Fortinet black logo

(macOS) Release Notes

Home FortiClient 7.0.12 (macOS) Release Notes
7.0.12
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
5.6.6

Known issues

Known issues

The following issues have been identified in FortiClient (macOS) 7.0.12. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Configuration

Bug ID

Description
730415 FortiClient (macOS) backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

959285

Using wrong configuration for certificate filter in EMS causes config crash and FortiClient (macOS) cannot sync to EMS anymore.

Dashboard

Bug ID

Description
993484

User-specified information is not updated in EMS dashboard properly when switching between different users.
993524

User-specified information is not updated in EMS dashboard after uninstalling and installing FortiClient.

Endpoint control

Bug ID

Description

814351

Endpoint information page incorrectly displays device user's domain information after user switches on macOS device.

925823

FortiClient does not send the empty domain when switching to local user.

927357

FortiClient (macOS) has connectivity problems when connected over VPN.

GUI

Bug ID

Description
968068 FortiClient responds slowly and GUI opens to blank page.

Remote Access

Bug ID

Description

736245

IPsec VPN does not work when multiple remote gateways are configured in a priority-based list.

738425

SSL VPN GUI and tray mismatch in unity features.
772247 SAML authentication times out with SSL VPN.
790392 FortiClient blocks the network when Wi-Fi is changed.
793893 Search domains transfer incorrectly to endpoints.

794730

FortiClient connects and disconnects SSL VPN when Always Up and Auto Connect show on FortiClient console.
799332 FortiClient for macOS 12.3.1 cannot connect to VPN when there are two gateways listed using SAML.

800529

Do not Warn Invalid Server Certificate flag in Settings > VPN Options has GUI issue.
800918 Autoconnect is triggered and fails after system reboot with IPsec VPN tunnel profile using certificate authentication.
800923 Custom host check failure message for SSL VPN does not work.
800978 Autoconnect is triggered twice when EMS has both on- and off-fabric profile configured.
813239 VPN disconnects intermittently and cannot reconnect on macOS 12.

821660

Behavior is inconsistent with LDAP user login and autoconnect.
833001 When using FortiAuthenticator as SAML identity provider (IdP), autoconnect fails after user logout and re-login.
834198 Autoconnect does not work on AWS virtual machine, and FortiClient displays an Initialize VPN system extension was failed error.

835096

FortiClient (macOS) cannot establish VPN with SAML single sign on after Wi-Fi drops or disconnects and reconnects manually.

837391

FortiClient does not send public IP address for SAML, leading to 0.0.0.0 displaying on FortiOS and FortiSASE.

851600

FortiClient fails to connect to SSL VPN with FQDN resolving to multiple IP addresses when FortiClient (macOS) cannot reach resolved IP address.

854265

SSL VPN connects after sleep.
864515 Endpoint fails to receive packets from FortiGate over IPsec VPN tunnel on macOS guest VM using bridged network connection.
870585 When using Okta as SAML VPN to authenticate VPN, save password and autoconnect fail to work.
890227 FortiClient (macOS) stores VPN tunnels manually added by importing XML configuration under Corporate VPN.
893237 FortiClient (macOS) does not offer chance to reinput password during autoconnect after IdP password change.
920908 IPsec VPN password renew prompt differs from SSL VPN prompt.
927290 VPN on free client does not work as expected in macOS 13.

929577

Resiliency SSL VPN connection fails after VPN is up and brings down the first gateway.

941212

FortiClient (macOS) sorts VPN tunnels differently.

952987 FortiClient does not clear IPsec VPN tunnel saved password if connection fails due to wrong credentials.
954632 IPsec VPN fails to update password in keychain store when trying to renew expired AD password with autoconnect enabled.
956036 FortiClient (macOS) console does not update GUI when it establishes SSL VPN with SAML-authenticated tunnel.
961800 When ZTNA is enabled, pfctl rules affect DNS traffic.
968070 FortiClient (macOS) does not parse <disallow_invalid_server_certificate> correctly.
970489 Application Firewall decreases Internet speed when connecting to IPsec VPN.
975835 About page does not display ISDB signatures when only Remote Access profile is enabled.
977725 Split tunnel has limitation.
989250 Established VPN tunnel stays connected after EMS disables Remote Access profile.
994191 Autoconnect after reboot does not work for FortiSASE SIA when using Okta as SAML authentication IdP.

