SYSTEM ADMIN BOOK
  • Hardware/Physical Machines
    • Physical Networking
      • Patch Panel
    • Hardware Devices
    • PC Build
    • RAID Configs
  • System Configuration
    • Windows
      • OneDrive for Business, Map as Network Drive in Windows
      • PDF Printer
      • Reset Windows Password
    • Linux
    • Mac
      • Factory Reset Mac Mini
      • Install FortiClient VPN
      • Remove FortiClient VPN for Macs
      • Setting Microsoft Teams Notifications in MacOS
      • Download and Install Whatsapp
  • Windows Server
    • Troubleshooting
      • 100% Disk Usage Issue
      • Maximum Path Length Limitation
    • Basic Configurations
      • Change Hostname
      • Change Default RDP Port
      • Create a User
      • Add user to Administrator group
      • Add user to Remote Desktop Users group
      • Allow log on locally - security policy setting
      • Allow Multiple Remote Desktop Connections
      • Enable Insure Guest Authentication
      • Shrink Partition
      • Extend Partition
    • FTP Server
      • Install FTP Server (IIS)
      • Create User Group
      • Add FTP Site (IIS)
      • User Isolation
      • Allow Firewall
      • FTP Client (FileZilla)
      • FTP Server (FileZilla)
      • Configure Passive Mode in FileZilla Server
      • Configuring Windows Firewall for FileZilla Server
      • FileZilla: Password reset
      • Generate a New Self-Signed Certificate
    • Group Policy
      • Block Access to the Control Panel for All Users
      • Create a Logon Banner (Legal Notice)
      • Enable / Disable Copy-Paste Policy
      • Disable Shutdown, Restart Options
      • Disable Multiple Session for Single User
      • Disable Automatic Lock Screen in Windows Server
    • Services
      • NSSM - the Non-Sucking Service Manager
      • Node-windows Library
    • Task Scheduler
      • Automate Program Execution
      • Restart Windows Server Daily
    • Auditing and Diagnostincs
      • Enabling the System Event Audit Log
      • Audit RDP Port Change Event
      • Check the read/write speed of your hard drive
      • Clear temp file and .trc file
    • Event Viewer
      • Restart / Shutdown Event
  • Control Panels
    • Plesk
      • Set Hard Quota on disk space for subscription(s)
      • Changing MX, A, and CNAME Records
      • Host Node.js Application
      • Add FTP account
      • Remove FTP account
      • Download a folder using Plesk File Manager
      • Install WordPress on domain using WP Toolkit
      • Change the name of a Subscription system user
      • Exporting and Importing Database Dumps
    • OVI Panel
      • DNS Zone Editor
    • SolidCP
      • Add a MS SQL database in SolidCP
    • cPanel
  • Virtualization
    • Proxmox VE
      • Introduction
      • Download Proxmox ISO
      • Prepare Installation Media
      • Launch Proxmox Installer
      • Create a VM
  • Web Servers
    • IIS
      • Install IIS
      • Configure Default Site
      • Application Pool
      • Installing PHP
      • Deploy a PHP Application
      • Deploying a Laravel app on Windows using IIS
      • Update PHP Version in IIS
      • Host a Node.js /w Next.js Application
    • JBoss
  • VPNs and Proxy Servers
    • Reverse Proxy
      • IIS - Node.js Application
  • Database Servers
    • MS SQL
      • Download and Install
      • Install SSMS
      • Uninstall an Instance of SQL Server
      • Enable SA Account
      • Change SA Account Password
      • Enable Network Access to SQL Express
