Fortinet black logo

Special notices

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.

MacBook Pro with M1X chip conflict

The FortiClient Application Firewall and Web Filter features conflict with the SSL VPN feature that is included on new MacBook Pro models that use the new M1X chip. This conflict does not occur on other macOS devices.

Special notices

Enabling full disk access

FortiClient (macOS) works properly only when you grant permissions to access the full disk in the Security & Privacy pane for the following services:

  • fcaptmon
  • fctservctl
  • fctservctl2
  • fmon
  • fmon2
  • FortiClient
  • FortiGuardAgent

The FortiClient (macOS) free VPN-only client does not include the fcaptmon, fmon, and fmon2 services. If you are using the VPN-only client, you only need to grant permissions for fctservctl and FortiClient.

You may have to manually add fmon2 to the list, as it may not be in the list of applications to allow full disk access to. Click the + icon to add an application. Browse to /Library/Application Support/Fortinet/FortiClient/bin/ and select fmon2.

The following lists the services and their folder locations:

  • fmon, Fctservctl, Fcaptmon: /Library/Application\ Support/Fortinet/FortiClient/bin/

  • FortiClient (macOS) application: /Applications/FortiClient.app

  • FortiClient agent (FortiTray): /Applications/FortiClient.app/Contents/Resources/runtime.helper/FortiGuardAgent.app

Activating system extensions

After you perform an initial install of FortiClient (macOS), the device prompts you to allow some settings and disk access for FortiClient (macOS) processes. You must have administrator credentials for the macOS machine to configure this change.

VPN

VPN works properly only when you allow system software from Fortinet to load in Security & Privacy settings.

To allow FortiTray to load:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiTray" was blocked from loading.

Web Filter and Application Firewall

You must enable the FortiClientNetwork extension for Web Filter and Application Firewall to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:
  1. Go to System Preferences > Security & Privacy.
  2. Click the Allow button beside System software from application "FortiClientNetwork" was blocked from loading.

  3. Verify the status of the extension by running the systemextensionsctl list command in the macOS terminal. The following provides example output when the extension is enabled:

Enabling notifications

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

To enable notifications:
  1. Go to System Preferences > Notifications > FortiGuardAgent.
  2. Toggle Allow Notifications on.

DHCP over IPsec VPN not supported

FortiClient (macOS) does not support DHCP over IPsec VPN.

IKEv2 not supported

FortiClient (macOS) does not support IPsec VPN IKEv2.

MacBook Pro with M1X chip conflict

The FortiClient Application Firewall and Web Filter features conflict with the SSL VPN feature that is included on new MacBook Pro models that use the new M1X chip. This conflict does not occur on other macOS devices.