Fortinet black logo

(macOS) Release Notes

Home FortiClient 7.2.1 (macOS) Release Notes
7.2.1
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
5.6.6

Known issues

Known issues

The following issues have been identified in FortiClient (macOS) 7.2.1. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Configuration

Bug ID

Description
730415 FortiClient (macOS) backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Endpoint control

Bug ID

Description

821379

macOS clients do not show up in Software Inventory > Hosts.

879108

EMS counts an endpoint as on-Fabric when it does not meet all rules in an on-Fabric detection rule set.
880167 FortiClient (macOS) cannot register with EMS due to selecting the wrong interface to connect to EMS.

GUI

Bug ID

Description

857148

GUI shows duplicate FortiClient consoles.

Remote Access

Bug ID

Description
515083 Smartcard SSL VPN does not work.
736245 IPsec VPN does not work when multiple remote gateways (priority-based list) are configured.
755199 Button to launch FortiClient from SSL VPN web portal does not work.
772247 SAML authentication times out with SSL VPN.

800529

GUI has issue with Settings > VPN Options > Do not Warn Invalid Server Certificate.

821660

FortiClient (macOS) behaves inconsistently with LDAP user login and autoconnect.

825009

VPN with SAML displays ErrorCode=-6005 when it reaches 31%.

826763

FortiClient (macOS) console does not show VPN username for SAML when SSL VPN tunnel establishes connection.
827685 FortiClient connects to VPN when a tag is assigned and the configuration should block access to the VPN tunnel for endoints with the tag.

833001

When using FortiAuthenticator as SAML identity provider, autoconnect fails after user logout/relogin.
834198 On an AWS virtual machine, autoconnect does not work and FortiClient displays an Initialize VPN system extension was failed error.
835096 FortiClient (macOS) cannot establish SAML single sign on VPN after Wi-Fi drops or disconnects and user reconnects manually.
850246 User cannot enable iCloud private relay due to VPN system extension.

851600

SSL VPN connection fails with FQDN resolving to multiple IP addresses when FortiClient (macOS) cannot reach resolved IP address.

854265

SSL VPN connects after sleep.
863431 On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

866971

System Preferences for FortiClient (macOS) network extension is under different name compared to 7.0.7.
870198 FortiClient system keychain has issue while connecting to SSL VPN with system keychain certificate.

Workaround options:

  • Move the FortiClient system keychain to the login keychain.
  • Right-click the private key, select Access Control, then +, then Command + Shift + g. Enter the following path: "/Applications/FortiClient/Contents/Resources/runtime.helper/FortiTray.app". This disables user prompts needed when using the certificate.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
889749 FortiClient ignores <ipv4_split_exclude_networks>.
890227 FortiClient (macOS) stores VPN tunnels manually added by importing XML configuration under Corporate VPN.
892232 FortiClient (macOS) does not work after adding second remote gateway for SAML authentication-based VPN.
892965 SSL VPN fails to work with FQDN resolving to IPv6 address.
893237 FortiClient (macOS) does not provide chance to reinput password during autoconnect after identity provider password change.
894027 FortiClient on macOS Ventura system proxy with proxy autoconfiguration file does not work with IPsec VPN, but works with SSL VPN.
898321 FortiClient does not send an SNI packet, so does not get access to the correct realm.
898335 Split tunnel routes are disabled.
898971 SSL VPN with SAML drops with Login error. Remote denied the request. error.
905400 Split tunnel on macOS Monterey does not work.
906520 FortiClient (macOS) does not show VPN username for SAML authentication SSL VPN tunnel.
906559 Connection to the VPN tunnel fails on free client.
908498 When autoconnect only when off-fabric is enabled, endpoint autoconnects to VPN when moved from off-fabric to on-fabric public IP address or network.
915679 Redundant sort method fails to work with SAML authentication.
915964 SAML SSL VPN always up fails to work when both IPv4 and IPv6 are enabled.
917199 SSL VPN with SAML does not work when multiple gateways are configured for a tunnel profile.
917898 Host check policy works as AND operation instead of OR operation.
919102 No IP address displays on FortiClient console after connecting to IPsec VPN tunnel with certificate authentication.

Zero Trust tags

Bug ID

Description
793033

ZTNA LDAP group rule does not work.

Workaround: macOS has a limitation with detecting Builtin groups, such as Builtin/Users. However, the login AD group rule should work as expected for non-builtin paths, such as Users/Domain Users.
794385 FortiClient detects third-party antivirus tag.

