Fortinet black logo

Special notices

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.

Endpoint security improvement

7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 7.0.2 installer is not available on FortiGuard Distribution Servers (FDS). To use the FortiClient 7.0.2 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.

Endpoint security improvement

7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 7.0.2 installer is not available on FortiGuard Distribution Servers (FDS). To use the FortiClient 7.0.2 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.