC node)
- Current personal VPN vibrates back to others in dual registration mode
- FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN failure
- Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel
- With IPv6 as remote gateway, custom port changes to the default after editing/saving
- Failed to remove split tunnel
- Save password, Auto-connect, and Always up do not display when VPN is down
- 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username or password)
- If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x completes, but FortiClient (Windows) does not work after reboot
- If Prompt on connect is selected, certificate filter does not work properly
- Right-click is not working for username and password VPN fields
- RSA new PIN mode does not work for IPsec v4/v6 tunnel
- FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is registered to FortiGate
- FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray
- FortiClient (Windows) failed to show IP address for IPsec VPN
- FortiClient (Windows) not displaying actual username used for SSL VPN tunnel
- FortiClient (Windows) should report that VPN connection failed after two wrong passwords
- Connected SSL VPN failed to display tunnel info when password contained special characters
- FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2
- Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key
- Should not display certificate dropdown for tunnel without certificate configured
- FortiClient (Windows) malware GUI says malware is quarantined when it is not
- Default tab not working
- Vulnerability schedule scan weekly is undefined in GUI

Install and upgrade:
- GUI is blank
- Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0
- Update Diagnostic Tool's collected information
- Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled
- Fortitray.exe running PowerShell error prompt
- Unable to open FortiClient (Windows) GUI in Windows 10 Education

Install and uninstall:
- FortiClient (Windows) has many leftover files after uninstallation

Other:
- Remembered FortiGate list needs to refresh after clicking Forget
- MSFT_HW_API does not survive ephemeral Microsoft service outages


FortiClient 6.0.0.0067
- Change log not available for this version


FortiClient 5.6.6.1167
- Change log not available for this version


FortiClient 5.6.5.1150
- Change log not available for this version


FortiClient 5.6.4.1131
- Change log not available for this version


FortiClient 5.6.2.1117
- Change log not available for this version


FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0


FortiClient 5.4.3.0870
- Change log not available for this version


FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7


FortiClient 5.4.1.0840
- Change log not available for this version


FortiClient 5.4.0.0780

- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.


FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.


FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.


FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.

更新時間：2018-12-26
更新細節：

What's new in this version:

PDF Candy Desktop 2.78
- Change log not available for this version


PDF Candy Desktop 2.77
- Change log not available for this version


PDF Candy Desktop 2.75
- Change log not available for this version


PDF Candy Desktop 2.71
- Change log not available for this version


PDF Candy Desktop 2.62
- Large files better support and processing optimization


PDF Candy Desktop 2.61
- Change log not available for this version


PDF Candy Desktop 2.60
- Change log not available for this version

更新時間：2018-12-26
更新細節：

What's new in this version:

FortiClient 6.0.4.0182
- Change log not available for this version


FortiClient 6.0.3.0155

Split DNS support for SSL VPN:
- FortiClient (Windows) now supports split DNS tunneling for SSL VPN

Basic USB device control:
- You can use the USB device control feature to restrict access to USB ports on endpoints

Malware Protection:
The following issues have been fixed in version 6.0.3.:
- FortiClient (Windows) AV causes compilation error
- Black screen for a few minutes after login/logoff
- FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button shows it as valid
- FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more than X days ago, regardless of version
- AV RTP does not register to the Security Center in Windows 10 RS5
- Skype-received files do not trigger Sandbox scan
- Able to delete/restore quarantine file via virus alert popup when managed via EMS
- FortiClient (Windows) failed to block USB access for the first insertion when using the system
- Built-in policy to block USB access

Web Filter:
- Safe Search does not work
- FortiClient (Windows) Web Filter enable/disable setting change failed to apply

Application Firewall:
- Application Firewall cannot be set to invisible

Remote Access:
- SSL VPN with certificate authorization does not work from tray, but works from console
- IPsec resiliency error message '"failed to launch IPsec service"
- Unable to select certificate for SSL VPN
- Connecting to FortiGate clears authorized machine configuration (NAC node)
- Current personal VPN vibrates back to others in dual registration mode
- FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN failure
- Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel
- With IPv6 as remote gateway, custom port changes to the default after editing/saving
- Failed to remove split tunnel
- Save password, Auto-connect, and Always up do not display when VPN is down
- 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username or password)
- If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x completes, but FortiClient (Windows) does not work after reboot
- If Prompt on connect is selected, certificate filter does not work properly
- Right-click is not working for username and password VPN fields
- RSA new PIN mode does not work for IPsec v4/v6 tunnel
- FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is registered to FortiGate
- FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray
- FortiClient (Windows) failed to show IP address for IPsec VPN
- FortiClient (Windows) not displaying actual username used for SSL VPN tunnel
- FortiClient (Windows) should report that VPN connection failed after two wrong passwords
- Connected SSL VPN failed to display tunnel info when password contained special characters
- FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2
- Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key
- Should not display certificate dropdown for tunnel without certificate configured
- FortiClient (Windows) malware GUI says malware is quarantined when it is not
- Default tab not working
- Vulnerability schedule scan weekly is undefined in GUI

Install and upgrade:
- GUI is blank
- Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0
- Update Diagnostic Tool's collected information
- Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled
- Fortitray.exe running PowerShell error prompt
- Unable to open FortiClient (Windows) GUI in Windows 10 Education

Install and uninstall:
- FortiClient (Windows) has many leftover files after uninstallation

Other:
- Remembered FortiGate list needs to refresh after clicking Forget
- MSFT_HW_API does not survive ephemeral Microsoft service outages


FortiClient 6.0.0.0067
- Change log not available for this version


FortiClient 5.6.6.1167
- Change log not available for this version


FortiClient 5.6.5.1150
- Change log not available for this version


FortiClient 5.6.4.1131
- Change log not available for this version


FortiClient 5.6.2.1117
- Change log not available for this version


FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0


FortiClient 5.4.3.0870
- Change log not available for this version


FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7


FortiClient 5.4.1.0840
- Change log not available for this version


FortiClient 5.4.0.0780

- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.


FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.


FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.


FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.