Vulnerability Scan

Bug ID

Description
786011 Vulnerability feature does not autopatch macOS Monterey 12.2.1 after it detects operating system (OS) vulnerability on macOS Monterey 12.1.

790288

Vulnerability Scan does not detect OS vulnerabilities.

Web Filter and plugin

Bug ID

Description

755055

When action set for site categories is warn, browser does not show the customized webpage, which allows user to bypass blocking.
772332 External Ethernet adapter dongle gets disconnected when speed test is run.
795631 Web Filter does not block the selected categories.
886326 Web Filter cannot filter URL with URI pathway.

919522

Web Filter extension causes socket hangup for Docker-hosted Linux containers.

956872

Transparent proxy causes issues with Adobe Creative Cloud and OneDrive applications.
984294 Web Filter exclusion list fails to execute expected allow and block actions.

Zero Trust tags

Bug ID

Description
793033 ZTNA LDAP group rule does not work.
794385 FortiClient detects third party antivirus tag.

Application Firewall

Bug ID

Description

718957

Application Firewall does not work after rebooting machine.

800344

You can remotely access quarantined endpoints using VNC protocol.

814391

FortiClient Cloud Application Firewall application signatures block allowlisted applications.

834500

FortiClient fails to block Application Firewall categories when web client category is set to monitor.

834839

Web Filter does not block traffic when proxy mode is disabled and Application Firewall is disabled.
927564 FortiTray does not start after system restart.

958651

Under Application Firewall violation list, FortiClient (macOS) shows violated programs as the same as applications, which is less accurate than Windows.

Avatar and social login information

Bug ID

Description

777013

Avatar changes do not show on FortiAnalyzer.
878050 Avatar does not update on FortiGate dashboards and FortiGate cannot show updated information.

Deployment and installers

Bug ID

Description
764672 FortiClient displays deployment window for user when EMS configured unattended installation.

935387

 FortiClient does not delete installer downloaded from EMS when it connects to a different EMS.

993140

 Install log error is present for FortiMonitor agent in Apple silicon macOS VM.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.

828781

Behavior is inconsistent when uninstalling FortiClient through command in terminal and FortiClientUninstaller GUI tool.

929219

FortiClient is upgradable from full to free version.

FSSOMA

Bug ID

Description
962067 FSSO mobility agent (FSSOMA) does not work with Apple local account type.

Logs

Bug ID

Description

742124

 FortiClient Sandbox events are not replicated on FortiAnalyzer.
750703 IPsec and SSL VPN events are not logged on FortiAnalyzer appropriately.

801134

FortiClient (macOS) does not generate or replicate SSL VPN logs for upload to FortiAnalyzer when it establishes a tunnel.

872875

Disabling Client-Based Logging When On-Fabric in EMS does not work.

979395

 fctinstallpost.log gets overwritten, causing loss of meaningful content.

Malware Protection and Sandbox

Bug ID

Description
719920 FortiClient cannot submit files to FortiClient Cloud Sandbox (SaaS) when downloaded from Thunderbird.

829415

When next-generation antivirus is enabled, real-time protection shows as disabled.

855555

When RTP is enabled and block_removable_media is set to 1, FortiClient (macOS) fails to block USB device.

859241

FortiSandbox sends files to or queries for results from FortiSandbox when EMS is unauthorized.
888356 User cannot stop AV quick/full scan triggered from EMS.
921370 User cannot stop manually triggered AV scan.
941623

FortiClient does not submit network drive files to Sandbox when copied or executed from mapped network drive.
961542

Enabling Sandbox freezes system.

Endpoint management

Bug ID

Description
891264 EMS creates duplicate records for domain-joined Ubuntu endpoints.

930560

FortiClientAgent/FortiTray do not quit some backend services when shutting down FortiClient.

License

Bug ID

Description
889767 License expiration shows unwanted +0000 at the end of the warning message.

Onboarding

Bug ID

Description
811976 FortiClient (macOS) may prioritize using user information from authentication user registered to EMS.

ZTNA connection rules

Bug ID

Description
853281 FortiClient (macOS) does not show ICDB signatures on the About page.
905880 ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on- and off-Fabric profile if you are using both on- and off-Fabric profiles.
938962 FortiClient keeps prompting ztagent wants to sign using key "Imported Private Key" even when selecting always trust.
956351 ZTNA Destination GUI does not show detailed prompt for destination rules that EMS pushed.

