Are you using the latest v7 client? If you want to pre-populate a vpn connection you will need to create a package with the files in "/Library/Application Support/Fortinet/FortiClient/conf". We have the policy update the inventory of the Mac, which then puts it into scope to get the configuration profile.
Short answer is you may need to repackage the existing installer, or at the very least create a manual package...
Where you able to figure this out? I have tried a bunch of ways, but can't seem to get it to accept the forticlienttray and stop asking.
We are struggling as well to auto approve FortiTray.
Is there someone who got this fixed?
The problem is that FortiClient creates an Network interface called "VPN" with VPN-App: FortiTray
Heya, sorry for the late reply, I finally figured this out.
To avoid the VPN popup configuration, we set a dummy VPN configuration that will be used by Forticlient on runtime :
Nothing else is checked, make sure that the Identifier and Provider Bundle Identifier are set to "com.fortinet.forticlient.macos.vpn" and the name isn't "VPN".
Adding this configuration profile before installing Forticlient will suppress the warning, Forticlient will rename the VPN_CP network to "VPN" and use it.
Hi @e672e508-80b8-4 This trick seems to work for me as well, using Filewave, so thanks a lot! :D
Cheers,
Peter
Heya, sorry for the late reply, I finally figured this out.
To avoid the VPN popup configuration, we set a dummy VPN configuration that will be used by Forticlient on runtime :
Nothing else is checked, make sure that the Identifier and Provider Bundle Identifier are set to "com.fortinet.forticlient.macos.vpn" and the name isn't "VPN".
Adding this configuration profile before installing Forticlient will suppress the warning, Forticlient will rename the VPN_CP network to "VPN" and use it.
@e672e508-80b8-4 could you please share also your settings configured in the shown config profile screenshot for your pppc and system extension setting?
I am wondering if my System extension is configured as yours and i was not able to solve the PPPC settings.
It would help me a lot.
I am already use FortiClient 7.0.3
@e672e508-80b8-4 As Int_IT_ADC asked, could you share your System extension configuration ? I am also unable to find the right settings to bypass Gatekeeper.
@e672e508-80b8-4 As Int_IT_ADC asked, could you share your System extension configuration ? I am also unable to find the right settings to bypass Gatekeeper.
Hello @F_Hadi (and sorry @Jacek_ADC for the late reply),
Here is my System extension configuration pane for this Configuration Profile.
Hello @F_Hadi (and sorry @Jacek_ADC for the late reply),
Here is my System extension configuration pane for this Configuration Profile.
Thank you!
That is what I have configured too, but FortiTray is still blocked by Gatekeeper 🙄
Heya, sorry for the late reply, I finally figured this out.
To avoid the VPN popup configuration, we set a dummy VPN configuration that will be used by Forticlient on runtime :
Nothing else is checked, make sure that the Identifier and Provider Bundle Identifier are set to "com.fortinet.forticlient.macos.vpn" and the name isn't "VPN".
Adding this configuration profile before installing Forticlient will suppress the warning, Forticlient will rename the VPN_CP network to "VPN" and use it.
Did you set anything for the User Auth or other fields lower in the configuration profile?
Hello @F_Hadi (and sorry @Jacek_ADC for the late reply),
Here is my System extension configuration pane for this Configuration Profile.
Thank you, can you please share also your pppc config?
Heya, sorry for the late reply, I finally figured this out.
To avoid the VPN popup configuration, we set a dummy VPN configuration that will be used by Forticlient on runtime :
Nothing else is checked, make sure that the Identifier and Provider Bundle Identifier are set to "com.fortinet.forticlient.macos.vpn" and the name isn't "VPN".
Adding this configuration profile before installing Forticlient will suppress the warning, Forticlient will rename the VPN_CP network to "VPN" and use it.
This worked very well for me. Great work figuring it out, and many many thanks for sharing it.
Hello @F_Hadi (and sorry @Jacek_ADC for the late reply),
Here is my System extension configuration pane for this Configuration Profile.
