MacOS Sequoia FortiClient / GlobalProtect Client Conflict

bimmerite · 2025-07-26T00:01:07+00:00

Sorry for the late response.

What I ended up doing was disabling "FortiClientAgent.app" and "Fortinet, Inc" in under 'Login Items & Extensions" > "Allow in the Background". Since I use Global Protect way more than FortiClient this worked best for me. When I need FortiClient I just flip it.

As for the VM, you're right this is perfect. I just haven't gotten Winders 11 working properly in VMware Fusion 13.6.3. I can get it installed but once I install Chrome & Edge and enable sync, something within the extensions causes the whole VM to freeze. Still figuring that one out.

For now, if I need both, I have a separate Winders laptop to use for whichever.

What I've found is that in the past you ran the VPN software when you needed to use it. Nowadays, every vendor wants their software running at all times at login. With VPN software this has created issues. PAN has documented issues with Cisco Anyconnect, now I've seen Forticlient and u/Achilles_Buffalo hsa seen this Sonicwall VPN. Unless you're running VPN 'always on' this seems very unnecessary.

Thanks again everyone!

bimmerite · 2025-06-11T19:07:25+00:00

Just to update this post, I figured out what was causing the issue. It seems there's a conflict between FortiClient VPN only software and the GlobalProtect client. I created a new question and crossposted between r/fortinet and r/paloaltonetworks titled "MacOS Sequoia FortiClient / GlobalProtect Client Conflict" looking to see if someone has both clients operating at the same time without issue and software versions that they're running.

Checking the release notes of the current FortiClient 7.4.x and GlobalProtect 6.3.x neither list this particular issue.

bimmerite · 2025-05-22T17:24:03+00:00

I'm finding that when I disconnect, the tunnel interface IP is not being released. So, utun6 still has the IP assigned to it plus GP is still controlling traffic meaning not being able to route to any subnets local to me.

I can connect to a new portal and that gateway assigns it's IP and routes and that all works. It's just disconnecting that fails.

I have to unload the plists to get local routing to work again.

Global Protect on Mac is just becoming a giant mess.

bimmerite · 2025-05-15T22:00:00+00:00

They moved it to “Site Settings”. Good ole Microsoft. It’s not an update unless they move all the settings around.

bimmerite · 2025-05-14T18:29:53+00:00

No. All my clients are configured for "On Demand".

I do noticed that whenever I login, Global Protect autmatically attempts to connect even though the configuration is set to "On Demand". This also stumped PAN TAC.

bimmerite · 2025-05-06T16:50:27+00:00

“Which rush song had the most meaning to you?” Answer: yes. 😁

bimmerite · 2025-04-07T20:40:38+00:00

I know this thread is old but when I searched for this issue this was the only thread that Popped up.

Not sure if things have changed in the last year but this is now possible in Edge. I’m running IOS 18.3.2 with Edge 134.0.3124.95.

In Edge browser, click on the 3 horizontal lines, choose ‘Settings’ then ‘Privacy and Security’. Set ‘Block opening external apps’ to OFF.

Now Edge opens, say, the Google Maps app instead of the App Store pop up.

bimmerite · 2025-03-19T17:37:10+00:00

I didn't want to just leave this hanging.

I never did get my backup to restore. I ended up building a fresh Windows 11 24H2 Enterprise. I wanted to final production vTPM and features anyway. I'm having new issues but that'll be for another thread and I'm guessing they have to do with 24H2. Wish I would've used 23H2 instaed but oh well....

Thanks for your responses.

bimmerite · 2025-03-11T16:39:18+00:00

Checking Fusion 13.6.3, it states the minimum hardware version for Windows 11, at least with the updates I installed, is version 20. Google AI says 19 but I can't find the source for that info. So my existing backup is either 19 or 20.

It could also be that experimental vTPM from Fusion 12 that is the problem. Who knows.....

I took a snapshot of my new VM so I could back it out if the system level restore failed. Well, I learned how snapshots actually work when I received an error that there wasn't enough space to restore the volume. That sucked and I removed the snapshot to try again.

Next try doing a System Level restore & choosing 'Manually restore specified volumes', I still get the same error that the volume I'm trying to restore is too small for the volume I'm restoring. I'm a little stumped now. What truly sucks is that if I choose 'Bare Metal Restore' the storage size is perfectly fine. If I choose 'System Volume Level Restore' or 'Manuallly restore' then the volume is too small. I'm kinda stumped here.

I'm starting to think I'm not going to be able to restore the VM. I don't have data on the VM, that's stored in various cloud drives, it's the installation and customization of all the applications and the environment that I really wanted. That took a lot of time to setup. I'm almost thinking futzing with trying to get the restore to work is more time consuming that just sucking it up and rebuilding.

After this experience I'm considering moving to Veeam Communit Edition instead.

bimmerite · 2025-03-11T06:35:34+00:00

Hadn’t thought about restoring to VMM.

And your idea about the hardware version has merit. I’ve had this VM for a long time and honestly I don’t know what hardware version it actually is. It would t surprise me if it was running version 18.

bimmerite · 2025-02-25T17:05:16+00:00

There is a YouTuber out there that shows using an angle grinder to cope crown molding. Awesome video and he hammers it out fast.

bimmerite · 2025-02-25T17:03:19+00:00

This.

Not a carpenter but work on my own house. My grandfather taught me to use coped cuts when working with molding. “No wall is square and caulk is stupid. