Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jin-Gyu
New Contributor

Created on ‎04-24-2025 05:59 PM

The Fortigate SSL-VPN Firewall Host Check feature does not work

When I tested it through FortiVPN with a Windows 10 laptop, it worked fine, but when I tested it through FortiClient with a Windows 11 laptop, it didn't work.

It is the same environment except that Windows 11 laptop has EMS interworking as FortiClient.

What is the problem?

 

Labels:
172
0 Kudos
1 Solution
Durga_Ashwath
Staff
Staff

Created on ‎04-25-2025 03:31 AM Edited on ‎04-25-2025 03:39 AM

Hi Jin,

Good Day,

The issue you're experiencing with the FortiClient SSL VPN host check feature not working on a Windows 11 laptop could be due to several factors. Here are some steps to troubleshoot and resolve the problem:

1. Due to TLS Version Compatibility, Windows 11 uses TLS 1.3 by default, while Windows 10 uses TLS 1.2. Ensure that the cipher suite settings on the FortiGate are configured to support TLS 1.3. If the `TLS-AES-256-GCM-SHA384` option has been removed, it may cause issues with Windows 11.

2. Verify that the EMS (Endpoint Management Server) settings are correctly configured and compatible with Windows 11. Ensure that the FortiClient version on Windows 11 is supported by the EMS.

3. Ensure that the host check settings are correctly configured on the FortiGate. The host check feature relies on the WMI namespace `\root\SecurityCenter2` to check the health status of antivirus products. Confirm that this namespace is accessible and functioning on Windows 11.

4. Ensure that you are using a compatible version of FortiClient for Windows 11. Check for any updates or patches that may address compatibility issues with Windows 11.

Please do follow the below article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-SSL-VPN-connects-successfully-...

Thanks.

Regards,
Durga A

 




View solution in original post

131
2 REPLIES 2
Durga_Ashwath
Staff
Staff

Created on ‎04-25-2025 03:31 AM Edited on ‎04-25-2025 03:39 AM

Hi Jin,

Good Day,

The issue you're experiencing with the FortiClient SSL VPN host check feature not working on a Windows 11 laptop could be due to several factors. Here are some steps to troubleshoot and resolve the problem:

1. Due to TLS Version Compatibility, Windows 11 uses TLS 1.3 by default, while Windows 10 uses TLS 1.2. Ensure that the cipher suite settings on the FortiGate are configured to support TLS 1.3. If the `TLS-AES-256-GCM-SHA384` option has been removed, it may cause issues with Windows 11.

2. Verify that the EMS (Endpoint Management Server) settings are correctly configured and compatible with Windows 11. Ensure that the FortiClient version on Windows 11 is supported by the EMS.

3. Ensure that the host check settings are correctly configured on the FortiGate. The host check feature relies on the WMI namespace `\root\SecurityCenter2` to check the health status of antivirus products. Confirm that this namespace is accessible and functioning on Windows 11.

4. Ensure that you are using a compatible version of FortiClient for Windows 11. Check for any updates or patches that may address compatibility issues with Windows 11.

Please do follow the below article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-SSL-VPN-connects-successfully-...

Thanks.

Regards,
Durga A

 




132
Jin-Gyu
New Contributor
In response to Durga_Ashwath

Created on ‎04-27-2025 10:23 PM

Thank you for your answer.

90
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.