更新時間：2018-10-24
更新細節：

What's new in this version:

FortiClient 6.0.3.0155

Split DNS support for SSL VPN:
- FortiClient (Windows) now supports split DNS tunneling for SSL VPN

Basic USB device control:
- You can use the USB device control feature to restrict access to USB ports on endpoints

Malware Protection:
The following issues have been fixed in version 6.0.3.:
- FortiClient (Windows) AV causes compilation error
- Black screen for a few minutes after login/logoff
- FortiClient (Windows) dashboard shows Sandbox as unauthorized even when the Test button shows it as valid
- FortiClient (Windows) reports signature to be out-of-date if it is updated to the signature more than X days ago, regardless of version
- AV RTP does not register to the Security Center in Windows 10 RS5
- Skype-received files do not trigger Sandbox scan
- Able to delete/restore quarantine file via virus alert popup when managed via EMS
- FortiClient (Windows) failed to block USB access for the first insertion when using the system
- Built-in policy to block USB access

Web Filter:
- Safe Search does not work
- FortiClient (Windows) Web Filter enable/disable setting change failed to apply

Application Firewall:
- Application Firewall cannot be set to invisible

Remote Access:
- SSL VPN with certificate authorization does not work from tray, but works from console
- IPsec resiliency error message '"failed to launch IPsec service"
- Unable to select certificate for SSL VPN
- Connecting to FortiGate clears authorized machine configuration (NAC node)
- Current personal VPN vibrates back to others in dual registration mode
- FortiClient (Windows) console on Windows 7 PCs inaccessible in Windows system tray - SSL VPN failure
- Phase 1/phase 2 IKE proposal not populated for IPv6 tunnel
- With IPv6 as remote gateway, custom port changes to the default after editing/saving
- Failed to remove split tunnel
- Save password, Auto-connect, and Always up do not display when VPN is down
- 6.0.2 RC1 fails to connect to VPN from task tray with user certificate authentication (no username or password)
- If FortiClient (Windows) 5.6.x is installed on a different drive (E:), manual upgrade to 6.0.x completes, but FortiClient (Windows) does not work after reboot
- If Prompt on connect is selected, certificate filter does not work properly
- Right-click is not working for username and password VPN fields
- RSA new PIN mode does not work for IPsec v4/v6 tunnel
- FortiClient (Windows) failed to switch auto-connect tunnels when FortiClient (Windows) is registered to FortiGate
- FortiClient (Windows) VPN dashboard shows empty VPN tunnel after connecting from FortiTray
- FortiClient (Windows) failed to show IP address for IPsec VPN
- FortiClient (Windows) not displaying actual username used for SSL VPN tunnel
- FortiClient (Windows) should report that VPN connection failed after two wrong passwords
- Connected SSL VPN failed to display tunnel info when password contained special characters
- FortiClient (Windows) IPsec VPN accepts invalid server certificate with IKEv2
- Backing up and restoring FortiClient (Windows) causes loss of IPsec VPN pre-shared key
- Should not display certificate dropdown for tunnel without certificate configured
- FortiClient (Windows) malware GUI says malware is quarantined when it is not
- Default tab not working
- Vulnerability schedule scan weekly is undefined in GUI

Install and upgrade:
- GUI is blank
- Remote Access (IPsec) loses saved username/password when upgrading to 6.0.0
- Update Diagnostic Tool's collected information
- Unable to upgrade FortiClient (Windows) 6.0.1 to 6.0.2 from EMS with password lock enabled
- Fortitray.exe running PowerShell error prompt
- Unable to open FortiClient (Windows) GUI in Windows 10 Education

Install and uninstall:
- FortiClient (Windows) has many leftover files after uninstallation

Other:
- Remembered FortiGate list needs to refresh after clicking Forget
- MSFT_HW_API does not survive ephemeral Microsoft service outages


FortiClient 6.0.0.0067
- Change log not available for this version


FortiClient 5.6.6.1167
- Change log not available for this version


FortiClient 5.6.5.1150
- Change log not available for this version


FortiClient 5.6.4.1131
- Change log not available for this version


FortiClient 5.6.2.1117
- Change log not available for this version


FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0


FortiClient 5.4.3.0870
- Change log not available for this version


FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7


FortiClient 5.4.1.0840
- Change log not available for this version


FortiClient 5.4.0.0780

- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.


FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.


FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.


FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.

更新時間：2018-10-24
更新細節：

What's new in this version:

WYSIWYG Web Builder 14.2.1
- Fixed: Accordion content padding cannot be changed via property dialog
- Fixed: Crash when adding more than 12 cells in jQuery Mobile Layout Grid
- Fixed: z-index problem when using image-overlay in Flexbox Container
- Fixed: Automatic @font-face always uses verdana font (64bit version only)
- Improved: An improved messagebox is displayed when an extension is missing. You can now choose to continue, visit the forum FAQ for tips how to fix the error or cancel
- Improved: Added Google Fonts to Menubar->Tools
- New feature: Added 'Full width' option to Rollover text for use with layout grids. This makes the image flexible/responsive


WYSIWYG Web Builder 14.2.0

- Fixed: Switching from Master Page to Master frame crashes program when the page is not active
- Fixed: Issue with Panel Menu hamburger image in breakpoints
- Fixed: Visibility issue with images in flexgrid and breakpoints
- Fixed: Login Name does not apply background alpha value
- Fixed: Panel Layer overlay hidden in breakpoints
- Improved: Added justify-content to Layout Grid when using flexbox/fixed height
- Improved: It is now possible to use multipe (form) conditions with the same value for "equal to (choice)/not equal to (choice)", so you can trigger different actions for the same value
- Improved: Now includes PHP Mailer 6.0.5 (upgraded from 5.2.26) with many improvements angelog.md
- Improved: Implemented workaround for 'Failed to open document' error when extensions are missing
- Improved: Projects with extensions can now be opened in the TRIAL version. Extensions will not be functional in demo mode but the application will no longer generate an error (or crash)
- Improved: Form's encoding type defaults to 'multipart/form-data'
- Improved: Newly added objects in layers will automatically be moved into the viewport if they are not visible in breakpoints (experimental)

Single Page Protect:
- Improved: Redesigned 'Single Page Protect' so it's more mobile friendly
- New feature: Added extra styling options to 'Single Page Protect': colors, padding, border-radius, button and editbox styling etc.

Quick 'n Easy Web Builder 6.x export:
- New feature: Added support for export to Quick 'n Easy Web Builder 6.x format

Variables:
- New feature: Added 3 new built-in variables: $PAGE_NAME$, $PAGE_TITLE$ andf $PAGE_FILENAME$. These variables can be used anywhere in the page and will be replaced by their actual values when the page is published

List View:
- New feature: Added alignment property to List View. The alignment is responsive

Slide Menu:
- New feature: Added alignment property to Slide Menu. The alignment is responsive

Cards:
- New feature: Added the ability to add YouTube/Vimeo videos to Cards
- New feature: Added 'Icon library' option to Card, this makes it possible to use custom fonts (in addition to Font Awesome)

Panel Menu:
- New feature: Added the ability to set different colors for the button and menu items in Panel Menu

Navigation:
- New feature: Responsive Menu, Breadcrumb, Tabs, Overlay Menu and Panel Menu now support custom icon fonts (in addition to Font Awesome and Material Icons)


WYSIWYG Web Builder 14.1.1
- Fixed Issue with Card alignment in breakpoints
- Fixed CSS menu border hover color
- Fixed Issue with progress bar percentages in floating layout
- Fixed Issue with empty Marquee and HTML formatting tools
- Improved Hidden Inline Frame now uses 'displaynone' instead of 'visibilityhidden' in Layout Grids


WYSIWYG Web Builder 14.1.0
- Fixed: Extra quote in Overlay Menu
- Fixed: Line position in floating layers.
- Fixed: Issue with Replace ID 1234xxxxx to a1234xxxxx
- Improved: Added flexbox support to CMS View
- Improved: 'Login Name' no longer shows a broken image when the avatar is not set
- Improved: Rendering speed of layer/layout grid 'ondragover' highlighting
- Improved: Implemented responsive text alignment for Heading, Editbox, Text Area and Label
- Improved: Implemented responsive menu alignment for CSS menu, Breadcrumb, Pagination, Text menu, Overlay Menu and Responsive Menu
- New feature: Added the possibility to set the maximum dimensions of the avatar image in login signup
- New feature: Added alpha support to CSS Menu border color (menu items)
- New feature: Added 'alignment' property to Pagination menu
- New feature: Added 'border width' property to Themeable Button
- New feature: Added hard line-break support to Card text
- New feature: Added 'full width' option to Horizontal Line. When set to false, the line can have a fixed width (instead of 100%)
- New feature: Added 'box shadow' to Heading object
- New feature: Added 'text shadow' to Heading object
- New feature: Added 'padding' to rollover layer (for use with floating children)
- New feature: Added the ability to add custom options to full page Carousel. For an overview of available options please visit: https://github.com/alvarotrigo/fullPage.js/#fullpagejs
- New feature: Added background overlay options to Flex Grid
- New feature: Added the ability to use the Flex grid as a form (Properties->Form->Enable Form)
- New feature: Added 'Default breakpoint' template in Flex Grid editor. This option will apply the layout from the default breakpoint to the current breakpoint, so you do not have to redo it for all breakpoints


WYSIWYG Web Builder 14.0.5
- Fixed: Font sizes in extension datasets are not converted to pixels
- Fixed: Issue with edit profile/avatar and minified HTML
- Fixed: Structured Data Object Adds Scrollba
- Fixed: Cannot insert new item in empty card item list
- Improved: Added confirmation box to 'Reset toolbox'
- Improved: Reversed the order of @font-face fonts (woff2, woff, tff, svg, eot
- Improved: Sticky Layer now uses CSS instead of JavaScript when delay is set to
- Improved: Added 'mute=1' to YouTube and Vimeo background video
- Improved: Added latitude/longitude properties to 'Google Maps with Info' script


WYSIWYG Web Builder 14.0.4
- Removed: input:-webkit-appearance, hides checkboxes in with non-safari browsers
- Fixed: 'Select Page' dialog should be on the foreground in nested dialogs
- Fixed: Combobox height issue in breakpoints
- Fixed: Layout grid column border rendering issue
- Fixed: Overlay menu styling crashes WWB
- Fixed: missing semicolumn in label line-height
- Fixed: Conflict with flexible carousel and 'center in browser'
- Improved: Overflow of panel layer
- Improved: Optimized layout calculation when switching between breakpoints
- Improved: Initial 'Horizontal Line' height is set to grid size, when using drag & drop from toolbox
- Improved: Modal Layer positioning in breakpoints
- Improved: Font size update in toolbar
- Improved: Flex Grid editor now displays a warning if one of the grid item names is invalid


WYSIWYG Web Builder 14.0.3
- Fixed: Login Admin Action icon's not showing
- Fixed: Issue with jQuery Mobile Panel corner property.
- Fixed: Issue with jQuery Mobile Header/Footer text color.
- Fixed: Incorrect date styling in blog templates bootstrap and testimonial.
- Fixed: Some styles are not saved for jQuery UI widgets when using breakpoints.
- Fixed: CSS menu is not synchronized with other menus.
- Fixed: Box-shadow type setting is not saved.
- Improved: Editbox line-height is now responsive.
- Improved: Long label text wraps in layout grid.
- Improved: The page size is no longer updated automatically when editing text inside a footer.
- Improved: Ruler update after page size change.
- Improved: Removed YouTube's ugly border.
- Improved: Included jquery-2.2.4.min.js again for backwards compatibility.
- Improved: 32bit version can now read most projects saved with 64 version


WYSIWYG Web Builder 14.0.2

Fixed:
- Login Admin code missing semicolon when using avatars
- Issue with Material Icons json file
- Ctrl+Click does not work for Tables and Carousel
- Folder should not be included in Twitter Card URL

Improved:
- Added 'User role' property to Login Signup form. This specifies the default user role for new users
- Added keyboard shortcut support to search input fields of the Object Manager, Site Manager and Toolbox


WYSIWYG Web Builder 14.0.1

Fixed:
- Missing 'width' in Bulleted List
- Rendering issue with zoomed workspace
- Conflict with external scripts and schema.org JSON
- 'Find not found' error with some extensions
- Implemented workaround for Layout grids with maximum width, so they use 'old' behavior automatically. See the help for more details
- Login Admin produces demo code
- Single character glyphs in Icon Fonts do not render
- Issue with user roles in Login Admin

Improved:
- SVG output for Material Icons.
- During the setup, blocks/icons will no longer be installed in the user's document folder. Because when the setup is executed with different credentials, the files ended up in the wrong folder
- Added support for Unicode files names in zip backup
- class property does not disable object's CSS output

New feature:
- Added 'trigger change' action to Form Conditions. When you set the value of another object via conditions, then browsers will not trigger a change event for that object. This action adds the ability to force a change event, which may be useful if the value is used in other conditions


WYSIWYG Web Builder 14.0.0
Flex Grid:
- New feature: WB14 introduces a new way of creating flexible layouts based on the new CSS Grid Layout
- The CSS grid is a new technique in CSS that allows web developers to create complex responsive web design layouts more easily and consistently across browsers. 'CSS Grid Layout' is a two-dimensional grid system that is native to CSS. It does not rely on floats or other hacks. This result in clean code and reliable code. The idea behind the Grid Layout is to divide a webpage into columns and rows. The columns and rows have named areas where you can drag & drop object in. The definition of the layout can be different for each breakpoint. Each grid area supports it own padding, (flexbox) alignment, border and background style

Cards:
- New feature: Added 'Card' object. A card is a lightweight, flexible content container. It includes options for headers and footers, a wide variety of content, styling, and powerful display options. When used in combination with a flexbox container, multiple cards with different content can have the same height, which normally would be difficult to achieve.
- New feature: Popovers, this basically uses the Card as an advanced tooltip/pop-up box that appears when the user clicks or hovers on an element

Google Fonts:
- New feature: Added Google Fonts Manager. Adding Google Fonts to your website has never been easier. You no longer have to manually download/install the fonts from the Google website.

