Skip to main content
svl
svl
New Member
November 14, 2020
Solved

MacOS Big Sur Fortclient VPN IPSec issues

  • November 14, 2020
  • 12 replies
  • 197648 views

Just installed macOS Big Sur and cannot get a connection with Fortinet firewall VPN anymore, while it did work with macOS Catalina.

 

I tried Forticlient version 6.4 which seems to connect just fine (I get an IP in expected range), but ssh/ping does not work. And also I cannot access a intranet http/https page.

 

Also tried multiple versions of 6.0.x but they all fail to connect and show "Connection was terminated unexpectedly. Error -104". After that, the keyboard (Macbook 16 inch) even fails to register any pressed buttons. For example I open app "notes" and cannot type anything (with every keystroke a sound is played but nothing is written). The only way to get out of this situation is to click "connect to VPN" in forticlient again and before it gets to the error click "disconnect". Then all works as usual (except the VPN obviously).

 

Anyone else having these issues?

 

Update Nov 25th 2020: 

Ok, so after quite a bit of testing by the people who maintain our firewall, we managed to make IPSec VPN work with native Mac OS Big Sur VPN client. I am always amazed by the lack of Fortinet response in this type of issues, as the solution seems pretty simple in the end. Eventually the configuration at fortigate firewall stayed exactly as it was, the only configuration I needed to add locally (with respect to using the FortiClient software) is to add a group name under "Authentication Settings". So to make it work we:

[ul]
  • Setup IPSec VPN in Mac OS Netwerk preferences (see also https://support.apple.com/guide/mac-help/set-up-a-vpn-connection-on-mac-mchlp2963/mac) using fields server address, account name (my personal account name), password (my personal account password) and under "Authentication settings" the shared secret (the shared password) and Group Name (had to get this from the firewall maintainer and never had to fill this in for FortiClient before).[/ul]

    Hopefully this helps others to get Fortigate IPSec VPN work with both Mac OS Big Sur and MacOS Catalina (both tested with our config).

    • Best answer by Bobbyla

    Just to confirm the VPN only installer is now updated on the website - Mac now connects using IPSEC on BigSur

     

    WOOHOO

     

    Thanks for updating it. (Labelled as 6.4 but when installing pulls the latest release 6.4.2.1.1305)

     

    Rob

     

    [image][/image]

    12 replies

    vtvincent
    vtvincent
    New Member
    November 14, 2020

    I'm seeing the same on 6.4.1.1267... IPSec VPN connects successfully but I can't access anything once connected. 

    Daniel_Kolblinger
    Daniel_Kolblinger
    New Member
    November 18, 2020

    vtvincent wrote:

    I'm seeing the same on 6.4.1.1267... IPSec VPN connects successfully but I can't access anything once connected. 

    I tried 6.4.1.1267 and 6.2.8.774 Same behavior. Login with IPSec and Token successful. It seems to be connected. But not really working. To use Native Mac Client with Cisco Ipsec is no option, because not allowed by our Admin.

    LJSilva
    LJSilva
    New Member
    November 15, 2020

    If you're only using Forticlient to connect to your VPN, in macOS Big Sur you no longer need it. The built-in Cisco IPsec VPN of Big Sur will now connect and correctly establish a tunnel to your Fortinet VPN and it's very stable and reliable. I never managed to to this in Catalina, but it seems Apple may have corrected or changed the Cisco IPSec code in Big Sur and it's now working like a charm. I tried it yesterday and it worked flawlessly.

    ivailoalexandrov
    ivailoalexandrov
    New Member
    November 15, 2020

    I have tried to use the built-in Apple Client, but with no success. This option should be allowed from the Fortinet firewall administrator. I have the same problem with 6.4.1.1267 and MacOS Big Sur. Hopefully Fortinet will provide an update... :)

    SteveG
    SteveG
    New Member
    November 15, 2020

    The Native Mac OS VPN client has worked for years (I use a Mac). However Forticlient provides numerous AV and anti malware protections which you don't get with the Native Client. I've raised a ticket with FN Support so will report back. I'm guessing FortiClient 6.4.2 will be released very soon ;) 

    remosito
    remosito
    New Member
    November 16, 2020

    we are seeing issue with big sur too.

     

    forticlient connects. even shows up on ipsec monitor page. 