      • Create and configure a user in MSSQL
      • Clear SQL Server Cache
      • Setting Infinite Timeout in SQL Server Contexts
      • Take SQL Server Database Offline
      • Memory configuration
  • Web Dev Stacks
    • MERN (w/ Next)
      • Build and Run Node.js Project with Next.js
  • IT Ticketing Systems
    • Jira Ticketing System
  • Linux Servers
  • AWS Environment
  • Azure Environment
  • Backup and Security
    • SSL Certificates
      • Types of SSL Certificates
      • IIS 10: Create CSR and Install SSL Certificate
      • IIS 7: Generate CSR for Wildcard SSL
      • IIS: Generate CSR for Multi-Domain SSL
      • OpenSSL: Generate CSR
      • IIS 10: How to Install and Configure Your SSL Certificate on Windows Server
      • IIS: Export Pfx using MMC
      • IIS: Import Pfx using MMC
      • IIS: Export Pfx using IIS Manager
      • IIS: Import Pfx using IIS Manager
      • cPanel: Export PFX
      • Godaddy-CPanel: Generate a CSR
      • Godaddy-CPanel: Install SSL Certificate
      • cPanel: Generate CSR
      • cPanel: Install SSL Certificate
      • cPanel: Install Let's Encrypt SSL
      • Plesk: Generate CSR
      • Plesk: Let's Encrypt SSL Installation
      • Plesk: Installing the SSL certificate
      • Plesk: Export Public & Private Key
      • Win-ACME Let's Encrypt SSL
      • Certbot - Install SSL
      • Export Leaf, Root, and Intermediate Files
      • XAMPP - Let's Encrypt SSL Installation
      • JBoss Web Server: CSR Generation
      • JBoss: Install SSL Certificate
    • Backup
      • Database
        • MS SQL DB Backup
        • MS SQL Restore Backup
    • Microsoft Defender for Endpoint
      • Introduction & Licenses
    • Microsoft Intune - Endpoint Management
      • Product Introduction
      • Intune Policies for MacOS
      • Enroll your macOS device using the Company Portal app
    • Vulnerability Scanning
      • OpenVAS Quick Guide
      • Nessus Quick Guide
    • Acronis
      • Download and Install the Acronis Cyber Protection Agent
      • Performing a file-level backup
      • Creating a disk-level backup
      • Performing a file-level recovery
      • Enabling Active Protection and Vulnerability Assessment
  • Email and Office 365
    • Troubleshooting
      • Run a message trace in the Exchange admin center
      • Not receiving email
      • Office 365 Apps Activation Error
      • Gmail Issue: Clearing Cache and Cookies
      • Excel worksheet, right click insert not functioning
      • Microsoft 365 Apps activation error: “Your organization has disabled this device”
    • Hybrid Mail Setup
      • Set Up Connectors Between Microsoft 365 and SmarterMail
    • Email Authentication
      • Protocols
    • Mail Clients
      • Outlook
        • Maximum number of Exchange accounts in an Outlook profile
        • Enable automatic forwarding in new Outlook
        • Add Email Signature
        • Create Email Singature
        • Gmail Account Login in Outlook
        • Enable desktop notifications for Outlook on the Web (OWA) in Windows
        • Move Mails to Specific Folders
      • Apple Mail
        • Add email accounts in Mail on Mac
        • Add Mail Signatures
      • Gmail
        • Mail Forwarding to Another Account
        • Set Up an Auto-Reply (Vacation Responder) in Gmail
    • Office 365
      • Intro & Subscriptions
      • How to Create a Trial Account
      • How to Access the Office 365 Admin Center
      • Creating a Tenant
      • Create Users