Icons Fonts:
- New feature: Added support for custom Icon Fonts Libraries. Add your own icon libraries or third party icon sets. Extra Icon Fonts support the same styling options as the built-in Font Awesome. Add-on packs are available for : Drip Icons, Elusive Icons, Feather, Foundation Icons, Glyphicons Halflings, Ionicons, LineAwesome, Material Icons, Open Iconic, Linea Icons

Structured Data (schema.org):
- New feature: Added support for Structured Data (JSON-LD). Provide a better browsing experience for users on your website and in search engines, and improve your SEO with the built-in JSON-LD generator. The following schemes are currently supported: Event, Review, Person, NewsArticle, SoftwareApplication, Product, Organization, Recipe, Restaurant, VideoObject, MusicAlbum, MusicPlaylist.

Twitter Cards:
- New feature: Added support for Twitter Cards: Summary, Summary with large image and Player. Twitter specific meta tags can be configured in the Meta Tags section of the Page Properties

Layout Grid:
- New feature: Added background overlay support to grid columns
- New feature: Added semantic HTML5 tag support
- New feature: Adding padding properties to columns. Padding is responsive
- New feature: Adding border properties to columns. This make it possible to configure border for each column. Border properties are responsive
- New feature: Added the ability to make layout grids full screen: Column height->100vh (100% of the viewport height)
- New feature: Added support for 'CSS Grid Layout' (in addition to Bootstrap and Flexbox)

Wizard:
- New feature: Added new 'Wizard' object. This implements a wizard like component, which can be used (for example) to create a multi-page form. The wizard can either be modal (popup) or used as a standard element

Site Search:
- Improved: Most search related code is now part of wb.sitesearch.min.js, this makes it possible to share the code between multiple page and results in a smaller footprint
- Improved: Results font-family now supports @font-face/Google Fonts
- New feature: Added 'Include all text in search index' option in Search Index settings. This will use all text from the page instead of just unique words. This will increase the size of the search index, but the search results will look better and it makes it possible to search for phrases
- New feature: Added the possibility to use quotes in the search queries to search for an exact phrase. Example: 'open source'. To make this useful, the option 'Include all text in search index' should be enabled
- New feature: Added the possibility to use the minus character before a word to exclude all results that include that word. Example: web -designer
- New feature: Added 'Include timing' option. This displays the total time it took to execute the search query
- New feature: In addition to jQuery Dialog, you can now also display the results in a Bootstrap modal
- New feature: Added an option to set maximum number of characters to display in the results. The description text contains the context of the keyword within the text
- New feature: Added support for pagination
- New feature: Added item padding property. This specifies the padding between result items
- New feature: Added option to make search terms bold
- New feature: Added option to include the URL in search results

Overlay Menu:
- New feature: Added new 'Overlay Menu' object. This implements a multi-level, responsive full screen menu. With 10 show/hide animations. social icons support

Tab Menu:
- New feature: Added responsive mode. When the viewport gets smaller than the specified breakpoint value, the Tab Menu will switch to stacked (vertical) mode so it can be also be used on smaller screens

Text Menu:
- New feature: Added responsive mode. This works in combination with Layout->Type->Responsive. When the viewport gets smaller than the specified breakpoint value, the Text Menu will switch from horizontal to vertical

Panel Menu:
- New feature: Added responsive mode. When the viewport gets smaller than the specified breakpoint value, the Panel Menu will switch to full screen mode (with close button)
- New feature: Added 'hamburger animations'. 12 different animations are available
- New feature: Added the possibility to add footer text. For example, to add a copyright message at the bottom of the menu
- New feature: Added the possibility to add a logo to the menu
- New feature: Added menu padding. This sets the padding around the entire menu
- New feature: Added support for 'Social Icons'. To add a social icon set the of the menu item and leave the 'text' field empty
- New feature: Added support for dividers. Set the text to '---' to insert a divider

Mega Menu:
- New feature: Added responsive mode. When the viewport gets smaller than the specified breakpoint value, the Mega Menu will display a hamburger icon to trigger a full screen menu
- New feature: Added 'Alignment' property. This adds the possibility to align the button inside the menu's container
- New feature: Added sub menu 'Alignment' property. Specifies the alignment of the text inside the sub menu
- New feature: Added sub menu 'Orientation' property. Specifies the orientation of the sub menu relatively to the button

CSS Menu:
- New feature: Border styles of the main menu now support for individual sides

Other navigation:
- Improved: You can now use
in menu text, which makes it possible to have multi-line text. Note that this mainly useful for menu items that do not have the same size like sub menu, panel/overlay menu items
- New feature: Added 'Synchronize with another menu" option. Enabling this option will synchronize the links of the menu with the specified menu, This may be useful when you have multiple menus on the page, for example a desktop and mobile menu. So, you will have to change the link(s) only once
- New feature: Added 'Do not follow this link' option to links. Enabling this option adds 'rel=nofollow' to prevent robots/search engines following the link

Master Page/Master Frame:
- New feature: Added support for background transparency (alpha) in Content Place Holder
- New feature: Added new master page functionality. In addition to Master Frame you can now also use another page as master page. This does not require a content place holder

