Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rikki_s
New Contributor II

Mac 10.15 Catalina and Forticlient VPN

Hi, I just upgraded to Catalina on my Mac today and whilst the VPN client connects and notifies me of this I can't connect to anything on my network. No pings, SSH, RDP even HTTP work intranet. I was using the VPN this morning successfully on Mojave (10.14) and other users are connected to the VPN so that end is fine.

 

I am using 2FA with Fortitokens and I do get challenged for the token and this appears to be accepted successfully.

Forticlient VPN version is 6.2.1.654, I can't find anything newer.

 

Any ideas?

18 Solutions
weirder
New Contributor

I encounter same problem.

 

I just upgraded to osx Catalina and later found that Forticlient doesn't work any more. I was able to connect, but after connecting to VPN I'm unable to connect to any website or even ping google. (Before upgrading I had no problem with VPN).

 

I have Forticlient 6.0.8.149. In the settings, I'm using IPsec VPN, Authentication method I use Pre-shared key, and I log in using user name and password.

 

Please help fix this since I need to access company network. Thanks!

View solution in original post

dperussina

Same here... I have captured the debug log so hopefully fortinet devs can help us:

 

https://gist.github.com/dperussina/10c5176adcedb78c6887414bd6446d71

View solution in original post

hohosecure

The 6.2.1 release notes clearly do not mention Catalina as being supported:

Desktop operating systems

[ul]macOS Sierra (version 10.12)[/ul][ul]macOS High Sierra (version 10.13)[/ul][ul]macOS Mojave (version 10.14)[/ul]

Guess we have to wait....

View solution in original post

hans10
New Contributor II

Same here!

 

No issues with SSL-VPN (ppp adapter), only with IPSec (utun adapter)

 

 

Traffic is entering the tunnel, I see it being processed at the Fortigate and returning traffic enters the tunnel from the Fortigate. However the client doesn't receive it (traffic captured from the utun interface on the mac shows egres traffic only).

View solution in original post

hans10
New Contributor II

Update from TAC, we have to be patient I guess :

 

Dear Customer,   Currently, FortiClient does not support macOS Catalina. There is no ETA yet for a version where Catalina will be supported. It's currently in our QA tests, however, the release schedule is not yet available.   It will not be included in the upcoming 6.2.2 version (which should be available this week), and only after the current release, we will have information about the schedule for the next release.

View solution in original post

jinnerbi

Same here. Just updated from 10.14 to 10.15 Catalina. This is really annoying...

View solution in original post

przem_t
New Contributor

Does anyone know any alternative to Forticlient (SSL VPN) that works on Catalina?

View solution in original post

austinl
New Contributor II

Today, I did the newest available software update for Catalina (19A602).

I also uninstalled Forticlient and reinstalled Forticlient VPN 6.2.2. (6.2.2.685)

 

Still doesn't work.  Seems to work to connect, but data sends but data is not received.

View solution in original post

austinl

Read the special notices.  Still doesn't resolve Forticlient not working.  

 

Looks like data is being received but not sent.

View solution in original post

shahabahmadkhan

I tried installing the FortiClient VPN 6.0.8.149 on MacOS High Sierra , and first time it didnt worked, and later on after removing and reinstalling its working on it.

 

However on the latest macOS Catalina, i am unable to ping/ssh after successfully connecting to the VPN via IPSEC.

I tried on my mac upgraded from Mojave to Catalina and also tried on Fresh/Clean Installation of Catalina on a different macbook, but none of them seems to be working. 

 

I was getting the error on restoring the configuration which was resolved after reading the latest notes. But the ping and ssh is not working after we are connected.

 

I noticed one more thing, whatever the IP we are allocated, the if we try to ping that ip, that also doesn't give any response and time out happens.

 

If someone can confirm that they are able to ping the ip of the intranet or do SSH on macOS catalina via forticlient 6.0.8 or 6.2.2 on connecting the IPSec version , plz let me know

View solution in original post

maziboss

FORTINET Support have you read that topic?! Why you don't release version of your software compatible with macOS 10.15?! What a shame!

View solution in original post

Peter_Vermeulen

I have several users that have updated to Catalina, all of them are able to connect to our Fortigate 60E, firmware FortiOSv6.20 build0866 (GA).

 

But that is all they could do, no data is send or received. A fresh install of Forticlient 6.2.2.685 does not change the situation.

 

Two personally managed situations.

- MacOS 10.15, up2date, new install of FortiClient 6.2.2.685, can connect no data.

- MacOS 10.15, up2date, tried to connect with older version of FortiClient. Can connect, no data. Used uninstaller to remove older Fortinet Client, installed new version, can connect no data.

 

The link in this thread explaining to add processes to add and allow three processes to Full Disk Access under the Privacy tab of Security and Privacy. Those processes are not available.

 

Peter

View solution in original post

ThePro
New Contributor III

Im having the same issue.

 

The VPN connecte fine with 6.0, but I couldnt ping any devices.

 

I tried to download the 6.2 version via this link (https://filestore.fortine...lineInstaller_6.2.dmg) but it simply simply opens up and says No updates found with a Cancel button at the bottom right with no way to proceed.

 

If I login to my account at https://support.fortinet.com/ and go to / FortiClientMac/ Mac/ v6.00/ 6.2/ 6.2.2/ I only see a FortiClientTools_6.2.2.685_macosx.tar.gz (instead of a DMG file like FortiClient_6.0.8.149_macosx.dmg under / FortiClientMac/ Mac/ v6.00/ 6.0/ 6.0.8/

 

When I open FortiClientTools_6.2.2.685_macosx.tar.gz it extracts/decompresses the folder and inside the OnlineInstaller theres a DMG called FortiClient_6.2.2.685_OnlineInstaller.dmg, but when I run it nothing happens.

