Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
limemike88
New Contributor

Issues with FortiClient EMS on macOS

Hello Fortinet Community!

We’re experiencing some intermittent and location-specific issues with FortiClient EMS (v7.2.4 build 0983) and FortiGate 60F (v7.2.10 build 1706) after upgrading our FortiClient licenses from the free to the paid version with EMS implementation. All endpoints are macOS devices running different OS versions. I’m hoping to get insights or solutions from anyone who has encountered similar issues.

Current Setup:

  • Implemented FortiClient EMS with endpoint profiles configured for Remote Access, Web Filtering, Malware Protection, and Vulnerability Scanning.
  • Both On-Fabric and Off-Fabric rules are configured, primarily distinguishing internal subnet access (10.10.X.X/24 for internal users).
  • All endpoints are Mac devices and are not connected to an AD or DC; endpoint management is done solely through FortiClient EMS.

Issues:

  1. Google Chrome Profile Logouts & Missing Bookmarks: Some remote users report that, when the issue occurs, they’re logged out of their Google profile in Chrome, and previously saved bookmarks disappear, as though they’re using Chrome for the first time. This behavior happens at unpredictable intervals.

  2. Intermittent VPN Disconnections and Browsing Issues: When issue occurs, some users, even with internet access, are unable to browse via Chrome and experience sporadic VPN disconnections. This started happening after some users travelled between different locations.

  3. Location-Specific Behavior: Issues seem to impact only remote users, with those in the office unaffected. Temporarily disconnecting from EMS telemetry and reconnecting seems to resolve the problem temporarily, but the issue recurs intermittently and unpredictably.

What We’ve Tried:

  • Coordinated with Fortinet TAC and suggested turning off Web Filtering and Malware Protection to isolate whether these features might be causing the issue. However, this leaves endpoints unprotected, which isn’t ideal.
  • Checking VPN profile and SSL-VPN configurations on FortiClient EMS and FortiGate, as well as potential network/energy settings on Mac devices that could interfere with connection stability.
  • Additionally, currently reviewing, tweaking, and fine-tuning the Remote Access, Web Filtering, and Malware Protection endpoint security profiles to isolate any configurations that might be contributing to the issue.

Questions:

  1. Has anyone else encountered Chrome-specific profile or bookmark issues when using FortiClient with Web Filtering enabled?
  2. Could there be a hidden geo-location check or dependency causing off-fabric users to experience issues mentioned that on-fabric users do not?
  3. Any best practices for managing FortiClient EMS on Mac devices, especially when users frequently change locations or connect from different subnets?

Any advice or similar experiences would be greatly appreciated. Thanks in advance for your help, and patience with the long post!

4 REPLIES 4
Stephen_G
Moderator
Moderator

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen - Fortinet Community Team
Stephen_G
Moderator
Moderator

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.

Stephen - Fortinet Community Team
Stephen_G
Moderator
Moderator

Hi limemike88,

 

Sorry it has taken so long to get you an answer. I was provided the following questions that may be worth investigating:

 

  1. Has anyone else encountered Chrome-specific profile or bookmark issues when using FortiClient with Web Filtering enabled? We have no similar reports.
  2. Could there be a hidden geo-location check or dependency causing off-fabric users to experience issues mentioned that on-fabric users do not? No, there is no geo-location. But it can be caused by different features enabled in onnet and offnet profiles.
  3. Any best practices for managing FortiClient EMS on Mac devices, especially when users frequently change locations or connect from different subnets?  - Nothing special for this case. Looks like it require in depth troubleshooting to find which feature cause those issues.

Stephen - Fortinet Community Team
limemike88

Hi Stephen,

No worries. I appreciate the response and the guidance. We'll look into the options provided and see if it helps resolve the issue. Thanks for the assistance!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors