Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Created on ‎08-25-2024 08:58 AM

FCT Web filter issue on MacOS

Hello FCT admins

We have FCT 7.4.0 (with EMS).

Web filter works on Windows 10 and Ubuntu 2x but it doesn't work on MacOS 12 for both Firefox 129.0.2 and Chrome ver. 127.0.6533.120 (not tested with Edge).
Below some output from FCT debug log that seem relevant.

20240821 09:10:54.787 [INFO ] confighandle_darwin:158 unable to load custom page err unable to read custom page warning_page_FGD_down.htm
20240821 09:10:54.849 [INFO ] fct_isdb:100 fctISDB updated, 0 inserted
20240821 09:10:55.233 [ERROR] proxy_darwin:125 CA certificate is intalled but not trusted. Attempting to trust
20240821 09:10:58.656 [DEBUG] fgdahandle:329 Init request
20240821 09:10:58.656 [DEBUG] helper_darwin:78 attempt 1 retrying after error: failed to select IP
20240821 09:10:58.657 [INFO ] fgdahandle:178 Launching FortiGuardAgent [-domain fctguard.fortinet.net -callback-port 50711 -log-level 255 -log-file /Library/Application Support/Fortinet/FortiClient/Logs/fortiguard_agent.log]
20240821 09:10:58.862 [DEBUG] fgdahandle:238 read NOTIFICATION_READY
20240821 09:10:58.862 [INFO ] fgdahandle:188 New FortiGuardAgent instance launched and listens on port 58657
20240821 09:11:01.658 [ERROR] fgdahandle:458 Failed to read FortiguardAgent response: read udp 127.0.0.1:60635->127.0.0.1:58657: i/o timeout
20240821 09:11:01.658 [ERROR] proxy_darwin:180 Unable to get wf cat version failed to InitRequestSendReceive: receiveResponse error: read udp 127.0.0.1:60635->127.0.0.1:58657: i/o timeout
20240821 09:11:01.658 [INFO ] proxy_darwin:206 set proxy port 49173
20240821 09:11:01.659 [INFO ] proxy_darwin:208 Starting webfilter server at [::]:49173


On the other hand on the MacOS' keychain we can see the EMS webfilter certificate and we can see it is trusted "for all users".

MacOS_KeyChain1.png

 

Anyone had the same issue on MacOS and could fix it?

AEK
AEK
Labels:
162
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎08-26-2024 07:31 AM

The solution was by granting full disk access to FCT, as mentioned in the release notes.

https://docs.fortinet.com/document/forticlient/7.4.0/macos-release-notes/223986/special-notices

Fixed by TAC support.

AEK
AEK
119
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.