 

I tried to download 5.6 (FortiClient_5.6.6.755_macosx.dmg) from / FortiClientMac/ Mac/ v5.00/ 5.6/ but it also connect but cant ping (no traffic).

 

Has anyone been able to get this working? Are we still waiting from an official response/fix?

View solution in original post

boatkorachal

I got the same problem (be able to connect but cannot ping) when I tried to connect IPSEC VPN using pre-shared key.

 

by downgrading to 5.6.1, it works again!

 

here's the download link https://filestore.fortine...t_5.6.1.723_macosx.dmg

View solution in original post

stevepodradchik
New Contributor

Fortinet --

 

Enough already!  You've known for more than a month that Fortinet Client does not connect to a VPN on clean installations of Mac OS Catalina.  In a post a few weeks ago, you said that it would not be in the recent upgrade.  So be it.  Now that this upgrade is out, what is the schedule for a fix?  This is NOT some trivial UI issue but a total show-stopper for using your devices from a new Mac.

 

Timeframe?

 

Thanks, Steve

View solution in original post

nico81
New Contributor

Same problem here, Catalina fresh install and latest 6.2.2.* version, cannot ping and ssh any host.

Please fix!

 

*** EDIT: Solved with the following steps:

1 - Uninstalled 6.2.2.*

2 - Installed 5.6.1 from link in this thread (but advanced IPSec settings are missing)

3 - Upgraded to 6.0.9.162 downloaded from official download page

View solution in original post

traversierj

Hey,

 

Does anyone has the download link for the FortiClient 6.0.9.162

View solution in original post

rikki_s
New Contributor II

All. In case you're not aware the download link from the main Forticlient page now links to 6.2.3 and I can confirm this works successfully with Catalina. Finally! 

View solution in original post

82 REPLIES 82
rikki_s
New Contributor II

All. In case you're not aware the download link from the main Forticlient page now links to 6.2.3 and I can confirm this works successfully with Catalina. Finally! 

ropeguru

rikki_s wrote:

All. In case you're not aware the download link from the main Forticlient page now links to 6.2.3 and I can confirm this works successfully with Catalina. Finally! 

This is not working for me. I can auth into Catalina via PIV but Forticlient never picks up any certificates.

AlessandroC

I have upgraded to MacOS 10.15.2 with FortiClient 6.2.2.685.

 

Now I have error 130 while I try to connect to any VPN system.

 

Any suggestions?

mlarma

As enthusiastic as I was about 6.2.3 fixing VPN, which for me it did, we encountered a huge performance penalty on the mac side due to a bug in the AV engine (Support aware, it's being fixed), and an issue with the FortiProxy on the Windows side that prevented our employees from getting to the benefits website for the company.  This was also a bug that they're working on and the fix is being tested.  I will say that support has been great, but whomever did QA really put out a stinker of a release this go around.  I'd highly suggest testing a LOT before you roll 6.2.3 to your company and for me...I had to roll back to 6.2.2 for now.  Thankfully we have another VPN solution we were migrating from that the macs can use.  80%+ of the clients rolled back nicely, but there are some, that are giving me grief.  I blame myself as much as Fortinet in terms of me not testing thoroughly enough before deployment, but when Fortinet is only doing quarterly releases, they need to make sure they are turning out A+ binaries.

ropeguru

I was just informed today that while the FortiClient might have worked on past releases with SmartCards, it was never supported and in order to get that under Catalina, I would have to open a feature request with my account manager.

petterrafael
New Contributor

Hi,

 

I have the same problem, from what I noticed it is a failure to record a cookie, but unfortunately I was not able to solve the problem, I am also looking for a solution.

ansarrezaei

Hi

I have lots of trouble for installing Forticlient on Catalina and I hopefully did it using brew cask

brew cask install forticlient

But I have another problem. I have to use a SafeNet hardware token and in Catalina, Fortinet doesn't identify any client certificate. Do you have any similar experience?

JaapHoetmer

I can confirm that the marriage between MacOS Catalina and FortiClient is not a happy one. We added FortiToken secondary authentication, and connecting using SSL or IPsec failed miserably. Tried 6.0, 6.2.2, 6.2.4, 5.6.1, no luck.

 

However, after having downgraded to Mojave, everything works fine, including FortiToken.

 

Regards,

 

 

 

Kind regards, Jaap
elsevero

Hi everyone,

 

Hope that this post gets FortiNet employees attentions, at least to not get deleted. I have been experiencing major issues with the latest version of MacOS Catalina.

 

I did deep debug and the desktop app DOES NOT makes any communication with the gateway. It's strange ?!?!, I have used WireShark to inspect any packages but none of them appeared.

 

I have contacted the support and they told me that I need to provide them a Serial Number of the EMS license as the FortiClient licensing is applied to EMS.

 

On their website (https://www.forticlient.com/downloads) it specifies that the free version supports IPSec VPN, on MacOS, IT SEEMS NOT!

 

If someone finds a solution then I'm interested.

 

For now I'd conclude with a e-mail that I've send to them, after spending hours of debugging with their devs.

 

ThePro
New Contributor III

Having an issue with another iMac and Catalina (new installation).

 

SSL connect but IPSec does not. Error -104

 

default    19:42:02.976824-0400    kernel    Kext com.fortinet.fct.kext.ipsec not found for unload request.

I have tried previous versions and I get the same error.