Special notices
Enabling full disk access
FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:
- fcaptmon
- fctservctl
- fctservctl2
- fmon
- fmon2
- FortiClient
- FortiGuardAgent
The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.
You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/
and select fmon2.
The following lists the services and their folder locations:
-
fmon, Fctservctl, Fcaptmon:
/Library/Application\ Support/Fortinet/FortiClient/bin/
-
FortiClient (macOS) application:
/Applications/FortiClient.app
-
FortiClient agent (FortiTray):
/Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app
Activating system extensions
After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.
VPN
VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.
To allow FortiTray to load:
- Go to System Preferences > Security & Privacy.
- Click the Allow button beside System software from application "FortiTray" was blocked from loading.
Web Filter and Application Firewall
You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.
To enable the FortiClientNetwork extension:
- Go to System Preferences > Security & Privacy.
- Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.
- Verify the status of the extension by running the
systemextensionsctl list
command in the macOS terminal. The following provides example output when the extension is enabled:
Enabling notifications
After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.
To enable notifications:
- Go to System Preferences > Notifications > FortiGuardAgent.
- Toggle Allow Notifications on.
DHCP over IPsec VPN not supported
FortiClient (macOS) does not support DHCP over IPsec VPN.
IKEv2 not supported
FortiClient (macOS) does not support IPsec VPN IKEv2.
Endpoint security improvement
7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 7.0.2 installer is not available on FortiGuard Distribution Servers (FDS). To use the FortiClient 7.0.2 installer, you must download it from Customer Service & Support. See Endpoint security improvement.
If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.