I've been struggling with my FortiClient 7.4.3 on Windows 11 25H2 since the update. My setup includes a FortiGate 61F running FortiOS 7.4.9 and SAML IPsec VPN integrated with Azure Entra ID. Everything was working perfectly with the previous Windows version (24H2). After upgrading, SAML login stopped functioning right out of the gate. I spent days trying to troubleshoot, suspecting my FortiGate or Azure setup was at fault, but it turns out the Windows 11 25H2 update was the issue. I had to implement a couple of crucial fixes to get it working again: 1) Installing the latest Visual C++ Redistributable, which FortiClient doesn't mention at all, and 2) Enabling the "Use external browser as user-agent for SAML user authentication" option in FortiClient's VPN settings. If anyone is facing similar issues, I recommend checking these points out.
3 Answers
Thanks for sharing these fixes! Do you have a guide or anything on how to configure SAML IPsec? I could really use some solid instructions.
There are known issues with version 7.4.9 related to SAML. If you're using Azure, make sure to check the 'sign response and assertion' options in your enterprise app settings. I had the same problem, and changing those settings resolved it for me.
I was using version 7.2.10, and it worked fine for me. Maybe check if rolling back helps? Also, for me, enabling the external browser in the VPN settings and updating the VC++ Redistributable did the trick when I had issues. Worth a shot!
Sure! You can try this guide: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-a-dia-lup-IPsec-VPN-with-Azure-SAML/ta-p/370414. It’s pretty helpful and there are also a ton of videos on YouTube!