General:
- Removed: Disable IE toolbar. IE no longer supports this feature
- Improved: All built-in JavaScript files are now loaded from the 'js' sub folder instead of embedded in the executable. This reduced the size of the application and memory usage. And it makes it easier to replace the files, if needed
- Improved: More objects now support ARIA role attributes. For example: tabs, accordion, search, blog, news feed ticker, navigation etc.
- Improved: The 'margin' property is now responsive for most objects
- Improved: If a full width object has margin then the margin value will be subtracted from the total width using css's calc function so the object does not become wider than its container
- Improved: Removed browser prefixes for box-shadow
- Improved: HTML viewer has a better contrast for dark color schemes
- Improved: Many DPI improvements. For example, all built-in images/icons/toolbars now have high resolution versions for use on high DPI screens
- New feature: Added 'Set initial zoom level based on DPI scaling' option. On some computers with a high resolution (4k) display, the initial workspace may be to small. By enabling this option, the DPI value of your system will be used as the initial zoom level
- New feature: Added 'Default' accent color to color schemes. VS 2017 and Office 2016 color schemes may use Windows accent color now
- New feature: Added 'Search' option to Site Manager to filter pages in the list and quickly find a page
- New feature: Added 'Search' option to Page selection dialog (for internal links) to quickly find a page
- New feature: Added 'Project backup in zip' option to File menu. This will create a full backup of the project and images etc.
- New feature: Added 'Load built-in JavaScript files asynchronously' option in Tools->Options->HTML. Note: only useful when using external JavaScript file
- New feature: Added 'ctrl+click+drag' support to quickly duplicate objects just like in Word/PowerPoint: select the object that you want to duplicate
- hover over the object with your mouse and press the CTRL key
- while still pressing the CTRL key, click and drag the object to the new location

Publish:
- New feature: Make a backup of the complete project (including images) in zip format

Templates/Blocks:
- Improved: Templates/Blocks are now stored more efficiently. If a project uses the same image multiple times then it wil be embedded only once

SVG:
- New feature: The application now officially supports SVG

Shape:
- New feature: Add ‘Full width’ mode to Shape, Text Art and Clip Art for use with SVG output mode. This makes it possible to have scalable/flexible shapes/text/clipart in layout grids
- Improved: Shapes in 'Insert Shape' gallery are now rendered larger and sharper, just like other 'Insert' galleries

Color picker:
- New feature: Added 'Alpha slider' to color picker

Font Awesome/Material Icons:
- New feature: Implemented a new icon selection window. With categories (just like in the Ribbon) and a search option, so you can quickly find the icon you are looking for

Page:
- New feature: Added 'Disable CSS media query' option to Page Properties. If this option is enabled, then breakpoints will not be published. This may be useful for testing purposes
- New feature: Added 'Disable HTML/CSS/JavsaScript formatting'. This option disables beautify/minify options for the current page. This may be useful for testing purposes or when you have added code to the page which does not support formatting
- New feature: Added 'Disable custom code'. If this option is enabled, then custom code with not be included in the published page. This way you can test the page without custom code (for example, in case something does not work)
- New feature: Added 'Use Safari mobile background fix'. This option implements a workaround for issues with full width (parallax/fixed/cover) background images on Safari mobile (iOS) browsers
- New feature: Added 'Apply these breakpoints to other page' in Manage breakpoints. This option applies the breakpoints to other pages (if they do not already exist). Note that this does not affect the layout

Text:
- New feature: Added 'ID' property in Advanced section of Link properties. This makes it possible to create bookmarks to links. Related tutorial: How to create bookmarks in Text? + style => no-pointer
- New feature: Added 'Font Family' and 'Font Size' to property dialog and Property Grid. This can be used to set the font of the text object when using responsive fonts
- New feature: Added 'Recently Used Fonts' to the font dropdown list in the Ribbon and Format toolbar

Blog / Article:
- Improved: Added the ability to change the editor color. This can be useful if you are using white text
- New feature: Added 'bootstrap' layout template
- New feature: Added 'clean' layout template
- New feature: Added 'testimonial' layout template
- New feature: Added ‘quote’ layout template

News Feed Ticker:
- New feature: Added support for background transparency (alpha)
- New feature: Added border radius option

Ready-to-use-JavaScript:
- Improved: Google Maps scripts now display a preview image in the workspace (instead of the generic JavaScript logo)
- Improved: Text scripts now show a preview of the text in the workspace
- Improved: Added support for Google Fonts
- Improved: Added support for Global Replace (fonts and colors)
- New feature: Added ‘Countdown Days’ script
- New feature: Added ‘Typewriter’ and ‘Typewriter Deluxe’ scripts. The typewriter scripts simulate typing text. Typewriter Deluxe also includes a cursor and reverse mode

Style Manager:
- Improved: The Style Manager window is now resizable
- Improved: pseudo classes are no longer displayed in the style selection list, because it is only useful to select the main class anyway
- Improved: 'Import' and 'Advanced' parser updated. It now recognizes rgba() values, animations, transitions, cursors, border-radius and more
- Improved: Enabled 'predefined style' for Heading, Bullets, Layout grid, Flex Container, Rollover Layer
- New feature: Most objects now have a 'class' property in the Property Inspector. This adds the ability (for advanced users) to set the classname (style) for any object, note that this may not make sense for some objects
- New feature: Border styles now support for individual sides
- New feature: Added support for background gradients in styles
- New feature: Added support for the 'cursor' property. This specifies the type of cursor to be displayed when pointing on an element
- New feature: Added support for the 'background-clip' property. This specifies the painting area of the background. This can be useful in combination with transparent borders
'border-box' clips the background to the border box. When using a transparent border, the background will be visible behind the border. 'padding-box' clips the background to the padding box (excluding the border). The background behind the border will be transparent

CSS3 Animations:
- Improved: When using onscrollreveal events with css animate (css), then the target object will be initially hidden automatically (via class 'visibility-hidden'). This behavior can be overwritten by adding $SCROLLREVEAL_AUTOHIDE$ -> false to the user defined variables
- New feature: Added animations preview
- New feature: Added support for ‘filter’ property in transitions and CSS animations. This adds the possibility to animate brightness, contrast, hue, blur, invert, saturate, grayscale and sepia
- New feature: Added 'Neon' text animation
- New feature: Added 'Fire' text animation
- New feature: Added 'Classic Movie' text animation
- New feature: Added 'transform-wobble-top', ‘transform-wobble-center’ and ‘transform-wobble-bottom’ animations
- New feature: Added several text letterspacing animations. For example: ‘letterspacing focus in’ and ‘letterspacing expand’. Plus, more than 25 other new animations, including: animate-border-fade, background position, focus-in / focus-out, jello, ken-burns, pop, push, shadow-top-bottom / shadow-left-right, slide-in-elliptic/ slide-out-elliptic, text-popup, transform diagonal and many others

