Help
FortiCare Service Development Discussions
Ask questions and join FortiCare Services
nedahejazi
New Contributor

Created on ‎11-25-2025 07:18 PM

Mismatch between FortiClient VPN connection and Mac OS setting

Hello,

 I installed FortiClient on MacOS 26.1 and after following the instruction from our IT, I am apparently connected to the VPN. Everything seems fine in the FortiClient window, showing it is "connected", but I have two problems: first in the Mac system setting, VPN & Filters, it shows VPN is "disconnected", second I lose the internet after connecting to the VPN. In the same system setting, under Filters & Proxies, I cannot add FortiClient to the list, while I can still see Cisco Secure. I checked some posts regarding  internet disconnection, but all are confusing to me and have not been helpful. I would be thankful if anyone would help to solve this issue.

Thank you.

 

 

 

 

397
0 Kudos
2 Solutions
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 08:48 AM

according to the "netstat -rn" table, you VPN pushes/installs a route for 10.11.42.0/24 network via utun interface and the IP assigned to you is 10.254.0.219 , which means it's split tunnel.

 

as for DNS settings/servers, these usually are assigned via DHCP from your home/local network when you connect to it, no need to change/set anything manually and based on the scutils --dns you can reach 8.8.8.8 therefore you should have internet access.

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
334
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 10:57 AM Edited on ‎11-26-2025 10:59 AM

ok, this means that connecting to the IPsec is pushing a specific DNS server to the station ( most likely its configured on the FGT as DNS server and there it works and IT enabled Use system DNS in mode config in IPsec ) - https://community.fortinet.com/t5/Support-Forum/Can-t-enable-DNS-on-VPN-Tunnel/m-p/52350 which breaks your connection.

remove it from resolv.conf and add any other DNS and it should be ok.

 

cannot resolve from Internet/my home queries using it

 

nslookup google.com 146.155.1.155
Server: 146.155.1.155
Address: 146.155.1.155#53

** server can't find google.com: REFUSED

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
282
19 REPLIES 19
nedahejazi
New Contributor

Created on ‎11-26-2025 06:47 AM

Screenshot 2025-11-26 at 11.45.29 AM.png

 I cannot turn it on. Any help would be very welcome.

184
0 Kudos
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 06:51 AM Edited on ‎11-26-2025 07:05 AM

hi,

macOS user here. in System Settings > VPN you cannot connect to the VPN, only disconnect. Use FortiClient for connecting.

as for losing Internet after connection, make sure that the issue isnt just related to DNS and try pinging 8.8.8.8 after connecting and see if it works, then try google.com.

if dns resolution isnt working look into /etc/resolv.conf to see if FortiClient pushed any servers and if you have access to them to resolve the queries ( either using ping and/or nslookup ) .

also, check with netstat -rn if the vpn is configured as split-tunnel where you have access only to certain subnets or full-tunnel. if its full then IT needs to check if you are granted Internet access.

 

L.E. https://docs.fortinet.com/document/forticlient/7.4.3/macos-release-notes/223986

L.E.2 it appears that Tahoe/26.1 isnt oficially supported yet https://docs.fortinet.com/document/forticlient/7.4.3/macos-release-notes/471180 

"jack of all trades, master of none"
"jack of all trades, master of none"
182
nedahejazi
New Contributor
In response to funkylicious

Created on ‎11-26-2025 08:20 AM Edited on ‎11-26-2025 08:24 AM

Dear Funkylicious, 

Thank you so much for your reply, I greatly appreciate your help. So sorry for my long reply. I am going through your possible solutions step by step.

-First I changed DNS servers to 8.8.8..8

Screenshot 2025-11-26 at 12.35.45 PM.png

But the problem remains. 

---------------------------

I then tried: "/etc/resolv.conf", showing this:

Screenshot 2025-11-26 at 1.12.50 PM.png

---------------------------

Next, I tried "scutil --dns" as suggested above, showing below:

Screenshot 2025-11-26 at 1.15.56 PM.png

But I do not understand it, I am not sure if I should check above suggested domains in "Search Domains" in the DNS setting.

---------------------------

I then checked for split-tunnel/full-tunnel using "netstat -rn" and I do not know if my IP address is changed to the VPN's IP address after VPN connection. Below is a part of the result after connection:

Screenshot 2025-11-26 at 1.18.49 PM.png

---------------------------

I do not know if I have done your suggestions perfectly. Perhaps this very last Mac OS version is not supported yet and I have to try with older versions. I would really appreciate it if you would share your points with me.

173
0 Kudos
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 08:48 AM

according to the "netstat -rn" table, you VPN pushes/installs a route for 10.11.42.0/24 network via utun interface and the IP assigned to you is 10.254.0.219 , which means it's split tunnel.

 

as for DNS settings/servers, these usually are assigned via DHCP from your home/local network when you connect to it, no need to change/set anything manually and based on the scutils --dns you can reach 8.8.8.8 therefore you should have internet access.

"jack of all trades, master of none"
"jack of all trades, master of none"
335
nedahejazi
New Contributor
In response to funkylicious

Created on ‎11-26-2025 09:12 AM Edited on ‎11-26-2025 09:15 AM

Great, so I have to ask IT about it and check with another version of Mac. Thank you again for your time!

165
0 Kudos
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 09:15 AM

may I ask what doesnt work after you connect to the VPN ?

all things should indicate that Internet access is/should be possible while connected to the VPN.

"jack of all trades, master of none"
"jack of all trades, master of none"
161
nedahejazi
New Contributor
In response to funkylicious

Created on ‎11-26-2025 09:17 AM

After I connect to VPN, my internet seems to be extremely slow and nothing shows up after a simple google search.

160
0 Kudos
funkylicious
SuperUser
SuperUser
In response to nedahejazi

Created on ‎11-26-2025 09:23 AM Edited on ‎11-26-2025 09:24 AM

try doing a speedtest and see if your public IP ( whatsmyip.org ) changes before and after connecting to the VPN.

also, do a "time nslookup google.com" before and after to measure how long it takes to resolve.

"jack of all trades, master of none"
"jack of all trades, master of none"
154
0 Kudos
nedahejazi
New Contributor
In response to funkylicious

Created on ‎11-26-2025 09:31 AM

I have tried "whatsmyip.org". This is before:

 

Screenshot 2025-11-26 at 2.29.34 PM.png

And this is after!

 

Screenshot 2025-11-26 at 2.29.06 PM.png

After VPN connection, my internet goes to zero.

 

153
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.