Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Related Videos

sidebar video

Installing the FortiClient Mac Agent & Giving Required Permissions

  • 1,279 views
  • 2 months ago

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Proxy mode extension

A new system extension, com.fortinet.forticlient.macos.proxy, works as a proxy server to proxy a TCP connection. macOS manages the extension's connection status and other statistics. This resolves the issue that Web Filter fails to work when SSL and IPsec VPN are connected.

FortiClient (macOS) automatically installs the extension on an M1 Pro or newer macOS device. For a macOS device with Intel or M1 chip, you can do the following:

To enable proxy mode on macOS devices with an Intel or M1 chip:
  1. Add following XML configuration:

    <forticlient_configuration>

    <webfilter>

    <use_transparent_proxy>1</use_transparent_proxy>

    <webfilter>

    <forticlient_configuration>

  2. Manually create an empty file: sudo touch /Library/Application\Support/Fortinet/FortiClient/conf/use_transparent_proxy

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.

Related Videos

sidebar video

Installing the FortiClient Mac Agent & Giving Required Permissions

  • 1,279 views
  • 2 months ago

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Proxy mode extension

A new system extension, com.fortinet.forticlient.macos.proxy, works as a proxy server to proxy a TCP connection. macOS manages the extension's connection status and other statistics. This resolves the issue that Web Filter fails to work when SSL and IPsec VPN are connected.

FortiClient (macOS) automatically installs the extension on an M1 Pro or newer macOS device. For a macOS device with Intel or M1 chip, you can do the following:

To enable proxy mode on macOS devices with an Intel or M1 chip:
  1. Add following XML configuration:

    <forticlient_configuration>

    <webfilter>

    <use_transparent_proxy>1</use_transparent_proxy>

    <webfilter>

    <forticlient_configuration>

  2. Manually create an empty file: sudo touch /Library/Application\Support/Fortinet/FortiClient/conf/use_transparent_proxy

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.