Do you mind also sharing the PPPC config screen? I feel like I have most things configured as they should be, but I am still getting a pop-up screen for:
"FortiTray is trying to install a new helper tool.
Enter your password to allow this."
I can't figure out what the helper tool is so I can add it to the PPPC, or maybe I need to allow a Kernel Extension, I am not sure...
Thanks in advance!
Do you mind also sharing the PPPC config screen? I feel like I have most things configured as they should be, but I am still getting a pop-up screen for:
"FortiTray is trying to install a new helper tool.
Enter your password to allow this."
I can't figure out what the helper tool is so I can add it to the PPPC, or maybe I need to allow a Kernel Extension, I am not sure...
Thanks in advance!
Got the same issue, in total I have 3 pop ups:
1) FortiTray is trying to install a new helper tool
2) FortiTray WOuld Like to Add VPN Configurations (dummy VPN profile is not working for this)
3) Permission is required for full protection > "Full Disk Access" permission for FortiClient processes fcaptmon (sometimes it's fctservctl2, sometimes it's fmon2), I have added all 3 via Configuration Profile > Privacy Preferences Policy Control, yet it still requires to manually accept these...
FortiNet is not very helpful and don't really have any documentation for this... if anybody figures it out, please share.
Got the same issue, in total I have 3 pop ups:
1) FortiTray is trying to install a new helper tool
2) FortiTray WOuld Like to Add VPN Configurations (dummy VPN profile is not working for this)
3) Permission is required for full protection > "Full Disk Access" permission for FortiClient processes fcaptmon (sometimes it's fctservctl2, sometimes it's fmon2), I have added all 3 via Configuration Profile > Privacy Preferences Policy Control, yet it still requires to manually accept these...
FortiNet is not very helpful and don't really have any documentation for this... if anybody figures it out, please share.
I posted screenshots here: https://community.jamf.com/t5/jamf-pro/deploying-forticlient-preventing-as-many-popups-as-possible-on/m-p/271108/emcs_t/S2h8ZW1haWx8dG9waWNfc3Vic2NyaXB0aW9ufEw2R0RMNlY2Q0hFUkYwfDI3MTEwOHxTVUJTQ1JJUFRJT05TfGhL#M247414
You say that you already created the configuration profiles but are still getting the pop-ups. Did you install the profiles before deploying the client? You have to do that, otherwise you'll get the pop-ups.
Got the same issue, in total I have 3 pop ups:
1) FortiTray is trying to install a new helper tool
2) FortiTray WOuld Like to Add VPN Configurations (dummy VPN profile is not working for this)
3) Permission is required for full protection > "Full Disk Access" permission for FortiClient processes fcaptmon (sometimes it's fctservctl2, sometimes it's fmon2), I have added all 3 via Configuration Profile > Privacy Preferences Policy Control, yet it still requires to manually accept these...
FortiNet is not very helpful and don't really have any documentation for this... if anybody figures it out, please share.
Hey Shurkin18,
were you able to resolve the issue with these 3 pop ups? gone through everyone's screen shots and I still can't shake these 3 prompts! any help is appreciated
thanks
Hey Shurkin18,
were you able to resolve the issue with these 3 pop ups? gone through everyone's screen shots and I still can't shake these 3 prompts! any help is appreciated
thanks
Hi, no, seems like at this point with the newest Apple security "features" - there is nothing can be done here as user has to manually "allow" these privacy prompts...
Hi, no, seems like at this point with the newest Apple security "features" - there is nothing can be done here as user has to manually "allow" these privacy prompts...
so i managed to solve the add VPN config file pop-up with the below:
com.fortinet.forticlient.macos.vpn.nwextension
identifier "com.fortinet.forticlient.macos.vpn.nwextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AH4XFXJ7DK
and then weirdly enough...i have no idea why this works at all... if I add the package to the self-service portal and a user installs it from there none of the extension pop-ups or helper install appear and it installs without issue!
hope the above helps a bit
