Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
danjahner
New Contributor

Created on ‎09-12-2015 03:00 PM

FortiClient VPN Problems With OSX 10.11 El Capitan

I installed the GM candidate of Mac OS X 10.11 El Capitan and my FortiClient VPN has stopped working. It completes the login, but after connection, no data is transferred - the incoming and outgoing freeze. It is a split tunnel connection and neither network or internet traffic works. 

 

I tried disabling the firewall and System Integrity Protection, but neither had any effect. 

513159
0 Kudos
9 Solutions
lzs
New Contributor II

Created on ‎09-22-2015 01:26 AM

I've been trying since the first public beta, and now on the final GM Candidate. The VPN problem is there. Basically, what is wrong is that OS X's resolver is sending traffic out through the primary (original) network interface, even though the route table correctly shows that the VPN tunnel (ppp0) should be used.

 

When you use a command like nslookup, the DNS traffic goes through the VPN tunnel (ppp0) properly.

 

DNS name resolution  fails because my VPN client is told to use my corporate DNS server, but my corporate DNS server refuses to serve name queries from outside the corporate network. When the FortiClient VPN is connected, OS X's name resolution traffic arrives at the DNS server with the client's public Internet IP address, and hence is refused by my DNS server.

 

Technically, this looks like an OS X bug. Or, perhaps there really is something wrong that FortiClient is dong. Either way, I hope FortiNet can rectify or take it up with Apple to fix El Capitan.

View solution in original post

152642
0 Kudos
Sridhar
New Contributor III
In response to jweber

Created on ‎10-01-2015 06:06 AM

Facing the same issue. Latest FortiClient(5.3*) did not fix it.

But, FortiClient 4.0.2082 did not have any such issues(though it occasionally stops tunneling on its own).

 

Waiting for a fix like everyone, but 4.0.2082 is letting me work for time being.

View solution in original post

152644
0 Kudos
hansbogert
New Contributor
In response to Chris_Lin_FTNT

Created on ‎10-13-2015 03:21 PM

I've gotten it to "work" by getting the DNS to use ppp0 and some route magic. Explanation is on: http://serverfault.com/questions/728702/how-to-get-forticlient-working-in-osx-el-capitan/728707#7287...

 

Let's hope either party fixes this, because running scripts after establishing VPN is quite cumbersome.

View solution in original post

152643
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to seadave

Created on ‎10-22-2015 12:06 PM

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

View solution in original post

152643
0 Kudos
kevinboos
New Contributor II
In response to Chris_Lin_FTNT

Created on ‎11-03-2015 11:14 PM

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

It works for now! Thanks!

View solution in original post

152643
0 Kudos
tommy765
New Contributor
In response to soundso

Created on ‎01-26-2016 07:05 PM

Just ran El Capitan updates and it still does not work - bummer

View solution in original post

152643
0 Kudos
shenight
New Contributor
In response to Chris_Lin_FTNT

Created on ‎02-28-2016 10:39 PM

Chris.Lin wrote:

Here is another interim build b499.

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.499_macosx.dmg

 

5.4.1 release may be available at the end of February.

 

P.S. b493 from previous post is different from the official 5.4.0 b493. Developer made the change after 5.4.0 was released.

Thanks ! I had same problems that other people since 3 months with forticlient and this new build fixes the issue!!! Great job!

View solution in original post

152642
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to bds38

Created on ‎05-27-2016 09:50 AM

Try this. A more recent build.

https://www.dropbox.com/s...bpx1VjzYAmiK00S9a?dl=0

View solution in original post

152642
0 Kudos
soundso
New Contributor
In response to tommy765

Created on ‎09-26-2016 02:32 AM

After update to MacOS Sierra the client 5.4.1 works as expected.... 

View solution in original post

152643
0 Kudos
147 REPLIES 147
JSD303
New Contributor
In response to BlazeLewis

Created on ‎07-10-2016 06:51 AM

The version from dropbox posted by Chris also seems to work with 10.12 (macOS beta), where the latest version from Forticlient does not.

11308
0 Kudos
kevinboos
New Contributor II
In response to Chris_Lin_FTNT

Created on ‎11-03-2015 11:14 PM

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

It works for now! Thanks!

152644
0 Kudos
petertavenier
New Contributor
In response to kevinboos

Created on ‎11-03-2015 11:31 PM

kevinboos wrote:

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

It works for now! Thanks!

I did see this link, but I was confused by the version number. 5.4.0.493, exactly the same version is also downloadable via the support.fortinet.com portal, and I preferred to download it from the portal.

Something changed in this FortiClient version (dropbox link) compared to the same version online so I would expect a different version number. Anyway this works for me now as well. Thanks!

11308
0 Kudos
seadave
Contributor III
In response to kevinboos

Created on ‎11-03-2015 11:32 PM

Why would IPSec not update DNS and SSL, does?  The inconsistencies are maddening.  I'm testing again tonight and SSL VPN is working better for reasons unknown to me.  I haven't changed or updated anything from testing a few days ago.  But there is a new challenge.  I have office 2016 on this system.  I was unable to open and sync One Note.  I would get a certificate error.  I finally traced this back to the FortiClient Web Filter feature.  If I disable this, OneNote works right away.  So this is related to FortiClient not installing a root CA or OneNote using site pining?  Has anyone else seen this?  I have the Fortinet CA Serial #1266253082033515181 installed to work with our Fortigate SSL Inspection.  It does not appear that FortiClient installs a cert.  Should it not install a CA cert in order to do proper Web Filter scanning?

11308
0 Kudos
Milaan
New Contributor II
In response to seadave

Created on ‎11-09-2015 04:14 AM

So what exactly is the solution for this problem now? Im running 10.11.1 and FCT 5.4.0.493 and its still not working. Is there an offical fix comming anytime soon?

11308
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to Milaan

Created on ‎11-10-2015 02:40 PM

Milaan wrote:

So what exactly is the solution for this problem now? Im running 10.11.1 and FCT 5.4.0.493 and its still not working. Is there an offical fix comming anytime soon?

 

FortiClient 5.2.5 is just released. It includes fix for El Capitan. Upgrade is not enabled but you can run online installer to manually upgrade.

 

11308
0 Kudos
kevinboos
New Contributor II
In response to Chris_Lin_FTNT

Created on ‎11-12-2015 05:58 AM

Seems Fortinet updatet Forticlient to 5.4.0 :) 

http://docs.fortinet.com/uploaded/files/2607/forticlient-5.4.0-mac-os-x-release-notes.pdf

 

http://docs.fortinet.com/d/forticlient-5.4.0-windows-release-notes

 

Edit: it is no fix for people using VPN split tunneling, but just an acknowledgement that the issue exists: 

This flaw impacts FortiClient users when using split tunnel VPN connections. The Fortinet development team has reported the issue to Apple.

11308
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to seadave

Created on ‎11-10-2015 02:39 PM

dfollis wrote:

Why would IPSec not update DNS and SSL, does?  The inconsistencies are maddening.  I'm testing again tonight and SSL VPN is working better for reasons unknown to me.  I haven't changed or updated anything from testing a few days ago.  But there is a new challenge.  I have office 2016 on this system.  I was unable to open and sync One Note.  I would get a certificate error.  I finally traced this back to the FortiClient Web Filter feature.  If I disable this, OneNote works right away.  So this is related to FortiClient not installing a root CA or OneNote using site pining?  Has anyone else seen this?  I have the Fortinet CA Serial #1266253082033515181 installed to work with our Fortigate SSL Inspection.  It does not appear that FortiClient installs a cert.  Should it not install a CA cert in order to do proper Web Filter scanning?

FortiClient Mac, just like FortiClient Windows, is supposed to install FortiGate CA if it's configured to do that.

 

IPSec works in a way that's different from SSL, so Mac 10.11 DNS issue is not supposed to affect IPSec.

11308
0 Kudos
jaguarius
New Contributor
In response to Chris_Lin_FTNT

Created on ‎11-24-2015 03:50 AM

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

It works for me. Thanks a lot!!!

11308
0 Kudos
smr
New Contributor
In response to Chris_Lin_FTNT

Created on ‎12-14-2015 02:54 AM

Chris.Lin wrote:

There is a new private build here:

https://dl.dropboxusercontent.com/u/58793690/mac/FortiClient_5.4.0.493_macosx.dmg

 

Would you guys give it a try?

That private build worked for me (OS X 10.11.2). Thanks a lot!

11308
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.