Flexbox:
- New feature: Added 'background image+overlay' support to Flex Container
- New feature: Flexbox properties (flex grow, flex shrink, align self, flex basis) of objects are now responsive, so you can use different values in breakpoints

Photo Gallery/Photo Collage:
- New feature: When loading new images, the gallery will automatically use the meta data of the image (if available)
- New feature: Added the ability to set a separate 'Thumbnail' image. This allows you to use a different (smaller) version of the image for thumbnails. It is also still possible to automatically generate a thumbnail image. This can be useful for example if you want a use a square image for the preview and the full sized image with normal aspect ratio
- New feature: Added support for Bootstrap modal in jQuery Dialog settings. This implements a responsive modal popup
- New feature: Added the ability to get images from a folder on the server. If the images contain description meta data then this will automatically be used for the title

Slideshow:
- New feature: When loading new images, the gallery will automatically use the meta data of the image (if available)
- New feature: Added 'Line' shape option to pagination, inspired by Bootstrap-4 Carousel indicators
- New feature: Added new built-in navigation arrows, inspired by Bootstrap-4 Carousel arrows. To use the new arrows, enter '<' for previous and '>' for next in the filename fields
- New feature: Added ‘Maximum width’ property which limits the width of the slide show when used in full width (floating) mode. In previous versions this was fixed to 1920
- New feature: Added the ability to get images from a folder on the server
- New feature: Added ‘Full screen background’ slideshow mode. The images will cover the entire viewport. The slideshow will be fixed at the background, so it will not scroll with the rest of the content. Full screen background uses CSS3 animations, no JavaScript

Image / Picture:
- New feature: Added ‘Object-fit’ property. Specifies how the image should be resized to fit its container. Requires a modern browser! For example, Internet Explorer does not support this property

Progressbar:
- New feature: Added the ability to show percentages in the progressbar

Dialog:
- New feature: Added border width property
- New feature: Added box-shadow properties
- New feature: Added animation duration and easing properties
- New feature: Added 'Bootstrap' mode. This will use Bootstrap's modal instead of jQuery UI
- New feature: Added the ability to use the dialog as a form (Properties->Form->Enable Form)
- New feature: Added floating mode. When this option is enabled objects inside the dialog float instead of having a fixed position, so you can create flexible layouts
- New feature: Added 'Breakpoint' property. When the viewport gets smaller than the specified breakpoint value, the dialog will switch to full width mode. For use with floating mode
- New feature: Added 'Buttons' properties. Buttons will be added at the bottom of the dialog and can be used to close the dialog or trigger other actions (events). This feature replaces the previous hardcoded button options
- New feature: Added 'Button alignment' and 'Button margin' properties. These specify the alignment and margins of the buttons in the footer of dialog
- New feature: Added the ability to customize the style of the buttons

Tabs:
- New feature: Added show and hide animations. This animates showing/hiding the panels
- New feature: Added the possibility to add a description and icon (fontawesome/material icon) to tabs
- New feature: Added support for vertical tabs: Tabs at the left and Tabs at the right
- New feature: Added the ability to use the Tabs object as a form (Properties->Form->Enable Form)

Accordion:
- New feature: Added the ability to use the accordion as a form (Properties->Form->Enable Form)

Themable Button (previous known as jQueryButton):
- New feature: Added box-shadow property
- New feature: Added the ability to set the button(s) full width in Layout grid. This may be useful (for example) to create flexible (radio) button rows

Spinner:
- New feature: Added box-shadow property

Events:
- New feature: Added 'Form Submit' and 'Form Reset' actions to events. These actions can be used to submit or reset a form through events! For example, to submit a form via a button that is not part of the form
- New feature: Added 'ondocumentready' to page events. This event is will be triggered once the page Document Object Model (DOM) is ready for JavaScript code to execute. This can be useful for example, to apply a style to an object

Scroll Events and Transitions:
- New feature: Added 'Disable scroll events on small screens' to the Page Properties. This option adds the ability to disable scroll events on small screens (eg. phones)
- New feature: Added 'Disable scroll transitions on small screens' to the Page Properties. This option adds the ability to disable scroll transitions on small screens (eg. phones)
'Minimum width' specifies the width at which the scroll events/ transitions will be disabled
- New feature: Added 'Exclude browsers' to the Page Properties. This option adds the ability to disable scroll events and transitions on specific browsers (eg. iOS, Android)

Signup/Edit Profile:
- New feature: Added the ability for the user to set an avatar image. The image can be displayed on the page with the "Login Name' object

Login Name:
- New feature: Added border, background, padding, vertical alignment properties
- New feature: Added 'Display Avatar' option. This will display the avatar of the logged in user

Login Tools:
- New feature: Added support for background and border transparency (alpha)
- New feature: Added 'User Roles' functionality. Users roles are used to create different types of users. These users will only have access to the pages that have configure this role. The roles are customizable in the properties of the Login admin

Login Admin:
- New feature: Redesigned the layout of the Login Admin for a modern look and feel
- New feature: Added styling options for button and input fields
- New feature: Added support for striped and hover rows
- New feature: Added the ability to customize/translate the text of the various items (headers, buttons)
- New feature: Added table cell padding
- New feature: Added search/filter option
- New feature: Added pagination
- New feature: Added 'avatar' support (see 'Signup/Edit Profile)

Borders:
- Improved: Borders are now rendered with all properties (style, radius, individual borders) in the workspace
- New feature: Added support for transparent borders (alpha)

Background:
- New Feature: Added support for Google Maps background rendering. You can now use a (static) Google Map image as background in most objects
- Improved: Background mode -> image now displays the color picker to select the color for image + color and image + overlay
- New feature: Added ‘image+fade’ option in background properties. This will add a fading gradient overlay effect to the background

Box Shadow:
- New feature: Added support for shadow type: inset. This changes the shadow from an outer shadow (outset) to an inner shadow

Carousel:
- New feature: Added 'Line' shape option to pagination, inspired by Bootstrap-4 Carousel indicators
- New feature: Added new built-in navigation arrows, inspired by Bootstrap-4 Carousel arrows. To use the new arrows, enter '<' for previous and '>' for next in the filename fields
- New feature: Added 'Flexible' mode. When this option is selected the child elements of the Carousel will be floating (instead of fixed). In this case the Carousel will be fully responsive and it can also be used inside layout grids. In 'Flexible mode' the Carousel can also be set to use the full height of the viewport

