Technical Tip: FortiGate FSSO Collector Agent 5.0.0323 or earlier does not support Windows Server 2025 with default polling mode

JianWu · ‎10-27-2025

Description

This article describes the issue that FortiGate collector agent 5.0.0.323 or earlier does not support Windows Server 2025 with the default polling mode, which is 'Check Windows Security Event Logs'.

Scope

FortiGate collector agent and Windows Server compatibility.

Solution

It is common that in the FortiGate collector agent, the default polling mode is used, which is 'Check Windows Security Event Logs'; it works with Windows Server 2022 or earlier.

The version support matrix is listed in the release note below:

FortiGate 7.4.9 Release Notes Product Integration and Support

FortiGate 7.6.4 Release Notes Product Integration and Support

The user will find that once the server is upgraded to Windows Server 2025, the Collector agent query will fail with this default setting.

In such a case, the workaround is to use the 3rd option, 'Check Windows Security Event Logs Using WMI', seen in the screenshot below.

The engineering team is aware of this issue, with a fix available; it is expected to be GA along with the v7.4.10 release, which currently targets mid-January 2026. For a short term, if acceptable, an interim version can be used to meet the needs.

Technical Tip: FortiGate FSSO Collector Agent 5.0.0323 or earlier does not support Windows Server 2025 with default polling mode

Description

Scope

Solution

You are leaving our website