Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.7
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    (macOS) Release Notes

    Home FortiClient 7.4.7 (macOS) Release Notes
    7.4.7
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    5.6.6

    Special notices

    Special notices

    No IPv6 support for IPsec VPN

    FortiClient (macOS) 7.4.4 to 7.4.7 do not support IPv6 for IPsec VPN due to dual VPN changes. Support may be added in future releases.

    IPsec VPN support limitation

    Due to a macOS limitation, macOS Guest VMs using bridged network connections do not support IPsec VPN tunnels.

    Using the same default MTU size for VPN interfaces across all platforms

    Starting from 7.4.4, FortiClient (macOS) uses the same default MTU size for SSL and IPsec VPN interfaces as Windows and Linux, which improves connection efficiency. You can modify the MTU size using the <mtu_size> XML option. See the XML Reference Guide.

    No support for concurrent third-party tunneling or proxy clients

    Using third-party tunneling or proxy clients (including VPN, DNS, HTTP(s), SOCKS, ZTNA or PAC files) in parallel or nested combination with FortiClient's VPN, ZTNA or Web Filter is not recommended nor supported.

    Enabling full disk access for FortiClient process

    To use the following features, you must grant full disk access permission for the fctservctl2 process (located in /Library/Application Support/Fortinet/FortiClient/bin/):

    • AV scan
    • Sandbox scan
    • Importing VPN profile

    To do so, go to the Security & Privacy pane and toggle on the fctservctl2 option under Full Disk Access.

    On macOS Tahoe (26.1/26.2), the fctservctl2 option does not appear in the Full Disk Access list due to an OS bug. You can drag the process to the list or click the Add icon to manually add the process. While the process still does not show up in the list after being added (due to the OS bug), the necessary permission has been granted.

    If any of these features are used while full disk access is not enabled for fctservctl2, FortiClient (macOS) prompts the user to enable full disk access permission.

    Activating system extensions

    After you perform an initial install of FortiClient (macOS), you must enable the system extensions for some FortiClient (macOS) processes. The FortiClient (macOS) team ID is AH4XFXJ7DK.

    1. Ensure you have administrator credentials for the macOS machine.

      • (macOS Tahoe (version 26) Go to System Settings > General > Login Items & Extensions > By Category > Network Extensions.

      • (macOS Sequoia (version 15) Go to System Settings > General > Login Items & Extensions > Network Extensions.

      • (macOS Sonoma (version 14) Click Some system software requires your attention before it can be used.

    3. Toggle on the following options to enable the extensions:

      • FortiTray (for VPN to work properly)
      • FortiClientProxy (for Web Filter to work properly)

      • FortiClientPacketFilter (for Application Firewall to work properly)

    4. Click Done.

    Enabling notifications

    After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

    To enable notifications:
    1. Go to System Settings > Notifications > FortiGuardAgent.
    2. Toggle Allow Notifications on.

    DHCP over IPsec VPN not supported

    FortiClient (macOS) does not support an external DHCP server to assign IP addresses to IPsec VPN clients.

    Running multiple FortiClient instances

    FortiClient (macOS) does not support running multiple FortiClient instances for different users simultaneously.

    Previous
    Next

    Related Videos

    sidebar video

    Installing the FortiClient Mac Agent & Giving Required Permissions

    • 58,226 views
    • 3 years ago

    Special notices

    Special notices

    No IPv6 support for IPsec VPN

    FortiClient (macOS) 7.4.4 to 7.4.7 do not support IPv6 for IPsec VPN due to dual VPN changes. Support may be added in future releases.

    IPsec VPN support limitation

    Due to a macOS limitation, macOS Guest VMs using bridged network connections do not support IPsec VPN tunnels.

    Using the same default MTU size for VPN interfaces across all platforms

    Starting from 7.4.4, FortiClient (macOS) uses the same default MTU size for SSL and IPsec VPN interfaces as Windows and Linux, which improves connection efficiency. You can modify the MTU size using the <mtu_size> XML option. See the XML Reference Guide.

    No support for concurrent third-party tunneling or proxy clients

    Using third-party tunneling or proxy clients (including VPN, DNS, HTTP(s), SOCKS, ZTNA or PAC files) in parallel or nested combination with FortiClient's VPN, ZTNA or Web Filter is not recommended nor supported.

    Enabling full disk access for FortiClient process

    To use the following features, you must grant full disk access permission for the fctservctl2 process (located in /Library/Application Support/Fortinet/FortiClient/bin/):

    • AV scan
    • Sandbox scan
    • Importing VPN profile

    To do so, go to the Security & Privacy pane and toggle on the fctservctl2 option under Full Disk Access.

    On macOS Tahoe (26.1/26.2), the fctservctl2 option does not appear in the Full Disk Access list due to an OS bug. You can drag the process to the list or click the Add icon to manually add the process. While the process still does not show up in the list after being added (due to the OS bug), the necessary permission has been granted.

    If any of these features are used while full disk access is not enabled for fctservctl2, FortiClient (macOS) prompts the user to enable full disk access permission.

    Activating system extensions

    After you perform an initial install of FortiClient (macOS), you must enable the system extensions for some FortiClient (macOS) processes. The FortiClient (macOS) team ID is AH4XFXJ7DK.

    1. Ensure you have administrator credentials for the macOS machine.

      • (macOS Tahoe (version 26) Go to System Settings > General > Login Items & Extensions > By Category > Network Extensions.

      • (macOS Sequoia (version 15) Go to System Settings > General > Login Items & Extensions > Network Extensions.

      • (macOS Sonoma (version 14) Click Some system software requires your attention before it can be used.

    3. Toggle on the following options to enable the extensions:

      • FortiTray (for VPN to work properly)
      • FortiClientProxy (for Web Filter to work properly)

      • FortiClientPacketFilter (for Application Firewall to work properly)

    4. Click Done.

    Enabling notifications

    After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

    To enable notifications:
    1. Go to System Settings > Notifications > FortiGuardAgent.
    2. Toggle Allow Notifications on.

    DHCP over IPsec VPN not supported

    FortiClient (macOS) does not support an external DHCP server to assign IP addresses to IPsec VPN clients.

    Running multiple FortiClient instances

    FortiClient (macOS) does not support running multiple FortiClient instances for different users simultaneously.

    Previous
    Next