Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • (macOS) Release Notes

    Home FortiClient 7.4.1 (macOS) Release Notes
    7.4.1
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    5.6.6

    Special notices

    Special notices

    Enabling full disk access

    FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

    • fctservctl2
    • FortiClient

    The following lists the services and their folder locations:

    • Fctservctl2: /Library/Application\ Support/Fortinet/FortiClient/bin/

    • FortiClient (macOS) application: /Applications/FortiClient.app

    Activating system extensions

    After you initially install FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

    VPN

    You must allow the macOS system software to load the FortiTray.

    To allow FortiTray to load:

    1. Do one of the following:

      • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.
      • If using another macOS version, go to Settings > Privacy & Security.
    2. Enable the FortiTray toggle.

    Web Filter and Application Firewall

    You must enable the FortiClientProxy extension for Web Filter to work properly. You must enable the FortiClientPacketFilter extension for Application Firewall and network lockdown to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

    To enable the FortiClientNetwork extension:

    1. Do one of the following:

      • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.
      • If using another macOS version, go to Settings > Privacy & Security.
    2. Enable the FortiClientProxy and FortiClientPacketFilter toggles.

    3. Verify the extension status by running systemextensionsctl list in the macOS terminal. In the output, the FortiClientPacketFilter extension displays as macos.webfilter. The following provides example output when the extension is enabled:

    Proxy mode extension

    The com.fortinet.forticlient.macos.proxy system extension works as a proxy server to proxy a TCP connection. macOS manages the extension's connection status and other statistics. This resolves the issue that Web Filter fails to work when SSL and IPsec VPN are connected.

    FortiClient (macOS) automatically installs the extension on an M1 Pro or newer macOS device.

    Enabling notifications

    After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

    To enable notifications:
    1. Go to System Preferences > Notifications > FortiGuardAgent.
    2. Toggle Allow Notifications on.

    DHCP over IPsec VPN not supported

    FortiClient (macOS) does not support DHCP over IPsec VPN.

    Running multiple FortiClient instances

    FortiClient (macOS) does not support running multiple FortiClient instances for different users simultaneously.

    FortiGuard Web Filtering Category v10 Update

    Fortinet has updated its web filtering categories to v10, which includes two new URL categories for AI chat and cryptocurrency websites. To use the new categories, customers must upgrade their Fortinet products to one of the following versions:

    • FortiManager - Fixed in 6.0.12, 6.2.9, 6.4.7, 7.0.2, 7.2.0, 7.4.0.
    • FortiOS - Fixed in 7.2.8 and 7.4.1.
    • FortiClient - Fixed in Windows 7.2.3, macOS 7.2.3, Linux 7.2.3.
    • FortiClient EMS - Fixed in 7.2.1.
    • FortiMail - Fixed in 7.0.7, 7.2.5, 7.4.1.
    • FortiProxy - Fixed in 7.4.1.

    Please read the following CSB for more information to caveats on the usage in FortiManager and FortiOS: https://support.fortinet.com/Information/Bulletin.aspx

    IPsec VPN support limitation

    Due to a macOS limitation, IPsec VPN tunnels are not supported on macOS Guest VMs using bridged network connections.

    Previous
    Next

    Related Videos

    sidebar video

    Installing the FortiClient Mac Agent & Giving Required Permissions

    • 38,102 views
    • 2 years ago

    Special notices

    Special notices

    Enabling full disk access

    FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

    • fctservctl2
    • FortiClient

    The following lists the services and their folder locations:

    • Fctservctl2: /Library/Application\ Support/Fortinet/FortiClient/bin/

    • FortiClient (macOS) application: /Applications/FortiClient.app

    Activating system extensions

    After you initially install FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

    VPN

    You must allow the macOS system software to load the FortiTray.

    To allow FortiTray to load:

    1. Do one of the following:

      • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.
      • If using another macOS version, go to Settings > Privacy & Security.
    2. Enable the FortiTray toggle.

    Web Filter and Application Firewall

    You must enable the FortiClientProxy extension for Web Filter to work properly. You must enable the FortiClientPacketFilter extension for Application Firewall and network lockdown to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

    To enable the FortiClientNetwork extension:

    1. Do one of the following:

      • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.
      • If using another macOS version, go to Settings > Privacy & Security.
    2. Enable the FortiClientProxy and FortiClientPacketFilter toggles.

    3. Verify the extension status by running systemextensionsctl list in the macOS terminal. In the output, the FortiClientPacketFilter extension displays as macos.webfilter. The following provides example output when the extension is enabled:

    Proxy mode extension

    The com.fortinet.forticlient.macos.proxy system extension works as a proxy server to proxy a TCP connection. macOS manages the extension's connection status and other statistics. This resolves the issue that Web Filter fails to work when SSL and IPsec VPN are connected.

    FortiClient (macOS) automatically installs the extension on an M1 Pro or newer macOS device.

    Enabling notifications

    After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

    To enable notifications:
    1. Go to System Preferences > Notifications > FortiGuardAgent.
    2. Toggle Allow Notifications on.

    DHCP over IPsec VPN not supported

    FortiClient (macOS) does not support DHCP over IPsec VPN.

    Running multiple FortiClient instances

    FortiClient (macOS) does not support running multiple FortiClient instances for different users simultaneously.

    FortiGuard Web Filtering Category v10 Update

    Fortinet has updated its web filtering categories to v10, which includes two new URL categories for AI chat and cryptocurrency websites. To use the new categories, customers must upgrade their Fortinet products to one of the following versions:

    • FortiManager - Fixed in 6.0.12, 6.2.9, 6.4.7, 7.0.2, 7.2.0, 7.4.0.
    • FortiOS - Fixed in 7.2.8 and 7.4.1.
    • FortiClient - Fixed in Windows 7.2.3, macOS 7.2.3, Linux 7.2.3.
    • FortiClient EMS - Fixed in 7.2.1.
    • FortiMail - Fixed in 7.0.7, 7.2.5, 7.4.1.
    • FortiProxy - Fixed in 7.4.1.

    Please read the following CSB for more information to caveats on the usage in FortiManager and FortiOS: https://support.fortinet.com/Information/Bulletin.aspx

    IPsec VPN support limitation

    Due to a macOS limitation, IPsec VPN tunnels are not supported on macOS Guest VMs using bridged network connections.

    Previous
    Next