Avatar and social login information

Bug ID

Description
878050 Avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

Web Filter and plugin

Bug ID

Description

755055

When setting action to Warn for site categories, it does not show the customized webpage, which allows user to bypass blocking.

843413

Packet drops when Web Filter is enabled.

856060

Web Filter with proxy mode does not work on macOS 13.0 Ventura.

857879

Exclusion list URLs do not work properly.

872607

FortiClient does not support Web Filter custom messages.
873803 In-browser message does not show after switching device user without system reboot.
875298 Exclusion list does not work properly with regular expressions.
878055 Web access does not work.
885330 FortiClient Web Filter on macOS 13.0.1 does not block websites.
886326 Web Filter cannot filter URL with URI pathway.
890045 FortiClient settings does not display permission required for feature(s) option.
898303 Web Filter does not work when administrator pushes extensions through Jamf in mobile device management platform.
899337 Web Filter causes packets to drop and increases network latency.

Workaround: Disable Application Firewall for affected FortiClient (macOS) devices.
905394 Web Filter disclaimer message does not show up.

Application Firewall

Bug ID

Description
814391 When connected to FortiClient Cloud, application signatures block allowlisted applications.

834500

FortiClient fails to block Application Firewall categories when web client category is set to monitor.

834839

Web Filter does not block traffic when proxy mode and Application Firewall are disabled.

879985

Application Firewall fails to block Web.Client category HTTPS traffic.

Logs

Bug ID

Description

711763

FortiClient does not point to usfgd1.fortigate.com for EMS web profile setting:Location-US | Server-Fortiguard (Legacy).

746108

FortiClient cannot handle log upload.

811746

FortiClient (macOS) sends duplicated and old logs to FortiAnalyzer.
872875 Disabling Client-Based Logging When On-Fabric in EMS does not work for macOS endpoints.

913767

FortiClient cannot send Software Inventory information to FortiAnalyzer in macOS Big Sur 11.7.3.

Software Inventory

Bug ID

Description
737970 Software Inventory may not properly reflect software changes (adding/deleting) on macOS endpoints.

Quarantine management

Bug ID

Description
868798 Custom quarantine message does not work.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.
828781 FortiClient (macOS) behaves inconsistently when uninstalling it through commands in terminal and the FortiClientUninstaller GUI tool.

Vulnerability Scan

Bug ID

Description
771833 FortiClient tags endpoint as vulnerable when EMS administrator has enabled Exclude Application Vulnerabilities Requiring Manual Update from Vulnerability.

786011

Vulnerability feature does not autopatch macOS 12.2.1 after FortiClient (macOS) detects OS vulnerability on Monterey 12.1.

Malware Protection and Sandbox

Bug ID

Description
551282 Sandbox exception for trusted sources does not work and FortiClient (macOS) uploads files sourced from Apple Inc.
719920 FortiClient cannot submit files downloaded from Thunderbird to FortiClient Cloud Sandbox (PaaS).
829415 When next generation antivirus is enabled, FortiClient (macOS) shows real time protection (RTP) as disabled.
837638 Identifying malware and exploits using signatures received from FortiSandbox does not work.

855555

Enabling real-time protection and setting <block_removable_media> to 1 causes FortiClient (macOS) to fail to block a USB device.

855570

RTP scans files regardless of the maximum file size setting for scanning files.

858485

Excluding specified folders/files from Sandbox feature works when it is disabled.

859921

Settings > Privacy Status shows fcaptmon under the required permission list when it is not required.

Onboarding

Bug ID

Description
811976 FortiClient (macOS) may prioritize using user information from authentication user registered to EMS.
872136 User verification period option under User verification does not work as configured.

ZTNA connection rules

Bug ID

Description

831943

FortiClient (macOS) uninstall does not remove ZTNA client certificate is not removed from user certificate store.
853281 FortiClient (macOS) does not show the inline CASB database signatures on the About page.
857909 FortiClient (macOS) does not support enabling encryption for ZTNA TCP forwarding rules acquired form ZTNA service portal.

857999

FortiClient does not support using external browser for SAML authentication for ZTNA rules acquired through service portal.
864821 ZTNA does not have proper logging for SaaS portals.

905880

ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.
Previous
Next

Known issues

The following issues have been identified in FortiClient (macOS) 7.2.1. For inquiries about a particular bug or to report a bug, contact Customer Service & Support.

Configuration

Bug ID

Description
730415 FortiClient (macOS) backs up configuration that is missing locally configured zero trust network access (ZTNA) connection rules.

