My university utilizes FortiClientVPN to enable connection to the university's network to work remotely. Since macOS-based computers are very rare our IT department does not provide any help for the system. I want to connect from home (MacBook Air) to work (Mac-mini) both with macOS Monterey (v.12).
I have FortiClient FortiClientVPN 7.0.2 installed and configured on my MacBook according to the IT department it connects to the university's network as the log reports indicate. I have enabled remote access in the preferences on my Mac-mini and installed Apple Remote Desktop (v.3.9.5) on my MacBook. I entered the Mac-mini's IP address to the ARD app as it was shown in its preferences as I was granting access to
However, trying to connect I get the error 'Connection failed to "<IP address>" Unable to communicate with “<IP address>”. Make sure the remote computer is available and the firewall is not blocking screen sharing.'.
Both computers have Norton 360 installed but disabling firewall protection on both does not change anything.
Can anyone help?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi could you please try the following:
Connection Name: Enter a name, such as FTNT VPN
Description: This field is optional
Remote Gateway: FTNT.Fortinet.us (Example)
Authentication: Select Save login
Username: Enter your FTNT network user name (optional)
6.On the Connect screen:
The Connection Name and Username should be automatically populated.
Password:
If you have an RSA SecurID soft token: Enter the 8-digit token that displays on your device (mobile phone). Do not enter the PIN as part of the FortiClient password.
If you have an RSA SecurID hard token (fob): Enter your PIN + the 4 digit token (without spaces) that displays on your token.
7.Click Connect. A connection to the AHS SSL VPN portal will be established. The window will minimize to the task bar.
*Note that this screen displays the assigned IP address from the SSL VPN located inside FTNT.
After you have successfully connected FortiClient, it can be used with the Remote Desktop Connection (RDP) tool to remotely access an FTNT computer from your personal computer.
Note: The target FTNT computer must be powered on and no other user can be logged on.
FortiClient must be active and connected.
Remote Desktop Connection is provided as part of the Windows.
Use the Windows search tool to search for remote desktop. Click Remote Desktop Connection
2.Type in IP address
3.Enter your FTNT network username in this format: domain\username.
Then enter your password.
4.At the FTNT computer sign-on prompt, enter your AHS network username and password again.
You should now be connected and signed into your FTNT computer and have full access to your files, applications, and the network.
When your work is done, Disconnect from FortiClient.
Best regards,
Pedro
@pvalente Hi! Thank you for your answer but as I wrote in my question both computers are macOS-based not Windows, and I have Apple Remote Desktop for the remote connection.
So, I have been fighting with this exact issue for a client of ours that are strictly running Mac osX ranging from 10.14.x (Mojave) – 12.x (Monterey). Some are running on M1 chips and others on 2019 intel chips.
In two cases I have had two different things happen, which is why I mention the OS + M1 vs Intel chip builds. In both cases we are unable to successfully connect to the company VPN using any version of the FortiClient-VPN-only client for Mac OS (ranging between 6.0.x -7.0.0.0022) on devices running Monterey. We receive either the “Connection failed to xxx Server” or nothing happens.
However, if we install the FortiCleint ZTNA client using the same configuration information, the Mac’s in question can connect to VPN with no issue (if you ignore the trial timer). The VPN only client as well as the ZTNA edition are being pulled down from Fortinet site.
In one case, on a system that has a M1 chip, we were able to install the iPad / iOS version of the VPN only client, and though not optimal, are able to get a stable, active VPN connection.
(If you have an M1 chip Mac, you might try installing the VPN only iPad version from the Apple store, as M1 chip build support iOS and iPad apps due to the ARM, architecture).
Does anyone know why the most recent build release of the paid version would work, but the most recent build release free version would not on a Mac??? To be clear there is no issue connecting to the same VPN, from a PC (running FortiClient VPN Only ver. 7.0.1.0083).
When reading this - https://docs.fortinet.com/document/forticlient/7.0.2/macos-release-notes/223986/special-notices the way it’s written implies no other steps are needed, but then promptly says you need to add these other options. I can attest to that fact that on a fresh install of the free FortiClient, that only the “fctservctl” “fctservctl2” and “FortiClient” were present under Preferences> Security+ Privacy>Privacy>Full Disk Access.
Anyone have any ideas?
Created on 02-02-2022 02:21 AM Edited on 02-02-2022 07:03 AM
Hi @KinPete I have only “fctservctl2” and “FortiClient” present under Preferences> Security+ Privacy>Privacy>Full Disk Access and both are allowed. Where are the rest gone? According to the special notice you mention there should be a whole list (fcaptmon, fctservctl, fctservctl2, fmon, fmon2, FortiClient, FortiClientAgent)???
And in the status of the extensions running only one:
--- com.apple.system_extension.network_extension
enabled active teamID bundleID (version) name [state]
* * AH4XFXJ7DK com.fortinet.forticlient.macos.vpn.nwextension (1.4.8/B20210629) vpnprovider [activated enabled]
BTW my both machines are Intel-based.
@marcinUPP Yeah, I have seen the same thing. Meaning I have only seen “fctservctl” “fctservctl2” and “FortiClient” in the privacy, full disk access list. The document I referenced is certainly... confusing!
As I mentioned it says "if you are using the VPN only client you only need to allow “fctservctl2” and “FortiClient”, then promptly implies that you need to manually add the other items.
I have not had a chance to try manually adding the other items', to see if that fixes it. I should say that my customer(s) were previously using 6.0.xxx version, so its possible the "fctservctl" is left over from a previous install.
I was bouncing back between a number of VPN clients', so its possible something was left over. I certainly have not seen the "fmon2" item, and it's possible that the "other items that need full disk access" are for some other version of the VPN client, though as I have experienced, the paid version works with no issue, so I think all of those items mentioned in the document are possibly required for the 7.0.xx VPN only client to function correctly.
I will certainly update this thread if I manage to figure out how to get the VPN only client to work on Monterey and or on a system running a M1 chip.
Hopefully the Community will be able to pool our knowledge and resources to come up with a viable fix.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.