Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atsy
New Contributor II

FortiClient VPN permission error on MacOS

I've installed FortiClient VPN only version and gave it full-disk and VPN permissions (to both: FortiClient.app and fctservctl2).

But when I try to connect to a VPN, it shows me an error: "To connect to a VPN with FortiClient, open Security & Privacy Settings and allow system software from FortiTray.". I've wanted to try to add FortiTray.app to the whitelist as well, but I cannot do it since it's located inside the FortiClient.app package.

How do I fix this?

1 Solution
Dulasalem
New Contributor

I found the solution :) 

go to setting - general - login item & extentions.

scroll down to extentions and click on "i" infront of network extention and allow the fotiTray.app

 

Screenshot 2024-09-25 at 11.14.24 AM.png

 

View solution in original post

13 REPLIES 13
ozkanaltas
Valued Contributor III

Hello @Anthony_E ,

 

Normally, this screen is given as below in the document. However, this screenshot and instructions are valid for old macOS versions.

 

image.png

https://docs.fortinet.com/document/forticlient/7.4.0/macos-release-notes/223986/special-notices

 

 

In new MacOS versions, this screen seems to have been moved to the area mentioned by @Dulasalem . It seems that adding the screenshot and path mentioned by @Dulasalem in the document will be sufficient.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Frend
New Contributor

Hello!

I am bumping into the exact same problem. 

No mention of Fortitray anywhere under my Privacy and Security window and no place where I might be able to allow it.
I have spent half day trying to install various older versions of the clients but same problem appears for full and free VPN client.

https://pasteboard.co/aQMHOlKvTKIS.png

https://pasteboard.co/YAWgDBQgYzIn.png


Best Regards,
Erkki S. 

Frend
New Contributor

Hello!

I found the cause of the problem and a working solution!

We are using MDM and it preapproves the TeamID-s.

Check if vpn extensions are allowed with 

systemextensionsctl list


If the teamID is not explicitly allowed from MDM with allowed extension profile then it is silently forbidden.

Ask your MDM admin create new allowed extension profile with following team-id and roll it out for your Mac:

AH4XFXJ7DK

 
Regards,
Erkki Saaremets

In_HLee
Staff
Staff

FCT macOS 7.4.0 Release Notes has been updated as per the feedback.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors