Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    Installing the FortiDLP Agent on macOS

    Installing the FortiDLP Agent on macOS

    Fortinet provides a PKG installation package for installing the FortiDLP Agent on macOS devices, which you can download from the Next DLP Support Portal or the FortiDLP Console's Agent deployment tab.

    You must install the FortiDLP Agent on each device you want to monitor. During the installation, macOS will require approval to load two system extensions:

    • Network System Extension: Allows the FortiDLP Agent to capture network connection, DNS lookup, and New Outlook email events (if the FortiDLP Email Add-in has been deployed), and execute isolate/deisolate actions. Specifically, the extension's Netflow Filter component uses a socket filter to monitor network connection and New Outlook email events and execute deisolate actions, and its Packet Filter component monitors DNS lookup events and executes isolate actions.
    • Endpoint Security System Extension: Allows the FortiDLP Agent to capture file access and process start events, and permit content inspection (CI).
      • Note

      If Full Disk Access is not approved or denied for both the Endpoint Security System Extension and Agent application GUI, when a CI policy fires, a dialog box may display to the user to request access to a protected file directory.

    This approval is only required during Agent installation and for Agent upgrades from versions earlier than 7.7.0.

    How to install the FortiDLP Agent on macOS 15
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install FortiDLP Agent for macOS dialog box, do the following:
      1. Click Continue.
      2. Click Continue again.
      3. Click Agree.
      4. Click Install.
    3. In the Installer dialog box, do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password:
        1. In the Password field, type your password.
        2. Click Install Software.
    4. In the Install FortiDLP Agent for macOS dialog box, click Close.
    5. In the FortiDLP Agent would like to use a new network extension dialog box, click Open System Settings.
    6. Go to Login Items & Extensions > Network Extensions.
    7. Turn the FortiDLP Agent toggle on.
    8. Click Done.
    9. Enter your password again.
    10. In the FortiDLP Agent would like to use a new endpoint security extension dialog box, click Open System Settings.
    11. Go to Login Items & Extensions > Endpoint Security Extensions.
    12. Turn the FortiDLP Agent toggle on.
    13. Click Done.
    14. Enter your password again.
    15. In the Privacy & Security pane, do the following:
      1. Scroll up to and click Full Disk Access.
      2. Turn the FortiDLP Agent toggle on.
      3. Turn the FortiDLP Agent Endpoint Security System Extension toggle on.
    16. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    How to install the FortiDLP Agent on macOS 13 or 14
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install FortiDLP Agent for macOS dialog box, do the following:
      1. Click Continue.
      2. Click Continue again.
      3. Click Agree.
      4. Click Install.
    3. In the Installer dialog box, do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password:
        1. In the Password field, type your password.
        2. Click Install Software.
    4. In the Install FortiDLP Agent for macOS dialog box, click Close.
    5. In the System Extension Blocked dialog box, click Open System Settings.

    6. In the Privacy & Security pane, in the Security section, click Details.

    7. In the Privacy & Security pop-up, in the Password field, type your password and then click Unlock.
    8. In the second pop-up, do the following:
      1. Turn both FortiDLP Agent toggles on.
      2. Click OK.
    9. In the FortiDLP Agent Would Like to Filter Network Content dialog box, click Allow.
      10. Caution

      If you do not click Allow within 30 minutes of beginning the installation, you will need to reload the extension.

      You can verify the extension's status in the Agent application's Installation tab. If the Network System Extension's state is Not Ready, click Install Network Extension. If the state is Requires User Permission, return to the Privacy & Security pane and repeat the steps above.
    10. In the Privacy & Security pane, do the following:
      1. Scroll up to and click Full Disk Access.
      2. Turn the FortiDLP Agent toggle on.
      3. Turn the FortiDLP Agent Endpoint Security System Extension toggle on.
    11. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    How to install the FortiDLP Agent on macOS 12
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install dialog, click Continue.
    3. Click Continue again.
    4. Click Agree.
    5. Click Continue.
    6. Do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password manually:
        1. Click Use Password.
        2. In the Password field, type your password.
        3. Click Install Software.
    7. In the Install FortiDLP Agent for macOS dialog box, click Close.
    8. In the FortiDLP Agent Helper Notifications dialog box, click Options > Allow.
    9. In the System Extension Blocked dialog box, click Open Security Preferences.
    10. In the second System Extension Blocked dialog box, click Open Security Preferences.
    11. In the Security & Privacy pane's General tab, click the lock icon.
    12. In the System Preferences is trying to unlock Security & Privacy preferences dialog box, in the Password field, type your password and then click Unlock.
    13. Click Details.
    14. Select both FortiDLP Agent checkboxes.
    15. Click OK.
    16. In the FortiDLP Agent Would Like to Filter Network Content dialog box, click Allow.
      17. Caution

      If you do not click Allow within 30 minutes of beginning the installation, you will need to reload the extension.

      You can verify the extension's status in the Agent application's Installation tab. If the Network System Extension's state is "Not Ready", click Install Network Extension. If the state is "Requires User Permission", return to the Security & Privacy pane's General tab and repeat the steps above.
    17. In the Security & Privacy pane, click the Privacy tab.
    18. Click Full Disk Access and then select the FortiDLP Agent and FortiDLP Agent Endpoint Security System Extension checkboxes.
    19. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    Previous
    Next

    Installing the FortiDLP Agent on macOS

    Installing the FortiDLP Agent on macOS

    Fortinet provides a PKG installation package for installing the FortiDLP Agent on macOS devices, which you can download from the Next DLP Support Portal or the FortiDLP Console's Agent deployment tab.