Endpoint control

Bug ID

Description

821379

macOS clients do not show up in Software Inventory > Hosts.

879108

EMS counts an endpoint as on-Fabric when it does not meet all rules in an on-Fabric detection rule set.
880167 FortiClient (macOS) cannot register with EMS due to selecting the wrong interface to connect to EMS.

GUI

Bug ID

Description

857148

GUI shows duplicate FortiClient consoles.

Remote Access

Bug ID

Description
515083 Smartcard SSL VPN does not work.
736245 IPsec VPN does not work when multiple remote gateways (priority-based list) are configured.
755199 Button to launch FortiClient from SSL VPN web portal does not work.
772247 SAML authentication times out with SSL VPN.

800529

GUI has issue with Settings > VPN Options > Do not Warn Invalid Server Certificate.

821660

FortiClient (macOS) behaves inconsistently with LDAP user login and autoconnect.

825009

VPN with SAML displays ErrorCode=-6005 when it reaches 31%.

826763

FortiClient (macOS) console does not show VPN username for SAML when SSL VPN tunnel establishes connection.
827685 FortiClient connects to VPN when a tag is assigned and the configuration should block access to the VPN tunnel for endoints with the tag.

833001

When using FortiAuthenticator as SAML identity provider, autoconnect fails after user logout/relogin.
834198 On an AWS virtual machine, autoconnect does not work and FortiClient displays an Initialize VPN system extension was failed error.
835096 FortiClient (macOS) cannot establish SAML single sign on VPN after Wi-Fi drops or disconnects and user reconnects manually.
850246 User cannot enable iCloud private relay due to VPN system extension.

851600

SSL VPN connection fails with FQDN resolving to multiple IP addresses when FortiClient (macOS) cannot reach resolved IP address.

854265

SSL VPN connects after sleep.
863431 On macOS 13, FortiClient does not use internal DNS for SSL VPN tunnel.

866971

System Preferences for FortiClient (macOS) network extension is under different name compared to 7.0.7.
870198 FortiClient system keychain has issue while connecting to SSL VPN with system keychain certificate.

Workaround options:

  • Move the FortiClient system keychain to the login keychain.
  • Right-click the private key, select Access Control, then +, then Command + Shift + g. Enter the following path: "/Applications/FortiClient/Contents/Resources/runtime.helper/FortiTray.app". This disables user prompts needed when using the certificate.
874669 FortiClient does not attempt to connect with redundant SAML VPN gateway if it cannot reach first gateway.
889749 FortiClient ignores <ipv4_split_exclude_networks>.
890227 FortiClient (macOS) stores VPN tunnels manually added by importing XML configuration under Corporate VPN.
892232 FortiClient (macOS) does not work after adding second remote gateway for SAML authentication-based VPN.
892965 SSL VPN fails to work with FQDN resolving to IPv6 address.
893237 FortiClient (macOS) does not provide chance to reinput password during autoconnect after identity provider password change.
894027 FortiClient on macOS Ventura system proxy with proxy autoconfiguration file does not work with IPsec VPN, but works with SSL VPN.
898321 FortiClient does not send an SNI packet, so does not get access to the correct realm.
898335 Split tunnel routes are disabled.
898971 SSL VPN with SAML drops with Login error. Remote denied the request. error.
905400 Split tunnel on macOS Monterey does not work.
906520 FortiClient (macOS) does not show VPN username for SAML authentication SSL VPN tunnel.
906559 Connection to the VPN tunnel fails on free client.
908498 When autoconnect only when off-fabric is enabled, endpoint autoconnects to VPN when moved from off-fabric to on-fabric public IP address or network.
915679 Redundant sort method fails to work with SAML authentication.
915964 SAML SSL VPN always up fails to work when both IPv4 and IPv6 are enabled.
917199 SSL VPN with SAML does not work when multiple gateways are configured for a tunnel profile.
917898 Host check policy works as AND operation instead of OR operation.
919102 No IP address displays on FortiClient console after connecting to IPsec VPN tunnel with certificate authentication.

Zero Trust tags

Bug ID

Description
793033

ZTNA LDAP group rule does not work.

Workaround: macOS has a limitation with detecting Builtin groups, such as Builtin/Users. However, the login AD group rule should work as expected for non-builtin paths, such as Users/Domain Users.
794385 FortiClient detects third-party antivirus tag.

Avatar and social login information

Bug ID

Description
878050 Avatar does not update on FortiOS dashboards and FortiOS cannot show updated information.