     

    But no traffic goes through the tunnel

    Kiran
    Kiran
    New Member
    November 16, 2020

    Same issue for me as well. Able to connect to IPSec VPN, but not able to open/connect to any internal URLs/Resources. And it's working fine for users with previous version of MacOS.

    Totoshka
    Totoshka
    New Member
    November 16, 2020

    Kiran wrote:

    Same issue for me as well. Able to connect to IPSec VPN, but not able to open/connect to any internal URLs/Resources. And it's working fine for users with previous version of MacOS.

    The problem is similar. It all started after the update macOs Big Sur. 

     

     

     

    Pop
    Pop
    New Member
    November 16, 2020

    Hello

    Similar problem with me. I try to use the native VPN IP sec of Big Sur but unable to pass the remote Fortinet firewall. The IT administrator of my company would not accept to change the rules only for me.

    jconegundes
    jconegundes
    New Member
    November 16, 2020

    Hi Guys!

     

    The same thing happing here. Using Mac OS Big Sur (version 11.0.1 20B29), in MacBook Air (Retina, 13-inch, 2018) SSL VPN IPSEC don't work anymore. I'm using FortiClient version 6.4.1.1267. Trying native Apple Ipsec implementation (Cisco IPSEC) and, unfortunately, don't work too. SSL VPN still works. Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur? Does anyone have any tips that worked to make IPSEC work? 

    kcerb
    kcerb
    New Member
    November 16, 2020

    jconegundes wrote:

    Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur? 

    Just read this thread (2 posts above):

    Kiran wrote:

    Yeah, But unfortunately when I reached out to support, they said that currently there is no supported version for MacOS 11 yet and will be available in future versions. 

    joombo
    joombo
    New Member
    November 17, 2020

    same here, that's why I changed my vpn sevvice. 

    romanrss
    romanrss
    New Member
    November 17, 2020

    Hi All,

     

    I went through the same issue and here is how to setup the whole thing to make it works with MacOS 11 natively:

     

    1- You need to create a new VPN Tunnel iOS native

    >> You will not be able to connect if you only have the Client VPN on the fortinet end

    >> If you don't have access to the fortinet router, ask your administrator

    2- Go through the setup, and uncheck the Split Tunnel option

    3- Setup a new Cisco IPsec VPN with your info into your network settings on your Mac

     

    Voila.

     

    Wish that helps

    bill0004
    bill0004
    New Member
    November 18, 2020

    Same exact problem. I know that FortiClient uses a now-deprecated system extension that is no longer supported in macOS as of Big Sur. I think it's probably on Fortinet to update their software and system extension.

    oskrvas
    oskrvas
    New Member
    November 19, 2020

    Hi!

    I'm having the same issues, does anyone have a solution for this yet? Please, i use VPN for my work.

     

    Thanks

    Totoshka
    Totoshka
    New Member
    November 20, 2020

    oskrvas wrote:

    Hi!

    I'm having the same issues, does anyone have a solution for this yet? Please, i use VPN for my work.

     

    Thanks

    No one has a solution. The manufacturer must provide a solution. If the server is authorized by admins, then you can use the standard apple VPN.
    C_Bug
    C_Bug
    New Member
    November 27, 2020

    IPsec VPN is not working!!!

    I configured SSL-VPN and is working ok.

    autobahn97
    autobahn97
    New Member
    December 10, 2020

    I downloaded the latest Fortinet VPN client and there is nowhere to enter the group name - I only see Username.  Do you have a screenshot you can share?

    autobahn97
    autobahn97
    New Member
    December 10, 2020

     I have the same issue with Fortinet VPN client failing after Mac BIGSUR update.  Tried updating to latest version of fortinet VPN client - still not working.  The firewall has not changed and my Windows 10 PC can connect OK so problem is with Mac client.  I configured the Mac native Cisco IPSEC client as advised above (THANKS for this advice) with user ID, group ID, and shared secret and the native mac IPSEC client connects OK however I still can't ping or RDP to any servers inside the network so something is not right as I can only browse the Internet with the VPN.  I seem to recall that with the fortinet VPN client I had disabled split tunneling but I am not sure how that works with the native Mac client (or if that is set on firewall or client) so maybe this is relevant.  Any suggestions are appreciated.

    Show more replies
    Terms & ConditionsAccessibility statement