Other

Bug ID

Description
941865 FortiTray does not respawn after crashing.
Previous
Next

Known issues

The following issues have been identified in FortiClient (macOS) 7.0.12. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Configuration

Bug ID

Description
730415 FortiClient (macOS) backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

959285

Using wrong configuration for certificate filter in EMS causes config crash and FortiClient (macOS) cannot sync to EMS anymore.

Dashboard

Bug ID

Description
993484

User-specified information is not updated in EMS dashboard properly when switching between different users.
993524

User-specified information is not updated in EMS dashboard after uninstalling and installing FortiClient.

Endpoint control

Bug ID

Description

814351

Endpoint information page incorrectly displays device user's domain information after user switches on macOS device.

925823

FortiClient does not send the empty domain when switching to local user.

927357

FortiClient (macOS) has connectivity problems when connected over VPN.

GUI

Bug ID

Description
968068 FortiClient responds slowly and GUI opens to blank page.

Remote Access

Bug ID

Description

736245

IPsec VPN does not work when multiple remote gateways are configured in a priority-based list.

738425

SSL VPN GUI and tray mismatch in unity features.
772247 SAML authentication times out with SSL VPN.
790392 FortiClient blocks the network when Wi-Fi is changed.
793893 Search domains transfer incorrectly to endpoints.

794730

FortiClient connects and disconnects SSL VPN when Always Up and Auto Connect show on FortiClient console.
799332 FortiClient for macOS 12.3.1 cannot connect to VPN when there are two gateways listed using SAML.

800529

Do not Warn Invalid Server Certificate flag in Settings > VPN Options has GUI issue.
800918 Autoconnect is triggered and fails after system reboot with IPsec VPN tunnel profile using certificate authentication.
800923 Custom host check failure message for SSL VPN does not work.
800978 Autoconnect is triggered twice when EMS has both on- and off-fabric profile configured.
813239 VPN disconnects intermittently and cannot reconnect on macOS 12.

821660

Behavior is inconsistent with LDAP user login and autoconnect.
833001 When using FortiAuthenticator as SAML identity provider (IdP), autoconnect fails after user logout and re-login.
834198 Autoconnect does not work on AWS virtual machine, and FortiClient displays an Initialize VPN system extension was failed error.

835096

FortiClient (macOS) cannot establish VPN with SAML single sign on after Wi-Fi drops or disconnects and reconnects manually.

837391

FortiClient does not send public IP address for SAML, leading to 0.0.0.0 displaying on FortiOS and FortiSASE.

851600

FortiClient fails to connect to SSL VPN with FQDN resolving to multiple IP addresses when FortiClient (macOS) cannot reach resolved IP address.

854265

SSL VPN connects after sleep.
864515 Endpoint fails to receive packets from FortiGate over IPsec VPN tunnel on macOS guest VM using bridged network connection.
870585 When using Okta as SAML VPN to authenticate VPN, save password and autoconnect fail to work.
890227 FortiClient (macOS) stores VPN tunnels manually added by importing XML configuration under Corporate VPN.
893237 FortiClient (macOS) does not offer chance to reinput password during autoconnect after IdP password change.
920908 IPsec VPN password renew prompt differs from SSL VPN prompt.
927290 VPN on free client does not work as expected in macOS 13.

929577

Resiliency SSL VPN connection fails after VPN is up and brings down the first gateway.

941212

FortiClient (macOS) sorts VPN tunnels differently.

952987 FortiClient does not clear IPsec VPN tunnel saved password if connection fails due to wrong credentials.
954632 IPsec VPN fails to update password in keychain store when trying to renew expired AD password with autoconnect enabled.
956036 FortiClient (macOS) console does not update GUI when it establishes SSL VPN with SAML-authenticated tunnel.
961800 When ZTNA is enabled, pfctl rules affect DNS traffic.
968070 FortiClient (macOS) does not parse <disallow_invalid_server_certificate> correctly.
970489 Application Firewall decreases Internet speed when connecting to IPsec VPN.
975835 About page does not display ISDB signatures when only Remote Access profile is enabled.
977725 Split tunnel has limitation.
989250 Established VPN tunnel stays connected after EMS disables Remote Access profile.
994191 Autoconnect after reboot does not work for FortiSASE SIA when using Okta as SAML authentication IdP.

Vulnerability Scan

Bug ID

Description
786011 Vulnerability feature does not autopatch macOS Monterey 12.2.1 after it detects operating system (OS) vulnerability on macOS Monterey 12.1.