Layer:
- New feature: Added 'breakpoint' property to Panel Layer. When the viewport is smaller than the specified breakpoint value, the panel layer will become full width

CMS Admin:
- Improved: WWB editor has new icons
- New feature: Added styling options for button and input fields. All plug-ins have been updated to support the new styling
- New feature: Added support for hover rows
- New feature: Added table cell padding

ListView:
- New feature: Added the possibility to add images to dividers

Property Inspector:
- New feature: The Property Inspector will display a 'Responsive' icon, if the property has different values in breakpoints
- New feature: Added 'Reset Property (RWD)'. This will reset the selected value, so will be the same across all breakpoints
- New feature: Added 'Reset All Properties (RWD)'. This will reset all responsive values of the object
- New feature: Added commands section with shortcuts to 'More properties', Events, HTML and Animations

Global Replace:
- New feature: Added the ability to replace internal links

Error Reports:
- New feature: Error Reports displays a warning when a style does not have the same breakpoints as the page. If you are using styles in responsive pages then these styles should have the same breakpoints
- New feature: Error Reports displays a warning when an event refers to an object that is no longer on the page: Invalid event target

Form Conditions:
- New feature: Added 'Less than' and 'Greater than' conditions. It is also possible to create a range (greater than/less than combined)
- New feature: Added 'else' conditions. This can be used in combination with 'equal to', 'not equal to', 'greater than' and 'less than'

Form:
- New feature: Added 'From' property to built-in form processor settings. This will set the 'from' address of email sent messages to the specified email address. If you leave the field empty then it will work like in previous versions: either the 'email' input will be used (if it exists) or the 'to' address
- New feature: Added 'Set envelope-from address for PHP mail() with the -f option' in form properties (Form Properties->Advanced->Miscellaneous). This replaces the PHP7 option in page properties. It serves the same purpose
- New feature: Added server sided input validation (Form Properties->Advanced->Miscellaneous). This adds extra security to the form by also validating the input on the server side (using PHP). This feature uses the same settings as the JavaScript (client side) validation

Editbox / Textarea:
- New feature: Added the possibility to set the color of the placeholder text

Lightboxes:
- Improved: Lightbox preview image now automatically keeps aspect ratio of the image
- New feature: Added the possibility to use fancybox v3. Due to license restrictions we are not allowed to distribute fancybox v3. However if you copy the files from https://fancyapps.com/fancybox/3/ to DocumentsWYSIWYG Web Buildersystemlightboxfancybox, then application will use these files instead of the included ones (fancybox v1)
- New feature: Added support for 3 new (third party) responsive lightboxes: lightcase, tosrus, venobox. Available in 'Free extras'
- New feature: The lightbox (in Page Properties) now supports : colorbox, lightcase, prettyphoto, swipebox, tosrus, venobox. These lightboxes can be used for YouTube, Vimeo, HTML5 video, Inline frames and links
- New feature: Added the ability to add a border (style, color, width, radius) to the lightbox preview image in YouTube, Vimeo and HTML5 video

User defined variables:
- New feature: Added $PROJECT_CSS$ system variable. This makes it possible to specify a different name for the global (external) style sheet, instead of using the project name

更新時間：2018-06-06
更新細節：

What's new in this version:

FortiClient 6.0.0.0067
- Change log not available for this version

FortiClient 5.6.6.1167
- Change log not available for this version

FortiClient 5.6.5.1150
- Change log not available for this version

FortiClient 5.6.4.1131
- Change log not available for this version

FortiClient 5.6.2.1117
- Change log not available for this version

FortiClient 5.6.0.1075
- Updated to add support for FortiSandbox 2.4.0

FortiClient 5.4.3.0870
- Change log not available for this version

FortiClient 5.4.2.0860
- Removed 389753 from Resolved Issues
- Added 389240 and 390356 to Resolved Issues
- Moved 295413 to Known Issues
- Updated description of 390265
- Added the following special notice: SSL VPN cannot connect after upgrade to FortiOS to 5.4.x on page 7

FortiClient 5.4.1.0840
- Change log not available for this version

FortiClient 5.4.0.0780
- FortiClient 5.4.0 has enhanced capabilities for the detection of Advanced Persistent Threats (APT).
- Botnets running on compromised systems usually generate outbound network traffic directed towards Command and Control (C&C) servers of their respective owners. The servers may provide updates for the botnet, or commands on actions to execute locally, or on other accessible, remote systems.
- When the new botnet feature is enabled, FortiClient monitors and compare network traffic with a list of known Command and Control servers. Any such network traffic will be blocked.

FortiSandbox Integration:
- FortiSandbox offers the capabilities to analyse new, previously unknown and undetected virus samples in real- time. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as available on the FortiOS and FortiClient. If the file is not detected, but is an executable file, it is run (sandboxed) in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behaviour in the VM.
- FortiClient integration with the FortiSandbox allows users to submit files to the FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they could not be detected by the local real-time scanning. Access to the downloaded file is blocked until scanning result is returned.
- As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time, as well as on-demand, AV scanning.
- This feature requires FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

WEB FILTERING

Enhanced Real-Time Protection Implementation :
- The Real-Time Protection (RTP) or on-access feature in FortiClient uses a tight integration with Microsoft Windows to monitor files locally or over a network file system as they are being downloaded, saved, run, copied, renamed, opened or written to. The FortiClient driver coupling with Windows has been re-written to use modern API's provided by Microsoft. All basic features remain the same, with a few minor differences in behaviour. Some noticeable performance enhancements could be observed in various use case scenarios.

Web Filtering:
- Web Browser Usage and Duration:
- If configured, FortiClient will record detailed information about the user's web browser activities, such as: l Ahistoryofwebsitesvisitedbytheuser(asshowninregularwebbrowserhistory)
- l Anestimateofthedurationorlengthofstayonthewebsite
- These logs are sent to FortiAnalyzer, if configured. With FortiAnalyzer 5.4.0 or newer, the FortiClient logs sent
- from various endpoints may be viewed in FortiView.
- This feature requires FortiAnalyzer 5.4.0 or newer.

VPN

Authorized Machine Detection:
- For enterprises where new computers may be brought into the organisation by employees, FortiClient may be configured to check or identify the computer, before allowing it to establish IPsec VPN or SSL VPN connection to the FortiGate. The administrator may configure restrictions with one or more of the following:
- l Registrycheck:Ensureaspecificregistrypathcontainsapredeterminedvalue. l Filecheck:Verify:theexistenceofaspecificfileataspecifiedlocation.
- l Applicationcheck:Ensurethataspecificapplicationisinstalledandrunning.
- The verification criteria can be configured using advanced FortiClient XML configurations on the FortiGate or the EMS.
- This applies to FortiClient (Windows) only.
- New SSL VPN Windows Driver
- The FortiClient SSL VPN driver, pppop.sys was re-written to use the latest Microsoft Windows recommended CoNDIS WAN driver model. The new driver is selected when FortiClient is installed on Windows 7 or higher. The SSL VPN driver included in the previous versions of FortiClient will still be maintained.
- Endpoint Control What’s New in FortiClient (Windows) 5.4.0

New IPsec VPN Windows Driver:
- FortiClient IPsec VPN drivers have been updated to support Microsoft Windows NDIS 6.3 specification. The new drivers are compatible with Microsoft Windows 8.1 or higher.

Endpoint Control:
- Integration with the New Enterprise Management Server
- The Enterprise Management Server (EMS) is a new product from Fortinet for businesses to use to manage their computer endpoints. It runs on a Windows Server,so it does not require a physical Fortinet device. Administrators may use it to gain insight on the status of their endpoints. The EMS supports devices running Microsoft Windows, Mac OS X, Android and iOS.
- FortiClient Endpoint Control protocol has been updated to seamlessly integrate with the EMS. Various changes were added to support EMS features, such as:
- FortiGate Network Access Control with EMS Integration:
- When creating a FortiClient profile on EMS, the administrator can choose to configure the FortiClient to register to the same EMS or to a FortiGate. Changes in FortiClient 5.4.0 allow it to register to a FortiGate, while simultaneously, notifying the EMS of its registration status. The FortiClient EC registration to the FortiGate is required for Network Access Compliance (NAC). The administrator can configure the FortiGate to allow access to network resources only if the client is compliant with the appropriate interface EC profile.
- This feature requires FortiOS 5.4.0 or newer.
- Quarantine an Infected Endpoint from the FortiGate or EMS
- A computer endpoint that is considered to be infected may be quarantined by the FortiGate or EMS (Enterprise Management Server) administrator. FortiClient needs to be registered and online, using Endpoint Control, to the said FortiGate or EMS.
- Once quarantined, all network traffic to or from the infected endpoint will be blocked locally. This allows time for remediation actions to be taken on the endpoint, such as scan and clean the infected system, revert to a known clean system restore point or re-install the operating system.
- The Administrator may un-quarantine the endpoint in the future from the same FortiGate or EMS.

FortiClient GUI:
- This feature requires either FortiOS 5.4.0 or EMS 1.0.0.
- Importing FortiGate CA Certificate after Endpoint Control Registration
- When the FortiGate is configured to use SSL deep inspection, users visiting encrypted websites will usually receive an invalid certificate warning. The certificate signed by the FortiGate does not have a Certificate Authority (CA) at the endpoint to verify it. Users can manually import the FortiGate CA certificate to stop the error from being displayed. However, all users will have to do the same.
- When registering Endpoint Control (EC) to a FortiGate, the FortiClient will receive the FortiGate's CA certificate and install it into the system store. If Firefox is installed on the endpoint, the FortiGate's CA certificate will also be installed into Firefox certificate store. Thus, the end user will no longer receive the invalid certificate error message when visiting encrypted websites.
- The FortiGate CA certificates will be removed from the system store if FortiClient is uninstalled.

Enhancement to On-net/Off-net Configuration:
- The on-net feature requires the use of a FortiGate as the DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device on which FortiClient is running has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.
- There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided.

FortiClient will be on-net if:
- Otherwise, it is off-net.

FortiClient GUI AntiVirus Settings Page:
- With the introduction of botnet detection and the integration with FortiSandbox, the AV settings page on the FortiClient GUI has been updated to allow configuration of the new features. The AV settings page is accessible from the FortiClient dashboard. Select the AV tab on the left pane. Then click the settings icon on Real-Time Protection in the right pane.

The following may be selected on the AV settings page:
- FortiClient (Windows) 5.4.0:
- The use of FortiSandbox requires that file scanning is enabled.

FortClient Banner Design:
- If FortiClient is running in standalone mode and not registered to a FortiGate or EMS, a single banner at the bottom of the GUI is displayed. This is true for both the FortiClient full version, as well as the VPN only version. When registered to a FortiGate or EMS, the banner is hidden by default. Similarly, when created from a FortiClient Configurator, no banner is displayed by default.

Logging:
- Enhancement to FortiClient Logs
- FortiClient will create a log entry to show just the URL visited by the user through a web browser. This is in addition to the network level logs generated by FortiClient.

FortiClient 5.2.4.0650
- FortiClient 5.2.4 supports Windows 10. If upgrading from Windows 7 or 8.1 to Windows 10, please uninstall any installed FortiClient, reboot the system, and reinstall FortiClient 5.2.4. Please note, in this scenario, using the Repair option in the Programs and Features Control Panel does not reinstall FortiClient properly.
- The OpenSSL library has been updated to the latest version 1.0.2d.
- FortiOS 5.4 offers the FortiGate administrator the ability to quarantine an endpoint. Traffic from a quarantined endpoint will be dropped by the FortiGate until the endpoint has been released from quarantine. If the endpoint is running FortiClient 5.2.4 or newer) and registered to the FortiGate using Endpoint Control, FortiClient will notify the endpoint user that it has been quarantined by the FortiGate administrator. The FortiClient GUI will change to convey the message. The GUI will remain above any other opened window and cannot be closed. Once released from quarantine the FortiClient GUI will revert to normal operations.

FortiClient 5.2.3.0633
- FortiClient may be configured to send log messages to a syslog server. The following XML configuration may be used to enable this feature. Set to faz in order to switch logging to FortiAnalyzer. This is the default. Provide the IP address of the syslog server in
- The OpenSSL library has been updated to the latest version 1.0.1k.

FortiClient 5.0.6.320
- Vulnerability Scanner (Vulnerability Scan) and firewall applications (Application Firewall) with version 5.0.4.276 and above has been removed for unmanaged clients. FortiGate administrators can enable the display of these functions (for FortiClient) for the registered FortiGate users, so that these functions are still available but are no longer free.
- Improved usability of the repackager tool
- Repackaged clients can be upgraded
- Option to drop IPv6 traffic when an IPsec VPN connection is established. IPv4 traffic is sent through the tunnel or otherwise, depending on whether split tunnel is used.