      • Add several users at the same time to Microsoft 365
      • Creating & Managing Roles
      • Add a Domain
      • Manage MFA
      • Let users reset their own passwords
      • Assign Global Admin Roles
      • Create APP Password
      • Change a user name and email address
      • Reset MFA for Microsoft 365 User
      • Configure email forwarding
      • Add email aliases to a user
      • Change Username or Email Address
      • Export Mailbox to PST From Office 365
      • Import PST to Exchange Online (Microsoft O365)
      • Enable archive mailboxes for Microsoft 365
      • Grant Export Permission in M365 Compliance Center
      • Generate Transfer Token
    • Google Workspace
      • Intro & Plans
      • Create your Google Workspace trial account
      • Review your DNS records
      • Adding Users
      • Create organizational units
      • Restrict access to a Google Workspace service
      • Edit user attributes
      • Manage user accounts
      • Suspend a User
      • Generate a Transfer Token
      • Reduce Licenses in Google Workspace
      • Auto-forward From Google Workspace Using Routing
      • Recovering administrator access to your account
    • MailEnable
    • SmarterMail
      • SmarterMail Installation
      • SmarterMail Server Setup
      • Installation and Configuration (Practical)
      • Enable / Disable Domain in SmarterMail
      • Enable / Disable MFA for User Accounts
      • Create an Administrator User in SmarterMail
    • Microsoft Teams
      • Guest Access vs. External Access
      • Adding Guests To Microsoft Teams Team
      • Teams Chat DIfferent Domain: Enable External Access
      • Setup Teams Time Zone and Work Hours
      • Add Contact Numbers in Profile Page
    • Microsoft Defender for Office 365
      • Remove blocked users from the Restricted entities page
    • Microsoft Purview
      • Create a Retention Policy for Archiving in M365
  • DevOps
  • Firewalls and Access Points
    • Windows Firewall
      • Allow Ports on Windows Firewall
    • Sophos Firewall
      • Set up a new firewall with Sophos Central
      • Enable Sophos Central management of Sophos Firewall
  • Networking
    • Troubleshooting
    • Cisco Router Config
    • Cisco Switch Config
      • Basic Data and Voice VLAN Setup Homelab
  • Migration
    • Drive Migration
      • Google Drive to One Drive
      • One Drive to One Drive [SharePoint Migration Tool]
      • Migrate Google files to Microsoft 365 for business
    • Mail Migration
      • Google Workspace to Office 365 (Manual Method)
      • Google Workspace to Office 365 (Automatic Method)
      • IMAP to Office 365
      • Migration Using PST File Method
      • Office 365 to Google Workspace Migration
      • G-Suite to G-Suite Migration
    • VM Migration
    • Website Migration
      • Migrating IIS Sites Using Web Deploy
      • Plesk to Plesk Migration
    • Database Migration
  • Monitoring
    • Prometheus
      • Monitoring Windows Servers Using Prometheus
    • Grafana
      • Visualize Data in Grafana
    • Loki
  • Data Center
    • HPE ProLiant ILO Configuration
  • Other Technologies
    • Some R&Ds
      • Active vs. Passive Mode in FTP
      • IIS Recycling and Virtual Memory Limit
      • IIS Application Pool
Powered by GitBook
On this page
  • Introduction
  • To install FortiClient on a macOS computer:
  • To activate system extensions:
  • To enable full disk access:
  • To enable notifications:
  • REFERENCES

Was this helpful?

  1. System Configuration
  2. Mac

Install FortiClient VPN

PreviousFactory Reset Mac MiniNextRemove FortiClient VPN for Macs

Last updated 2 months ago

Was this helpful?

Introduction

The following instructions guide you though the manual installation of FortiClient on a macOS computer. For more information, see the .

After manually running the FortiClient installer on a macOS computer, you must enable certain permissions and perform other actions for FortiClient to work properly. This topic provides instructions on the necessary configurations. The process is as follows:

  1. Install FortiClient on a macOS computer using the installer file. See .

  2. Activate system extensions. See .

  3. (macOS 11 Big Sur and 10.15 Catalina only) Enable full disk access. See .

  4. Enable notifications. See .

Depending on what features are enabled on EMS, installing FortiClient (macOS) may require admin credentials to handle prompts for system keychain changes and granting permissions under Security & Privacy.

For FortiClient upgrade, system certificates and security permissions remain unchanged, so no special user privileges are required.

To install FortiClient on a macOS computer:

  1. Double-click the FortiClient_7.4.2.xx_macosx .dmg installer file. The FortiClient for macOS dialog displays.

  2. Double-click Install. The Welcome to the FortiClient Installer dialog displays.

  3. (Optional) Click the lock icon in the upper-right corner to view certificate details and click OK to close the dialog. Click Continue.

  4. Read the Software License Agreement and click Continue. You have the option to print or save the Software Agreement in this window. You are prompted to Agree with the terms of the license agreement.

  5. If you agree with the terms of the license agreement, click Agree to continue the installation.

  6. Depending on your system, you may be prompted to enter your system password.

  7. After the installation completes successfully, Click Close to exit the installer. FortiClient has been saved to the Applications folder.

  8. If using macOS Mojave (version 10.14), you must reboot the macOS device after installing FortiClient (macOS). FortiClient (macOS) displays the following prompt after installation. Click Restart System:

  9. Double-click the FortiClient icon to launch the application. The application loads to your desktop.

To activate system extensions:

After you perform an initial install of FortiClient, the device prompts you to allow some settings for FortiClient processes. You must have administrator credentials for the macOS machine to configure these changes.

VPN

You must allow the macOS system software to load the FortiTray.

To allow FortiTray to load:

  1. Do one of the following:

    • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.

    • If using another macOS version, go to Settings > Privacy & Security.

  2. Enable FortiTray.

Web Filter and Application Firewall

You must enable the FortiClientProxy extension for Web Filter to work properly. You must enable the FortiClientPacketFilter extension for Application Firewall and network lockdown to work properly. The FortiClient (macOS) team ID is AH4XFXJ7DK.

To enable the FortiClientNetwork extension:

  1. Do one of the following:

    • If using macOS Sequoia (version 15), go to Settings > General > Login Items & Extensions > Network Extensions.

    • If using another macOS version, go to Settings > Privacy & Security.

  2. Enable the FortiClientProxy and FortiClientPacketFilter toggles.

  3. Verify the extension status by running systemextensionsctl list in the macOS terminal. In the output, the FortiClientPacketFilter extension displays as macos.webfilter. The following provides example output when the extension is enabled:

Proxy mode extension

The com.fortinet.forticlient.macos.proxy system extension works as a proxy server to proxy a TCP connection. macOS manages the extension's connection status and other statistics. This resolves the issue that Web Filter fails to work when SSL and IPsec VPN are connected.

FortiClient (macOS) automatically installs the extension on an M1 Pro or newer macOS device.

To enable full disk access:

macOS 11 Big Sur and 10.15 Catalina include security setting changes, which require you to enable full disk access for FortiClient services. If you do not grant full disk access to FortiClient services, FortiClient only provide partial protection of files in the /Applications directory. The first time that FortiClient detects an attempt to run an executable file located in another protected location on the endpoint as malware protection, macOS denies FortiClient access and prompts the user to grant full disk access.

  1. Go to System Preferences > Security & Privacy tab, and select Full Disk Access

  2. To make changes, click lock icon on the bottom left, enter your credentials, and Unlock.

  3. Select the following services to grant them full disk access:

    • fctservctl2

    • FortiClient

If you did not grant full disk access permissions for the daemons, you can check their status on the Settings tab under Privacy Status. Click Open File Access to grant permissions for the daemons. If you do not configure this, macOS displays a popup asking for permissions each time that you use a feature related to one of the daemons, such as scanning for viruses.

To enable notifications:

After initial installation, macOS prompts the user to enable FortiClient (macOS) notifications.

  1. Go to System Preferences > Notifications > FortiClientAgent.

  2. Toggle Allow Notifications on.

REFERENCES

https://docs.fortinet.com/document/forticlient/7.4.2/administration-guide/903183/macos#To2
https://docs.fortinet.com/document/forticlient/7.4.2/macos-release-notes/223986
FortiClient (macOS) Release Notes
To install FortiClient on a macOS computer:
To activate system extensions:
To enable full disk access:
To enable notifications: