We were able to fix this by setting Firefox's
"security.enterprise_roots.enabled" to true.We started a wider rollout,
but are running into an issue where endpoints are getting dozens of
prompts from FortiClient to make changes to the system keychain.