I've been having trouble connecting my FortiClient 7.4.3 to a SAML IPsec VPN after updating to Windows 11 25H2. My setup includes a FortiGate 61F running FortiOS 7.4.9, and I've noticed that what worked fine before the upgrade is now failing. Although I thought the issue was with either my FortiGate setup or my Azure Entra ID app, it turns out the problem was with Windows 11 25H2 itself. If you're experiencing similar issues with connection hanging or failing to redirect properly, here are the fixes I found:
1. **Install the VC++ Redistributable**: It's crucial to have the latest Microsoft Visual C++ Redistributable installed, something FortiClient doesn't mention, and there's little documentation about this dependency.
2. **Enable External Browser for SAML Authentication**: Inside FortiClient's settings, under VPN, make sure to enable "Use external browser as user-agent for SAML user authentication." This allows proper redirects and token exchanges with Entra ID.
3 Answers
I faced the same issue and found that enabling the external browser in the VPN settings, alongside installing the latest Visual C++ Redistributable, solved it for me! Definitely worth a shot if you haven’t tried it yet.
I've been using FortiClient 7.2.10 and 7.2.12 without any issues, so if you can downgrade, it might help!
There’s a known issue with SAML in FortiOS 7.4.9 related to the 'sign response and assertion' feature. If you're using an enterprise app, check those settings. Switching it up can help solve the connection problems. But keep in mind that some setups like G-suite might still have issues.
Got it! I had assumed it was set up correctly already, but I’ll double-check. Thanks for the heads up!