790288

Vulnerability Scan does not detect OS vulnerabilities.

Web Filter and plugin

Bug ID

Description

755055

When action set for site categories is warn, browser does not show the customized webpage, which allows user to bypass blocking.
772332 External Ethernet adapter dongle gets disconnected when speed test is run.
795631 Web Filter does not block the selected categories.
886326 Web Filter cannot filter URL with URI pathway.

919522

Web Filter extension causes socket hangup for Docker-hosted Linux containers.

956872

Transparent proxy causes issues with Adobe Creative Cloud and OneDrive applications.
984294 Web Filter exclusion list fails to execute expected allow and block actions.

Zero Trust tags

Bug ID

Description
793033 ZTNA LDAP group rule does not work.
794385 FortiClient detects third party antivirus tag.

Application Firewall

Bug ID

Description

718957

Application Firewall does not work after rebooting machine.

800344

You can remotely access quarantined endpoints using VNC protocol.

814391

FortiClient Cloud Application Firewall application signatures block allowlisted applications.

834500

FortiClient fails to block Application Firewall categories when web client category is set to monitor.

834839

Web Filter does not block traffic when proxy mode is disabled and Application Firewall is disabled.
927564 FortiTray does not start after system restart.

958651

Under Application Firewall violation list, FortiClient (macOS) shows violated programs as the same as applications, which is less accurate than Windows.

Avatar and social login information

Bug ID

Description

777013

Avatar changes do not show on FortiAnalyzer.
878050 Avatar does not update on FortiGate dashboards and FortiGate cannot show updated information.

Deployment and installers

Bug ID

Description
764672 FortiClient displays deployment window for user when EMS configured unattended installation.

935387

 FortiClient does not delete installer downloaded from EMS when it connects to a different EMS.

993140

 Install log error is present for FortiMonitor agent in Apple silicon macOS VM.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.

828781

Behavior is inconsistent when uninstalling FortiClient through command in terminal and FortiClientUninstaller GUI tool.

929219

FortiClient is upgradable from full to free version.

FSSOMA

Bug ID

Description
962067 FSSO mobility agent (FSSOMA) does not work with Apple local account type.

Logs

Bug ID

Description

742124

 FortiClient Sandbox events are not replicated on FortiAnalyzer.
750703 IPsec and SSL VPN events are not logged on FortiAnalyzer appropriately.

801134

FortiClient (macOS) does not generate or replicate SSL VPN logs for upload to FortiAnalyzer when it establishes a tunnel.

872875

Disabling Client-Based Logging When On-Fabric in EMS does not work.

979395

 fctinstallpost.log gets overwritten, causing loss of meaningful content.

Malware Protection and Sandbox

Bug ID

Description
719920 FortiClient cannot submit files to FortiClient Cloud Sandbox (SaaS) when downloaded from Thunderbird.

829415

When next-generation antivirus is enabled, real-time protection shows as disabled.

855555

When RTP is enabled and block_removable_media is set to 1, FortiClient (macOS) fails to block USB device.

859241

FortiSandbox sends files to or queries for results from FortiSandbox when EMS is unauthorized.
888356 User cannot stop AV quick/full scan triggered from EMS.
921370 User cannot stop manually triggered AV scan.
941623

FortiClient does not submit network drive files to Sandbox when copied or executed from mapped network drive.
961542

Enabling Sandbox freezes system.

Endpoint management

Bug ID

Description
891264 EMS creates duplicate records for domain-joined Ubuntu endpoints.

930560

FortiClientAgent/FortiTray do not quit some backend services when shutting down FortiClient.

License

Bug ID

Description
889767 License expiration shows unwanted +0000 at the end of the warning message.

Onboarding

Bug ID

Description
811976 FortiClient (macOS) may prioritize using user information from authentication user registered to EMS.

ZTNA connection rules

Bug ID

Description
853281 FortiClient (macOS) does not show ICDB signatures on the About page.
905880 ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on- and off-Fabric profile if you are using both on- and off-Fabric profiles.
938962 FortiClient keeps prompting ztagent wants to sign using key "Imported Private Key" even when selecting always trust.
956351 ZTNA Destination GUI does not show detailed prompt for destination rules that EMS pushed.

Other

Bug ID

Description
941865 FortiTray does not respawn after crashing.
Previous
Next