    You must install the FortiDLP Agent on each device you want to monitor. During the installation, macOS will require approval to load two system extensions:

    • Network System Extension: Allows the FortiDLP Agent to capture network connection, DNS lookup, and New Outlook email events (if the FortiDLP Email Add-in has been deployed), and execute isolate/deisolate actions. Specifically, the extension's Netflow Filter component uses a socket filter to monitor network connection and New Outlook email events and execute deisolate actions, and its Packet Filter component monitors DNS lookup events and executes isolate actions.
    • Endpoint Security System Extension: Allows the FortiDLP Agent to capture file access and process start events, and permit content inspection (CI).
      • Note

      If Full Disk Access is not approved or denied for both the Endpoint Security System Extension and Agent application GUI, when a CI policy fires, a dialog box may display to the user to request access to a protected file directory.

    This approval is only required during Agent installation and for Agent upgrades from versions earlier than 7.7.0.

    How to install the FortiDLP Agent on macOS 15
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install FortiDLP Agent for macOS dialog box, do the following:
      1. Click Continue.
      2. Click Continue again.
      3. Click Agree.
      4. Click Install.
    3. In the Installer dialog box, do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password:
        1. In the Password field, type your password.
        2. Click Install Software.
    4. In the Install FortiDLP Agent for macOS dialog box, click Close.
    5. In the FortiDLP Agent would like to use a new network extension dialog box, click Open System Settings.
    6. Go to Login Items & Extensions > Network Extensions.
    7. Turn the FortiDLP Agent toggle on.
    8. Click Done.
    9. Enter your password again.
    10. In the FortiDLP Agent would like to use a new endpoint security extension dialog box, click Open System Settings.
    11. Go to Login Items & Extensions > Endpoint Security Extensions.
    12. Turn the FortiDLP Agent toggle on.
    13. Click Done.
    14. Enter your password again.
    15. In the Privacy & Security pane, do the following:
      1. Scroll up to and click Full Disk Access.
      2. Turn the FortiDLP Agent toggle on.
      3. Turn the FortiDLP Agent Endpoint Security System Extension toggle on.
    16. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    How to install the FortiDLP Agent on macOS 13 or 14
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install FortiDLP Agent for macOS dialog box, do the following:
      1. Click Continue.
      2. Click Continue again.
      3. Click Agree.
      4. Click Install.
    3. In the Installer dialog box, do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password:
        1. In the Password field, type your password.
        2. Click Install Software.
    4. In the Install FortiDLP Agent for macOS dialog box, click Close.
    5. In the System Extension Blocked dialog box, click Open System Settings.

    6. In the Privacy & Security pane, in the Security section, click Details.

    7. In the Privacy & Security pop-up, in the Password field, type your password and then click Unlock.
    8. In the second pop-up, do the following:
      1. Turn both FortiDLP Agent toggles on.
      2. Click OK.
    9. In the FortiDLP Agent Would Like to Filter Network Content dialog box, click Allow.
      10. Caution

      If you do not click Allow within 30 minutes of beginning the installation, you will need to reload the extension.

      You can verify the extension's status in the Agent application's Installation tab. If the Network System Extension's state is Not Ready, click Install Network Extension. If the state is Requires User Permission, return to the Privacy & Security pane and repeat the steps above.
    10. In the Privacy & Security pane, do the following:
      1. Scroll up to and click Full Disk Access.
      2. Turn the FortiDLP Agent toggle on.
      3. Turn the FortiDLP Agent Endpoint Security System Extension toggle on.
    11. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    How to install the FortiDLP Agent on macOS 12
    1. Double-click the FortiDLP Agent installation package.
    2. In the Install dialog, click Continue.
    3. Click Continue again.
    4. Click Agree.
    5. Click Continue.
    6. Do one of the following:
      • To use Touch ID, tap your finger on the Touch Bar.
      • To enter your password manually:
        1. Click Use Password.
        2. In the Password field, type your password.
        3. Click Install Software.
    7. In the Install FortiDLP Agent for macOS dialog box, click Close.
    8. In the FortiDLP Agent Helper Notifications dialog box, click Options > Allow.
    9. In the System Extension Blocked dialog box, click Open Security Preferences.
    10. In the second System Extension Blocked dialog box, click Open Security Preferences.
    11. In the Security & Privacy pane's General tab, click the lock icon.
    12. In the System Preferences is trying to unlock Security & Privacy preferences dialog box, in the Password field, type your password and then click Unlock.
    13. Click Details.
    14. Select both FortiDLP Agent checkboxes.
    15. Click OK.
    16. In the FortiDLP Agent Would Like to Filter Network Content dialog box, click Allow.
      17. Caution

      If you do not click Allow within 30 minutes of beginning the installation, you will need to reload the extension.

      You can verify the extension's status in the Agent application's Installation tab. If the Network System Extension's state is "Not Ready", click Install Network Extension. If the state is "Requires User Permission", return to the Security & Privacy pane's General tab and repeat the steps above.
    17. In the Security & Privacy pane, click the Privacy tab.
    18. Click Full Disk Access and then select the FortiDLP Agent and FortiDLP Agent Endpoint Security System Extension checkboxes.
    19. Restart the device.
    Tooltip

    You can verify the installation status in the Agent application's Installation tab. Your installation is complete when the Network System Extension and Endpoint Security System Extension states are "Ready".

    When the installation succeeds, proceed to Enrolling the FortiDLP Agent on macOS.

    Previous
    Next