I am using FortiClient VPN-only version on macOS Sequoia 15.1.1. I configured the VPN, and during the connection process, I entered my password followed by the dynamic token generated by FortiToken. However, I receive the following error:"Login failed. Permission denied."I have followed the steps in the official documentation (https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/903183/macos), including:Activating system extensionsEnabling full disk accessEnabling notificationsI restarted my Mac after applying these settings and double-checked that they are correctly configured. Despite this, the error persists.Has anyone else encountered this issue? Are there additional configurations or troubleshooting steps I can try?Btw, The same vpn configuration works fine on Windows 11.

New Member

Question

FortiClient VPN on macOS Sequoia 15.1.1: Login Failed, Permission Denied

Forum|Forum|1 year ago
December 6, 2024
3 replies
8239 views

I am using FortiClient VPN-only version on macOS Sequoia 15.1.1. I configured the VPN, and during the connection process, I entered my password followed by the dynamic token generated by FortiToken. However, I receive the following error:
"Login failed. Permission denied."

I have followed the steps in the official documentation (https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/903183/macos), including:

Activating system extensions
Enabling full disk access
Enabling notifications

I restarted my Mac after applying these settings and double-checked that they are correctly configured. Despite this, the error persists.

Has anyone else encountered this issue? Are there additional configurations or troubleshooting steps I can try?

Btw, The same vpn configuration works fine on Windows 11.

AEK

SuperUser

Did you find anything relevant in FortiClient logs or in FortiGate debug logs?

Can you try with an older version like 7.0.13 or 7.2.5?

AEK

QC1048Author

New Member

I tried to connect remotely using the FortiGate VPN that was provided by my customer, but I don’t have any FortiGate service contracts, so I’m very limited in my ability to download older versions. Because of this, I couldn’t locate or test previous releases like 7.0.13 or 7.2.5.

On Windows, using the VPN-only version of FortiClient, the SSL VPN works normally. However, on macOS, I’ve tested on several fully fresh machines and keep encountering the same issue. It’s not that it never connects—I saw that can connected success once or twice—but these successful attempts are very rare.

All I can review are the FortiClient logs on macOS. In the fortitray.log, I found two lines that might be relevant:

20241207 21:55:52.007 TZ=-0400 [FortiTray:INFO] sslvpn.cpp:405 Check response

20241207 21:55:52.008 TZ=-0400 [FortiTray:INFO] sslvpn.cpp:411 Error from server: Permission denied.

sjoshi

Staff

try to collect ssl vpn debug while connecting the forticlient vpn. It will give you more clarity

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-debug-SSL-VPN-daemon/ta-p/214433

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

QC1048Author

New Member

Unfortunately, I don’t have any access or permissions on the VPN server side. All I can do is troubleshoot from the FortiClient side to see if there’s anything that can be adjusted or improved.

sjoshi

Staff

you can then try to collect diagnostic output from FCT side

https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/748524/diagnostic-tool

https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/652483/generate-diagnostic-logs

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

QC1048Author

New Member

I contacted the administrator and enabled debug on the FortiGate VPN server. The logs show that the connection fails after entering the FortiToken (from the app on iPhone). The same FortiToken works fine on Windows.

If 2FA is disabled, macOS can connect to the VPN without issues.

Any suggestions on how to resolve this?

log:
[176:root:62e14]req: /remote/logincheck
[176:root:62e14]Transfer-Encoding n/a
[176:root:62e14]Content-Length 135
[176:root:62e14]readPostEnter:19 Post Data length 135.
[176:root:62e14]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[176:root:62e14]rmt_web_auth_info_parser_common:533 no session id in auth info
[176:root:62e14]rmt_web_access_check:804 access failed, uri=[/remote/logincheck],ret=4103,
[176:root:62e14]fsv_logincheck_common_handler:1450 user 'xxxxx_user' has a matched local entry.
[176:root:62e14]got checking id 2-7cf80629
[176:root:0]fsv_logincheck_common_handler:1586 token_type = 1, time_out = 60
[176:root:62e14]1737 magic checked failed.
[176:root:62e14]Transfer-Encoding n/a
[176:root:62e14]Content-Length 135
[176:root:0]sslvpn_find_err_msg_array:409 Can't find the value for key: 400
[176:root:62e14]rmt_error_cb_handler:143 Can't get corresponding message for key 400. Use the default error message.
[176:root:62e14]SSL state:warning close notify (12.12.12.12)
[176:root:62e14]sslConnGotoNextState:318 error (last state: 1, closeOp: 0)
[176:root:62e14]Destroy sconn 0x7f983dbec800, connSize=6. (root)
[176:root:62e14]SSL state:warning close notify (12.12.12.12)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded