Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jdvuyk
New Contributor

SSL VPN: Windows Works, MacOS does not!

Hi All.

I have a 100F device (6.2.8) setup for SSL VPN for remote connections using the VPN-only forticlient.  Windows works perfectly.  MacOS does not!  The VPN shows "Connecting" and then simply goes back to no message.  There are no errors.  The VPN does not connect. 

 

Mac = Big Sur 11.4

Forticlient = 7.0.1.0060

 

Facts:

- the VPN actually connects and authenticates.  Logs show this.  Also, putting in fake login details generates an client error for the wrong user/pass.  The correct user/pass generates no messages.  It connects but then for reasons unknown gets disconnected.

 

Fortigate Logs:

[263:root:42]got SNI server name: vpn.ourdomain.systems realm (null) [263:root:42]client cert requirement: no [263:root:42]SSL state:SSLv3/TLS read client hello (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write server hello (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write encrypted extensions (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write certificate (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write server certificate verify (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write finished (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data:system lib(49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS read finished (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384 [263:root:42]req: /remote/fortisslvpn_xml [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]sslvpn_reserve_dynip:1156 tunnel vd[root] ip[10.213.1.1] app session idx[1] [style="background-color: #ffff00;"][263:root:42]sslConnGotoNextState:307 error (last state: 1, closeOp: 0)[/style] [263:root:42]Destroy sconn 0x7f9fc8e300, connSize=0. (root)

 

FortiClient Logs:

20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:787 Start VPN: Our Company 20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:611 VPN connecting 20210817 11:37:51 [FortiTray:DEBG] vpnconnection.mm:540 Server URL: https://vpn.ourcompany.systems:10443 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:215 ApiEncMethod: 0 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:217 ApiRemoteAuthTimeout: 10 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:219 ApiServerSalt: 23a08a55 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:220 flag: 95 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:314 Send authentication request 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:506 Authentication passed 20210817 11:37:52 [FortiTray:DEBG] vpnconnection.mm:400 Stop process. 20210817 11:37:52 [FortiTray:INFO] VpnManager.swift:1475 Notification: Cancel input 20210817 11:37:52 [FortiTray:INFO] sslvpn_bridge.mm:71 Login successful 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:575 Login successful 20210817 11:37:53 [FortiTray:INFO] VpnManager.swift:1183 Inherit proxy settings 20210817 11:37:55 [FortiTray:DEBG] AppDelegate.swift:151 Reload config [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] ConfigManager.swift:1522 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:611 VPN connecting [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] VpnManager.swift:388 Failed to get tunnel provider's return code[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:604 VPN disconnected

 

Im a bit stumped.  The VPN successfully connects but then gets disconnected for an error I cannot decipher.

TIA.

 

 

 

1 Solution
saqib_hussain

I had the same issue and this is how I fixed.

Check in Security & Privacy fortitray needs permission when you installed for the first time. If you cant see the application uninstall the forticlient using forticlient uninstaller and reinstall again. Check again in Security & Privacy > General.  Allow fortitray app.

 

I hope this is helpful.

View solution in original post

16 REPLIES 16
jgizel
New Contributor

This solved my issue.  Terrible QA Fortinet.

pboertje

This solved my issue, macOS Monterey version 12.5 with FortiClient 7.0.6.0208

petterrafael
New Contributor

The process of installing and reinstalling FortiClient is flawed and from the first installation on, the others always end up resulting in the error reported in this post.
The solution is quite simple, as it is about lack of permission, just go to System Preferences > Security & Privacy > Privacy and select Full Disk Access and give full permission to FortiClient.
Voila, everything working.

Raj13

did it, but still nothing works

PD
New Contributor

Dear all,

Since yesterday, I have been experiencing the exact same issue. I am currently using MacOS Ventura 13.4 and FortiClient VPN 7.0.1.0060. There have been no changes made by the IT department, and I can successfully connect to the VPN using FortiClient on my iPhone, iPad, Windows PC, and even a Mac running High Sierra (10.13.6). The behavior is consistent across these devices, where FortiTray correctly connects to the VPN. On both the Ventura Macs i own, however, FortiTray attempts to establish a connection but suddenly disconnects. I have checked the logs, but they do not provide any useful information. The only odd thing I have noticed is that both the FortiClient and FortiClient Uninstaller applications in the Applications folder have a grey lock icon in the bottom left corner. On MacOS Ventura, the System Settings app has undergone significant changes in appearance compared to previous versions. However, in the Privacy & Security panel, I have granted all permissions to the app, and in any case I have not made any changes to them in the past two days.

Do you have any other advice or suggestions on what I could try?

Thank you in advance.

PD

 

gujuloos
New Contributor II

Hi,

Did you manage to find a solution. I'm in the same boat as you with MacOS Ventura 13.4.1. I've tried multiple versions of Forticlient VPN from 7.0.1 all the way to 7.2.0 and nothing works due to the FortiTray never giving the option to give permission.

Joro5928
New Contributor II

I've observed that MacOS can't connect on port different than standard 443.

Labels
Top Kudoed Authors