FortiClient and macOS Big Sur – SSL top, IPsec flop

Spoiler Alert! – Since the release of macOS 11.0 aka Big Sur, your FortiClient VPN might not be working as expected anymore if you have already upgraded.

There’s a chance you might not have noticed it, in the case that you’re using SSL VPN only in your environment. But as soon as you also have IPsec tunnels you’d like to use, you might find yourself with a successfully established tunnel, but no traffic is reaching your remote end.

Reason is a legacy kernel extension which was still used by FortiClient ≤v.6.4.1. This kernel extension was only loaded for IPsec connections but is now prohibited to run under macOS Big Sur.

Unfortunately there’s no notification by the FortiClient software, informing you of this. Also there’s no statement yet on the official forticlient.com website. But numerous users reported this behaviour throughout Apple and Fortinet support forums, as well as on reddit.com.

So far we can only tell you to await the promised release of FortiClient V6.4.3 that should address the issue. There’s no specific release date published yet, but we’ll update this article as soon as this is the case!

So in the meantime, please hold back yourself with a hasty upgrade to Apple’s latest OS.

Update Januar 2020: Even though FortiClient v6.4.2 is not officially supporting BigSur, it seems that the IPsec issue has been solved in this release! So if you’ve already upgraded your Mac to BigSur, go and update your FortiClient to 6.4.2 as well.