I opened a ticket on this but maybe this will be faster... I am running FortiClient 7.2.4.0850 on a MAC runing macOS 14.5. But I also have a need to run CloudFlare WARP once a week. But the logs for WARP show that the ztagent is running and that port 53 has been redirected to the Fnet app.
I do not currently have ZTNA setup at all in FortiClient. But regardless, there must be a way to shut down the client fully for a short time so I can run WARP for a few hours a week. When I do try to shutdown the forticlient processes they auto restart on my MAC.
Does anyone know if there is a way to kill them off for a few hours then manually start them up? And yes I am connected to an EMS.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have done this through policy groups in Forti EMS. Id set up a uninstall group and then move the computer back to the correct group when ready. Its a pain to set up but after the set up it works well. There maybe a better way thats just how I get it done asap.
Hello @systemgeek
You can stop FortiClient AutoStart.
Please check this forum : https://community.fortinet.com/t5/Support-Forum/Cant-stop-FortiClient-from-starting-on-startup/td-p/...
You can also check this article but not sure if this will work with new versions.
https://gaborhargitai.hu/disable-forticlient-vpn-autostart-on-login-under-macos/
salmas
Its not that it starts up on reboot. I do not reboot my MAC enough to care. Nor can you just kill of processes. What ever the macOS equivilent of Linux SystemD is is monitoring the processes. When you kill of one of them or all of them the macOS version of SystemD starts them right back up.
Whats weird is that I have created a Policy on the EMS server and put myself in that policy that has the firewall disabled. I have waited long enough (by now its been 2 days) for the update to happen on my laptop. Now on my laptop I can run the following:
lbohm@gatekeeper ~> sudo pfctl -sa
Password:
No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
nat-anchor "com.apple/*" all
nat-anchor "com.apple.internet-sharing" all
rdr-anchor "com.apple/*" all
rdr on lo0 inet proto udp from any to any port = 53 -> 127.0.0.1 port 53535
rdr on lo0 inet proto tcp from any to <dohhosts> port = 443 -> 127.0.0.1 port 53535
rdr on lo0 inet proto tcp from any to ! 127.0.0.0/8 -> 127.0.0.1 port 49222
Then:
lbohm@gatekeeper ~> sudo lsof -nP -i:53535
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ztnafw 375 root 9u IPv4 0xeef82931792557f4 0t0 UDP 127.0.0.1:53535
ztnafw 375 root 11u IPv4 0x99296ca29ba922ac 0t0 TCP 127.0.0.1:53535 (LISTEN)
So all DNS traffic is being redirected to port 53535 which is monitored by ztnafw. And NO I am not connected via VPN at this time nor do we use ZTNA yet to control traffic.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.