Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
QC1048
New Contributor

Created on ‎12-06-2024 06:53 AM

FortiClient VPN on macOS Sequoia 15.1.1: Login Failed, Permission Denied

I am using FortiClient VPN-only version on macOS Sequoia 15.1.1. I configured the VPN, and during the connection process, I entered my password followed by the dynamic token generated by FortiToken. However, I receive the following error:
"Login failed. Permission denied."

I have followed the steps in the official documentation (https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/903183/macos), including:

  • Activating system extensions
  • Enabling full disk access
  • Enabling notificationsSnipaste_2024-12-06_10-42-22.pngSnipaste_2024-12-06_10-44-49.pngSnipaste_2024-12-06_10-45-09.pngSnipaste_2024-12-06_10-45-42.pngSnipaste_2024-12-06_10-45-56.png

I restarted my Mac after applying these settings and double-checked that they are correctly configured. Despite this, the error persists.

Has anyone else encountered this issue? Are there additional configurations or troubleshooting steps I can try?

Btw, The same vpn configuration works fine on Windows 11.

Labels:
759
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎12-08-2024 05:08 AM

Did you find anything relevant in FortiClient logs or in FortiGate debug logs?

Can you try with an older version like 7.0.13 or 7.2.5?

AEK
AEK
704
0 Kudos
QC1048
New Contributor
In response to AEK

Created on ‎12-08-2024 10:18 AM

I tried to connect remotely using the FortiGate VPN that was provided by my customer, but I don’t have any FortiGate service contracts, so I’m very limited in my ability to download older versions. Because of this, I couldn’t locate or test previous releases like 7.0.13 or 7.2.5.

On Windows, using the VPN-only version of FortiClient, the SSL VPN works normally. However, on macOS, I’ve tested on several fully fresh machines and keep encountering the same issue. It’s not that it never connects—I saw that can connected success once or twice—but these successful attempts are very rare.

All I can review are the FortiClient logs on macOS. In the fortitray.log, I found two lines that might be relevant:

20241207 21:55:52.007 TZ=-0400 [FortiTray:INFO] sslvpn.cpp:405 Check response

20241207 21:55:52.008 TZ=-0400 [FortiTray:INFO] sslvpn.cpp:411 Error from server: Permission denied.



661
0 Kudos
sjoshi
Staff
Staff

Created on ‎12-08-2024 05:24 AM

try to collect ssl vpn debug while connecting the forticlient vpn. It will give you more clarity

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-debug-SSL-VPN-daemon/ta-p/214433

Let us know if this helps.
Salon Raj Joshi
697
0 Kudos
QC1048
New Contributor
In response to sjoshi

Created on ‎12-08-2024 10:20 AM

Unfortunately, I don’t have any access or permissions on the VPN server side. All I can do is troubleshoot from the FortiClient side to see if there’s anything that can be adjusted or improved.

658
0 Kudos
QC1048
New Contributor
In response to sjoshi

Created on ‎12-08-2024 04:25 PM

Thank you for the suggestion. I tried downloading the available online installers from Fortinet’s support page, but I couldn’t find the diagnostic tool functionality in FortiClient.

It seems like this issue on macOS might not have a solution. I really appreciate everyone’s help and support on this matter.

594
0 Kudos
QC1048
New Contributor

Created on ‎12-10-2024 12:35 PM

I contacted the administrator and enabled debug on the FortiGate VPN server. The logs show that the connection fails after entering the FortiToken (from the app on iPhone). The same FortiToken works fine on Windows.

If 2FA is disabled, macOS can connect to the VPN without issues.

Any suggestions on how to resolve this?

log:
[176:root:62e14]req: /remote/logincheck
[176:root:62e14]Transfer-Encoding n/a
[176:root:62e14]Content-Length 135
[176:root:62e14]readPostEnter:19 Post Data length 135.
[176:root:62e14]User Agent: FortiSSLVPN (Mac OS X; SV1 [SV{v=02.01; f=07;}])
[176:root:62e14]rmt_web_auth_info_parser_common:533 no session id in auth info
[176:root:62e14]rmt_web_access_check:804 access failed, uri=[/remote/logincheck],ret=4103,
[176:root:62e14]fsv_logincheck_common_handler:1450 user 'xxxxx_user' has a matched local entry.
[176:root:62e14]got checking id 2-7cf80629
[176:root:0]fsv_logincheck_common_handler:1586 token_type = 1, time_out = 60
[176:root:62e14]1737 magic checked failed.
[176:root:62e14]Transfer-Encoding n/a
[176:root:62e14]Content-Length 135
[176:root:0]sslvpn_find_err_msg_array:409 Can't find the value for key: 400
[176:root:62e14]rmt_error_cb_handler:143 Can't get corresponding message for key 400. Use the default error message.
[176:root:62e14]SSL state:warning close notify (12.12.12.12)
[176:root:62e14]sslConnGotoNextState:318 error (last state: 1, closeOp: 0)
[176:root:62e14]Destroy sconn 0x7f983dbec800, connSize=6. (root)
[176:root:62e14]SSL state:warning close notify (12.12.12.12)

432
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.