macOS
The following instructions guide you though the manual installation of FortiClient on a macOS computer. For more information, see the FortiClient (macOS) Release Notes.
After manually running the FortiClient installer on a macOS computer, you must enable certain permissions and perform other actions for FortiClient to work properly. This topic provides instructions on the necessary configurations. The process is as follows:
- Install FortiClient on a macOS computer using the installer file. See To install FortiClient on a macOS computer:.
- Activate system extensions. See To activate system extensions:.
- (macOS 11 Big Sur and 10.15 Catalina only) Enable full disk access. See To enable full disk access:.
- Enable notifications. See To enable notifications:.
FortiClient (macOS) requires the use of the 198.18.0.0/15 subnet. You cannot use this subnet for other uses in your environment.
To install FortiClient on a macOS computer:
- Double-click the FortiClient_7.0.8.xx_macosx .dmg installer file. The FortiClient for macOS dialog displays.
- Double-click Install. The Welcome to the FortiClient Installer dialog displays.
- (Optional) Click the lock icon in the upper-right corner to view certificate details and click OK to close the dialog. Click Continue.
- Read the Software License Agreement and click Continue. You have the option to print or save the Software Agreement in this window. You are prompted to Agree with the license agreement terms.
- If you agree with the license agreement terms, click Agree to continue the installation.
- Depending on your system, you may be prompted to enter your system password.
- After the installation completes successfully, Click Close to exit the installer. FortiClient has been saved to the Applications folder.
- If using macOS Mojave (version 10.14), you must reboot the macOS device after installing FortiClient (macOS). FortiClient (macOS) displays the following prompt after installation. Click Restart System:
- Double-click the FortiClient icon to launch the application. The application loads to your desktop.
To activate system extensions:
After you perform an initial install of FortiClient, the device prompts you to allow some settings for FortiClient processes. You must have administrator credentials for the macOS machine to configure these changes.
After you grant permissions for extensions and daemons, you do not need to grant permissions again when upgrading to new FortiClient versions.
- After installation completes, the device displays a prompt to grant permissions to the FortiClient VPN configuration manager. This allows FortiClient to monitor network events on this device. Click Allow.
- The system also displays the following warning that FortiTray extensions are blocked. This prevents FortiTray from loading.
To enable the FortiTray extension, do the following:
Go to System Preferences > Security & Privacy.
Click the Allow button beside System software from application "FortiTray" was blocked from loading.
- For Web Filter and Application Firewall to work properly, you must enable the FortiClientNetwork extension. This extension may also be necessary to connect to SSL VPN after connecting FortiClient to SSL VPN. The FortiClient team ID is AH4XFXJ7DK. Do the following:
Go to System Preferences > Security & Privacy.
Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.
-
Verify the statuses of the extensions by running the
systemextensionsctl list
command in the macOS terminal. The following provides example output when the extension is enabled:
If you do not grant permission to the FortiTray extension or the VPN configuration manager after installing FortiClient, macOS displays a popup whenever you attempt to connect to a VPN tunnel. You cannot establish a VPN tunnel until you grant permissions to the FortiTray extension and VPN configuration manager.
You can also go to the Settings tab and click Open System Extension under Privacy Status. This shows if any FortiClient extensions still require permissions.
To enable full disk access:
macOS 11 Big Sur and 10.15 Catalina include security setting changes, which require you to enable full disk access for FortiClient services. If you do not grant full disk access to FortiClient services, FortiClient only provide partial protection of files in the /Applications directory. The first time that FortiClient detects an attempt to run an executable file located in another protected location on the endpoint as malware protection, macOS denies FortiClient access and prompts the user to grant full disk access.
- Go to System Preferences > Security & Privacy tab, and select Full Disk Access
- To make changes, click lock icon on the bottom left, enter your credentials, and Unlock.
- Select the following services to grant them full disk access:
- fcaptmon
- fctservctl
- fctservctl2
- fmon
- fmon2
- FortiClient
- FortiClientAgent
You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to
/Library/Application Support/Fortinet/FortiClient/bin/
and select fmon2.
If you did not grant full disk access permissions for the daemons, you can check their status on the Settings tab under Privacy Status. Click Open File Access to grant permissions for the daemons. If you do not configure this, macOS displays a popup asking for permissions each time that you use a feature related to one of the daemons, such as scanning for viruses.
To enable notifications:
After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.
- Go to System Preferences > Notifications > FortiClientAgent.
- Toggle Allow Notifications on.
Additional steps may be required if using Web Filter or RTP with FortiClient (macOS). See the FortiClient (macOS) Release Notes for details. |