Explorer II

Solved

Mismatch between FortiClient VPN connection and Mac OS setting

Forum|Forum|6 months ago
November 26, 2025
1 reply
3657 views

Hello,

I installed FortiClient on MacOS 26.1 and after following the instruction from our IT, I am apparently connected to the VPN. Everything seems fine in the FortiClient window, showing it is "connected", but I have two problems: first in the Mac system setting, VPN & Filters, it shows VPN is "disconnected", second I lose the internet after connecting to the VPN. In the same system setting, under Filters & Proxies, I cannot add FortiClient to the list, while I can still see Cisco Secure. I checked some posts regarding internet disconnection, but all are confusing to me and have not been helpful. I would be thankful if anyone would help to solve this issue.

Thank you.

Best answer by funkylicious

ok, this means that connecting to the IPsec is pushing a specific DNS server to the station ( most likely its configured on the FGT as DNS server and there it works and IT enabled Use system DNS in mode config in IPsec ) - https://community.fortinet.com/t5/Support-Forum/Can-t-enable-DNS-on-VPN-Tunnel/m-p/52350 which breaks your connection.

remove it from resolv.conf and add any other DNS and it should be ok.

cannot resolve from Internet/my home queries using it

nslookup google.com 146.155.1.155
Server: 146.155.1.155
Address: 146.155.1.155#53

** server can't find google.com: REFUSED

nedahejaziAuthor

Explorer II

Screenshot 2025-11-26 at 11.45.29 AM.png

I cannot turn it on. Any help would be very welcome.

funkylicious

SuperUser

hi,

macOS user here. in System Settings > VPN you cannot connect to the VPN, only disconnect. Use FortiClient for connecting.

as for losing Internet after connection, make sure that the issue isnt just related to DNS and try pinging 8.8.8.8 after connecting and see if it works, then try google.com.

if dns resolution isnt working look into /etc/resolv.conf to see if FortiClient pushed any servers and if you have access to them to resolve the queries ( either using ping and/or nslookup ) .

also, check with netstat -rn if the vpn is configured as split-tunnel where you have access only to certain subnets or full-tunnel. if its full then IT needs to check if you are granted Internet access.

L.E. https://docs.fortinet.com/document/forticlient/7.4.3/macos-release-notes/223986

L.E.2 it appears that Tahoe/26.1 isnt oficially supported yet https://docs.fortinet.com/document/forticlient/7.4.3/macos-release-notes/471180

"jack of all trades, master of none"

nedahejaziAuthor

Explorer II

Dear Funkylicious,

Thank you so much for your reply, I greatly appreciate your help. So sorry for my long reply. I am going through your possible solutions step by step.

-First I changed DNS servers to 8.8.8..8

Screenshot 2025-11-26 at 12.35.45 PM.png

But the problem remains.

---------------------------

I then tried: "/etc/resolv.conf", showing this:

Screenshot 2025-11-26 at 1.12.50 PM.png

---------------------------

Next, I tried "scutil --dns" as suggested above, showing below:

Screenshot 2025-11-26 at 1.15.56 PM.png

But I do not understand it, I am not sure if I should check above suggested domains in "Search Domains" in the DNS setting.

---------------------------

I then checked for split-tunnel/full-tunnel using "netstat -rn" and I do not know if my IP address is changed to the VPN's IP address after VPN connection. Below is a part of the result after connection:

Screenshot 2025-11-26 at 1.18.49 PM.png

---------------------------

I do not know if I have done your suggestions perfectly. Perhaps this very last Mac OS version is not supported yet and I have to try with older versions. I would really appreciate it if you would share your points with me.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded