Hi All.
I have a 100F device (6.2.8) setup for SSL VPN for remote connections using the VPN-only forticlient. Windows works perfectly. MacOS does not! The VPN shows "Connecting" and then simply goes back to no message. There are no errors. The VPN does not connect.
Mac = Big Sur 11.4
Forticlient = 7.0.1.0060
Facts:
- the VPN actually connects and authenticates. Logs show this. Also, putting in fake login details generates an client error for the wrong user/pass. The correct user/pass generates no messages. It connects but then for reasons unknown gets disconnected.
Fortigate Logs:
[263:root:42]got SNI server name: vpn.ourdomain.systems realm (null) [263:root:42]client cert requirement: no [263:root:42]SSL state:SSLv3/TLS read client hello (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write server hello (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write encrypted extensions (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write certificate (49.178.7.112) [263:root:42]SSL state:TLSv1.3 write server certificate verify (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write finished (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data:system lib(49.178.7.112) [263:root:42]SSL state:TLSv1.3 early data (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS read finished (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL state:SSLv3/TLS write session ticket (49.178.7.112) [263:root:42]SSL established: TLSv1.3 TLS_AES_256_GCM_SHA384 [263:root:42]req: /remote/fortisslvpn_xml [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]deconstruct_session_id:426 decode session id ok, user=[user],group=[SSLVPN-Guest],authserver=[],portal=[External],host=[49.178.7.112],realm=[],idx=1,auth=1,sid=67598625,login=1629167478,access=1629167478,saml_logout_url=no [263:root:42]sslvpn_reserve_dynip:1156 tunnel vd[root] ip[10.213.1.1] app session idx[1] [style="background-color: #ffff00;"][263:root:42]sslConnGotoNextState:307 error (last state: 1, closeOp: 0)[/style] [263:root:42]Destroy sconn 0x7f9fc8e300, connSize=0. (root)
FortiClient Logs:
20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:787 Start VPN: Our Company 20210817 11:37:51 [FortiTray:INFO] VpnManager.swift:611 VPN connecting 20210817 11:37:51 [FortiTray:DEBG] vpnconnection.mm:540 Server URL: https://vpn.ourcompany.systems:10443 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:215 ApiEncMethod: 0 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:217 ApiRemoteAuthTimeout: 10 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:219 ApiServerSalt: 23a08a55 20210817 11:37:51 [FortiTray:INFO] sslvpn.cpp:220 flag: 95 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:314 Send authentication request 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:506 Authentication passed 20210817 11:37:52 [FortiTray:DEBG] vpnconnection.mm:400 Stop process. 20210817 11:37:52 [FortiTray:INFO] VpnManager.swift:1475 Notification: Cancel input 20210817 11:37:52 [FortiTray:INFO] sslvpn_bridge.mm:71 Login successful 20210817 11:37:52 [FortiTray:INFO] sslvpn.cpp:575 Login successful 20210817 11:37:53 [FortiTray:INFO] VpnManager.swift:1183 Inherit proxy settings 20210817 11:37:55 [FortiTray:DEBG] AppDelegate.swift:151 Reload config [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] ConfigManager.swift:1522 Config file "/Library/Application Support/Fortinet/FortiClient/conf/epctrl.plist" not exist[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:611 VPN connecting [style="background-color: #ffff00;"]20210817 11:37:55 [FortiTray:EROR] VpnManager.swift:388 Failed to get tunnel provider's return code[/style] 20210817 11:37:55 [FortiTray:INFO] VpnManager.swift:604 VPN disconnected
Im a bit stumped. The VPN successfully connects but then gets disconnected for an error I cannot decipher.
TIA.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I had the same issue and this is how I fixed.
Check in Security & Privacy fortitray needs permission when you installed for the first time. If you cant see the application uninstall the forticlient using forticlient uninstaller and reinstall again. Check again in Security & Privacy > General. Allow fortitray app.
I hope this is helpful.
So I guess when they mean "no support" they really mean it.
I gave up. From my research, my conclusion is that the MacOS implementation is broken. I ended up configuring the Cisco IPsec method and that works fine. Its just a bit rubbish that I need to maintain 2 implementations now because of poor QA.
I had the same issue and this is how I fixed.
Check in Security & Privacy fortitray needs permission when you installed for the first time. If you cant see the application uninstall the forticlient using forticlient uninstaller and reinstall again. Check again in Security & Privacy > General. Allow fortitray app.
I hope this is helpful.
Someone give this man a beer!! (assuming you are a man!) This was totally the solution. So so simple. But at the same time, not easy to troubleshoot for the non-mac native. Thanks very much.
If any developers from Fortinet read these forums, please, please, give more informative error messages. None of the errors indicated in the Forticlient log indicate any permission based issues.
Also, this could easily be solved by a permissions check within the Forticlient application and a dialog box that tells the client the EXACT reason it can't perform properly. If the 'fortitray' application doesn't have permissions, it should check and on failure tell the client via a message of some sort or (better) prompt them to remediate the problem by requesting the permissions again. But why is this permission being skipped over in the first place? There were other permissions that the user received prompting to allow when the client was installed initially. How did this one escape?
It didn't work for me...!!! OS Monterey 12.4 and FortiClient 7.0.5.0166
The strange thing is that it doesn't matter if you put correct or incorrect values in the username and password, it always returns the same message, I think it doesn't even try to make the request to the server, it is stopped before by the certificate (which certificate? I have no idea).
Cheers,
Hi @FreddyE
Were you able to solve this issue. Even I am facing the similar issue with no luck still.
@saqib_hussain What version of macOS Mojave are you using and what is your Forticlient version. Are you using the VPN only client or the paid version.
doesnt work after the first installation there is no prompt asking for permission
Use IP address instead of hostname.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1516 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.