Web Filter and plugin

Bug ID

Description

755055

When setting action to Warn for site categories, it does not show the customized webpage, which allows user to bypass blocking.

843413

Packet drops when Web Filter is enabled.

856060

Web Filter with proxy mode does not work on macOS 13.0 Ventura.

857879

Exclusion list URLs do not work properly.

872607

FortiClient does not support Web Filter custom messages.
873803 In-browser message does not show after switching device user without system reboot.
875298 Exclusion list does not work properly with regular expressions.
878055 Web access does not work.
885330 FortiClient Web Filter on macOS 13.0.1 does not block websites.
886326 Web Filter cannot filter URL with URI pathway.
890045 FortiClient settings does not display permission required for feature(s) option.
898303 Web Filter does not work when administrator pushes extensions through Jamf in mobile device management platform.
899337 Web Filter causes packets to drop and increases network latency.

Workaround: Disable Application Firewall for affected FortiClient (macOS) devices.
905394 Web Filter disclaimer message does not show up.

Application Firewall

Bug ID

Description
814391 When connected to FortiClient Cloud, application signatures block allowlisted applications.

834500

FortiClient fails to block Application Firewall categories when web client category is set to monitor.

834839

Web Filter does not block traffic when proxy mode and Application Firewall are disabled.

879985

Application Firewall fails to block Web.Client category HTTPS traffic.

Logs

Bug ID

Description

711763

FortiClient does not point to usfgd1.fortigate.com for EMS web profile setting:Location-US | Server-Fortiguard (Legacy).

746108

FortiClient cannot handle log upload.

811746

FortiClient (macOS) sends duplicated and old logs to FortiAnalyzer.
872875 Disabling Client-Based Logging When On-Fabric in EMS does not work for macOS endpoints.

913767

FortiClient cannot send Software Inventory information to FortiAnalyzer in macOS Big Sur 11.7.3.

Software Inventory

Bug ID

Description
737970 Software Inventory may not properly reflect software changes (adding/deleting) on macOS endpoints.

Quarantine management

Bug ID

Description
868798 Custom quarantine message does not work.

Installation and upgrade

Bug ID

Description

827939

FortiTray is not open anymore prompt shows when deploying FortiClient using script through mobile device management.
828781 FortiClient (macOS) behaves inconsistently when uninstalling it through commands in terminal and the FortiClientUninstaller GUI tool.

Vulnerability Scan

Bug ID

Description
771833 FortiClient tags endpoint as vulnerable when EMS administrator has enabled Exclude Application Vulnerabilities Requiring Manual Update from Vulnerability.

786011

Vulnerability feature does not autopatch macOS 12.2.1 after FortiClient (macOS) detects OS vulnerability on Monterey 12.1.

Malware Protection and Sandbox

Bug ID

Description
551282 Sandbox exception for trusted sources does not work and FortiClient (macOS) uploads files sourced from Apple Inc.
719920 FortiClient cannot submit files downloaded from Thunderbird to FortiClient Cloud Sandbox (PaaS).
829415 When next generation antivirus is enabled, FortiClient (macOS) shows real time protection (RTP) as disabled.
837638 Identifying malware and exploits using signatures received from FortiSandbox does not work.

855555

Enabling real-time protection and setting <block_removable_media> to 1 causes FortiClient (macOS) to fail to block a USB device.

855570

RTP scans files regardless of the maximum file size setting for scanning files.

858485

Excluding specified folders/files from Sandbox feature works when it is disabled.

859921

Settings > Privacy Status shows fcaptmon under the required permission list when it is not required.

Onboarding

Bug ID

Description
811976 FortiClient (macOS) may prioritize using user information from authentication user registered to EMS.
872136 User verification period option under User verification does not work as configured.

ZTNA connection rules

Bug ID

Description

831943

FortiClient (macOS) uninstall does not remove ZTNA client certificate is not removed from user certificate store.
853281 FortiClient (macOS) does not show the inline CASB database signatures on the About page.
857909 FortiClient (macOS) does not support enabling encryption for ZTNA TCP forwarding rules acquired form ZTNA service portal.

857999

FortiClient does not support using external browser for SAML authentication for ZTNA rules acquired through service portal.
864821 ZTNA does not have proper logging for SaaS portals.

905880

ZTNA certificate prompt displays when deploying FortiClient (macOS) with Jamf Pro configuration profiles.

Workaround: enable ZTNA in both on-fabric and off-fabric profile if using both.
Previous
Next