Hi All.
I have a 100F device (6.2.8) setup for SSL VPN for remote connections using the VPN-only forticlient. Windows works perfectly. MacOS does not! The VPN shows "Connecting" and then simply goes back to no message. There are no errors. The VPN does not connect.
Mac = Big Sur 11.4
Forticlient = 7.0.1.0060
Facts:
- the VPN actually connects and authenticates. Logs show this. Also, putting in fake login details generates an client error for the wrong user/pass. The correct user/pass generates no messages. It connects but then for reasons unknown gets disconnected.
Fortigate Logs:
[263:root:42]got SNI server name: vpn.ourdomain.systems realm (null) [263:root:42]client cert requirement: no [263:root:42]SSL state:SSLv3/TLS read client hello (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write server hello (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write encrypted extensions (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write certificate (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write server certificate verify (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write finished (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data:system lib(49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS read finished (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384 [263:root:42]req: /remote/fortisslvpn_xml [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]sslvpn_reserve_dynip:1156 tunnel vd[root] ip[10.213.1.1] app session idx[1] [style="background-color: #ffff00;"][263:root:42]sslConnGotoNextState:307 error (last state: 1, closeOp: 0)[/style] [263:root:42]Destroy sconn 0x7f9fc8e300, connSize=0. (root)
FortiClient Logs:
20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:787 Start VPN: Our Company 20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:611 VPN connecting 20210817 11:37:51 [FortiTray:DEBG] vpnconnection.mm:540 Server URL: https://vpn.ourcompany.systems:10443 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:215 ApiEncMethod: 0 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:217 ApiRemoteAuthTimeout: 10 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:219 ApiServerSalt: 23a08a55 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:220 flag: 95 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:314 Send authentication request 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:506 Authentication passed 20210817 11:37:52 [FortiTray:DEBG] vpnconnection.mm:400 Stop process. 20210817 11:37:52 [FortiTray:INFO] VpnManager.swift:1475 Notification: Cancel input 20210817 11:37:52 [FortiTray:INFO] sslvpn_bridge.mm:71 Login successful 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:575 Login successful 20210817 11:37:53 [FortiTray:INFO] VpnManager.swift:1183 Inherit proxy settings 20210817 11:37:55 [FortiTray:DEBG] AppDelegate.swift:151 Reload config [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] ConfigManager.swift:1522 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:611 VPN connecting [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] VpnManager.swift:388 Failed to get tunnel provider's return code[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:604 VPN disconnected
Im a bit stumped. The VPN successfully connects but then gets disconnected for an error I cannot decipher.
TIA.
Solved! Go to Solution.
I had the same issue and this is how I fixed.
Check in Security & Privacy fortitray needs permission when you installed for the first time. If you cant see the application uninstall the forticlient using forticlient uninstaller and reinstall again. Check again in Security & Privacy > General. Allow fortitray app.
I hope this is helpful.
This solved my issue. Terrible QA Fortinet.
This solved my issue, macOS Monterey version 12.5 with FortiClient 7.0.6.0208
The process of installing and reinstalling FortiClient is flawed and from the first installation on, the others always end up resulting in the error reported in this post.
The solution is quite simple, as it is about lack of permission, just go to System Preferences > Security & Privacy > Privacy and select Full Disk Access and give full permission to FortiClient.
Voila, everything working.
did it, but still nothing works
Dear all,
Since yesterday, I have been experiencing the exact same issue. I am currently using MacOS Ventura 13.4 and FortiClient VPN 7.0.1.0060. There have been no changes made by the IT department, and I can successfully connect to the VPN using FortiClient on my iPhone, iPad, Windows PC, and even a Mac running High Sierra (10.13.6). The behavior is consistent across these devices, where FortiTray correctly connects to the VPN. On both the Ventura Macs i own, however, FortiTray attempts to establish a connection but suddenly disconnects. I have checked the logs, but they do not provide any useful information. The only odd thing I have noticed is that both the FortiClient and FortiClient Uninstaller applications in the Applications folder have a grey lock icon in the bottom left corner. On MacOS Ventura, the System Settings app has undergone significant changes in appearance compared to previous versions. However, in the Privacy & Security panel, I have granted all permissions to the app, and in any case I have not made any changes to them in the past two days.
Do you have any other advice or suggestions on what I could try?
Thank you in advance.
PD
Hi,
Did you manage to find a solution. I'm in the same boat as you with MacOS Ventura 13.4.1. I've tried multiple versions of Forticlient VPN from 7.0.1 all the way to 7.2.0 and nothing works due to the FortiTray never giving the option to give permission.
I've observed that MacOS can't connect on port different than standard 443.
On a Apple M1 Max and getting this with Forticlient 7.2.4.0850
SSLVPNTunnel.swift:196 Server does not support all known tunnel methods
Firewall has `set algorithm low` set. I'm assuming the new Macs are refusing some old ciphers or it doesn't like self signed certificate or something. I have tried everything in this thread to no avail
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.