One very experienced Mac user mentioned how he changed the solver manually to make the DNS work. It may worth a try.

"Initial prep: $ mkdir ~/resolver $ echo ""nameserver 172.16.100.100"" > ~/resolver/ca (repeat for com, org and any other TLDs you need to access) $ sudo mkdir /etc/resolver

After connecting to SSLVPN: $ sudo cp ~/resolver/* /etc/resolver

When disconnecting from SSLVPN: $ sudo rm /etc/resolver/*

For some reason, this works, even though /etc/resolv.conf's contents have no effect. "

I updated the client to 5.4 and its still not working. Anyone else have this working without having to go thru route changes. 

On top of it still not working I am now getting nonstop error in log which leads to grey screen of death. Happened couple times, had to uninstall 5.4 completely of this to stop. Here is what shows up in the console, this one line shows up continuously. 

 kernel[0]: fctappfwnke : error! - pkt data write error 

hansbogert wrote:

I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#7287...

 

Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.

Hello,

 I have installed lastest forticlient 5.4 and I am running El Capitan. My issue is I am not able to connect to internet in Safari but I am able to login to my remote windows desktop. Any help will be useful?

This crap has got to stop Fortinet.  Is anyone over there doing any kind of QC testing???  I've spent that last month trying to figure out how I can deploy a consistently configured IPSec VPN to my Mac and Windows users without dumbing it down to crappy crypto.  EMS is a good start and I'm going to play with that, but based on the complaints about 5.2.4, the cert bug in 5.2.3 (UI gets corrupted if you attempt to upload a EC Signed Cert), and what I'm seeing in FortiClient 5.4 I don't have my hopes high.

WHY IN THE HECK ARE THERE NOT ADVANCED SETTINGS ON THE MAC CLIENT UI!!!

I guess I'm one of those guys who doesn't like defaults because that is what the bad guys love and I'm trying to prevent.  As a result we are trying to only allow DH Group 14 (I'd like to use the EC based ones but those aren't available in the Windows or Mac clients) and we are only allowing AES256/SHA256 Enc/Auth proposals.  This is fairly easy to do on the Windows client.  NONE OF THESE OPTIONS ARE AVAILABLE ON THE MAC!!!

I finally figured out that if I export the schema on the MAC I can waste a few more hours hunting these values down and change them by hand.  After doing so, I imported back into the MAC FortiClient and BAM!, if finally connected using the stronger auth crypto.  But now I'm in the same boat as all of the folks above due to DNS issues.

On Windows you can edit the virtual interface and add your domain and DNS servers to be used when the connection is active, but the FortiClient does not show up as an editable interface under the Mac Network settings.  I'm glad there are people out there who are as well versed as the person who figured out the CLI scripting but why torture us in having to figure that out when all it takes is a few weeks during development to make the freaking UI consistent and available to those of us who are not CLI terminal wizards???

PS I'm well aware that Apple has F'd up the DNS service in recent OSX releases.  I saw your release notes that said, "we found a problem, but it is Apples fault so it is up to them to fix it" is BS.  If one of your customers is able to come up with a fix, there should be someone at Fortinet who is smart enough to do that also and bake it into the build as an option.

So cliffs notes so far... it's an Apple problem and Fortinet is waiting on a resolution?

Sounds like it. I'm curious whether anyone has tried it with the 10.11.1 betas.