Hi,
we use FortiClient on Mac OS X to connect to our customers VPNs.Till this week I used macOS 10.15/Catalina with forticlient 6.0 and everything was working well. Now I upgraded to macOS 12/Monterey which didn't work with forticlient 6.0, thus upgraded client to 7.0.5.0166
Connecting to VPNs without certificate auth works well, but i'm unable to get VPN with client cert auth working. Same setup (certificate, password) works well on windows (and also worked well on previous setup - macOS 10.15/client 6.0). The problem might be related to special characters in certificate name, the VPN setup looks like:
however connection window shows incorrect client certificate name:
On old system / forticlient 6.0 everything seems to be right (connection window had proper characters). Once I tried new forticlient 7 on old macOS 10.15 and it didn't work. After downgrade to client 6.0 everythig was OK again (no change in certificate)
I tried reimporting the certificate to macOS, didn't help. I have more client certificates in keychain, they all show good names in setup window bud bad (escaped) in login window
Log file does't show anything interesting (to me)
===
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:58 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:58 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:27:59 [FortiTray:DEBG] AppDelegate.swift:151 Received message: reload config
20220506 21:27:59 [FortiTray:EROR] ConfigManager.swift:1574 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist
20220506 21:28:04 [FortiTray:DEBG] VPNMessageBridge.m:468 Request VPN statistics
20220506 21:28:10 [FortiTray:INFO] VPNMessageBridge.m:417 Request VPN connect
20220506 21:28:10 [FortiTray:DEBG] VPNMessageBridge.m:445 VPN profile: Gxxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:1068 Connect VPN: Gxxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:857 Start VPN: Gxxxx
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:642 VPN connecting
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:540 Server URL: https://ssl.xxxxxx:443
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:215 ApiEncMethod: 0
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:217 ApiRemoteAuthTimeout: 30
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:219 ApiServerSalt: 6538c2b8
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:220 flag: 223
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:314 Send authentication request
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:364 /remote/logincheck returns 405
20220506 21:28:10 [FortiTray:INFO] sslvpn.cpp:378 Check response
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:400 Stop process.
20220506 21:28:10 [FortiTray:DEBG] vpnconnection.mm:432 Cancel http. http task is running: No
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:1582 Notification: Cancel input
20220506 21:28:10 [FortiTray:INFO] sslvpn_bridge.mm:77 Login failed. Result: 0
20220506 21:28:10 [FortiTray:INFO] VpnManager.swift:617 VPN disconnected because of error: Login failed. Insufficient credential(s). Please check the password, client certificate, etc.
20220506 21:28:10 [FortiTray:DEBG] VPNMessageBridge.m:468 Request VPN statistics
===
Can anyone help with this ?
Thanks. Tomas
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello tomasm,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hello tomasm,
I could see that a user met the same issue and it has been solved:
Could you please have a look and tell me if it helped?
Thanks a lot in advance.
Regards,
I double checked the post mentioned, I do not see fortitray there (likely I allowed it before) even after forticlient reinstall. I also doublechecked and everything listed here is allowed if present:
https://docs.fortinet.com/document/forticlient/7.0.5/macos-release-notes/223986/special-notices
Anyway I think my case is different - some VPNs do work for me, problem is only with ones where I need to use certificate auth (possibly only with special characters in cert name, but this is only my guess as all my VPN client certs do have diacritics)
Thanks. Tomas
Tomas, have you found a solution? I have read elsewhere that Forticlient 7 is broken and to use 6.4, but I cannot find where to download that. For now I gave up on Forticlient and just used the built-in Macos VPN client, which works fine for IPsec using the same client cert as the one I am trying to use for the SSL VPN.
Unfortunately I have no solution (except of connecting from Windows PC) and cannot contact official support as we do not have contract with Fortinet (it's our customer, but they do not care about our problems)
On old OS X I recall last working version was 6.0 (as soon as GUI was blue it didn't work)
Based on your input I tried configuring native Macos VPN, but I have to use both password and cert which I haven't figured out how to configure
I'm running out of options and hope
I applied with great faith all the steps that that note shows, but NOTHING works.. the error follows.
The strange thing about this, is that no matter what values you put in the username, password or if you use any port, even if they are wrong, IT ALWAYS DELIVERS THIS MESSAGE.
I have registered only to comment that this product is really bad on MacOS platform. This problem has been present since FortClient 6.4, now I have had to uninstall (this version stopped working on OS Monterey) this version and install the latest version, 7.05.
I have the same problem as @tomasm and have not been able to get this "app" to work.
I hope that the official Fortinet "Support" can read these topics (I think that's what they exist for), to see if. they can resolve the error, which is clearly the product.
Cheers,
Freddy
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.