Just installed macOS Big Sur and cannot get a connection with Fortinet firewall VPN anymore, while it did work with macOS Catalina.
I tried Forticlient version 6.4 which seems to connect just fine (I get an IP in expected range), but ssh/ping does not work. And also I cannot access a intranet http/https page.
Also tried multiple versions of 6.0.x but they all fail to connect and show "Connection was terminated unexpectedly. Error -104". After that, the keyboard (Macbook 16 inch) even fails to register any pressed buttons. For example I open app "notes" and cannot type anything (with every keystroke a sound is played but nothing is written). The only way to get out of this situation is to click "connect to VPN" in forticlient again and before it gets to the error click "disconnect". Then all works as usual (except the VPN obviously).
Anyone else having these issues?
Update Nov 25th 2020:
Ok, so after quite a bit of testing by the people who maintain our firewall, we managed to make IPSec VPN work with native Mac OS Big Sur VPN client. I am always amazed by the lack of Fortinet response in this type of issues, as the solution seems pretty simple in the end. Eventually the configuration at fortigate firewall stayed exactly as it was, the only configuration I needed to add locally (with respect to using the FortiClient software) is to add a group name under "Authentication Settings". So to make it work we:
[ul]Hopefully this helps others to get Fortigate IPSec VPN work with both Mac OS Big Sur and MacOS Catalina (both tested with our config).
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you're only using Forticlient to connect to your VPN, in macOS Big Sur you no longer need it. The built-in Cisco IPsec VPN of Big Sur will now connect and correctly establish a tunnel to your Fortinet VPN and it's very stable and reliable. I never managed to to this in Catalina, but it seems Apple may have corrected or changed the Cisco IPSec code in Big Sur and it's now working like a charm. I tried it yesterday and it worked flawlessly.
Kiran wrote:The problem is similar. It all started after the update macOs Big Sur.Same issue for me as well. Able to connect to IPSec VPN, but not able to open/connect to any internal URLs/Resources. And it's working fine for users with previous version of MacOS.
Yeah, But unfortunately when I reached out to support, they said that currently there is no supported version for MacOS 11 yet and will be available in future versions. So thought that better to suggest some alternative to people who are suffered like me, until the fix is release.
Kiran wrote:You can add Local ID in native Mac OS VPN client (type: Cisco). Just click Authentication settings and type your LocalID in the Group Name field.
Did you configure your IPSec VPN with Phase 1 - Local ID? When I tried native CISCO IPSec VPN, it did not work for VPN which is configured without Phase 1 - Local ID. Modify your VPN configuration with Phase 1 - Local ID and give it as 'Group Name'(which will be the option below the Shared Secret) while configuring the native VPN.
FGT60B, FGT100A, FGT100D
kcerb wrote:This solved the problem for me. I made an account just to say thanks. Once I filled out the Group Name I was connected. Hopefully my company supports the newer version of Fortinet in the future, but I'm happy to use the built-in VPN for now.Kiran wrote:You can add Local ID in native Mac OS VPN client (type: Cisco). Just click Authentication settings and type your LocalID in the Group Name field.
Did you configure your IPSec VPN with Phase 1 - Local ID? When I tried native CISCO IPSec VPN, it did not work for VPN which is configured without Phase 1 - Local ID. Modify your VPN configuration with Phase 1 - Local ID and give it as 'Group Name'(which will be the option below the Shared Secret) while configuring the native VPN.
[attachImg]https://forum.fortinet.com/download.axd?file=0;191690&where=message&f=Setup-VPN-on-Mac-Linux-and-Windows.png[/attachImg]
Just to confirm the VPN only installer is now updated on the website - Mac now connects using IPSEC on BigSur
WOOHOO
Thanks for updating it. (Labelled as 6.4 but when installing pulls the latest release 6.4.2.1.1305)
Rob
[image][/image]
I had the very same problem with SSL-VPN. Reinstalling FortiClient and adding a new connection with the exact same connection details did the trick for me.
After the first attempt using this new connection I got a prompt that Catalina will be the last version to support outdated system extensions : https://support.apple.com/de-de/HT210999 (german). I saw this message a few times before but not after upgrading to Big Sur. I am not sure what exactly went on behind the scenes, but wanted to let you know.
Hello
Similar problem with me. I try to use the native VPN IP sec of Big Sur but unable to pass the remote Fortinet firewall. The IT administrator of my company would not accept to change the rules only for me.
Hi Guys!
The same thing happing here. Using Mac OS Big Sur (version 11.0.1 20B29), in MacBook Air (Retina, 13-inch, 2018) SSL VPN IPSEC don't work anymore. I'm using FortiClient version 6.4.1.1267. Trying native Apple Ipsec implementation (Cisco IPSEC) and, unfortunately, don't work too. SSL VPN still works. Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur? Does anyone have any tips that worked to make IPSEC work?
jconegundes wrote:Just read this thread (2 posts above):Does anyone know when we will have a new FortiClient version? 100% compatible with Mac OS Big Sur?
Kiran wrote:Yeah, But unfortunately when I reached out to support, they said that currently there is no supported version for MacOS 11 yet and will be available in future versions.
FGT60B, FGT100A, FGT100D
same here, that's why I changed my vpn sevvice.
Hi, same for me: Forticlient connects but transmits no data. The built-in Cisco IPsec VPN of Big Sur says that: VPN Server is not answering. Hopefully Fortinet comes fast with updated version for Big Sur!
Hi, I had the same connection problems after upgrading to Big Sur. However, after successfully connecting via forticlient VPN or via Cisco IPSec I was unable to access anything within the server. Finally I realized that the IP assigned to me by the server at the office is in the same sub-range as the IP address given by the router at home. So I changed the range of the home subnet to 192.168.1.0 and connected via WiFi to the home router with this new IP address and it worked perfectly. I hope this can be of use to one of you.
Forticlient 6.4.2 is out today. As far as I can tell, IPSec works in Big Sur. Have not done extensive testing but I can at least ping systems inside the network after I connect.
Hi @BrokenRecord, where did you download the client? I've looked through the docs:
FortiClientVPNSetup_6.4.2.xxx_macosx.dmg
Free VPN-only installer.
Is available as ref'd: https://docs.fortinet.com...mware_images_and_tools
I cannot find it anywhere on the linked sites.. any ideas?
BrokenRecord wrote:Great news, but same problem as @Bobbyla. If I install from official site, I get 6.4.1. Would really appreciate a dl link!Forticlient 6.4.2 is out today. As far as I can tell, IPSec works in Big Sur. Have not done extensive testing but I can at least ping systems inside the network after I connect.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.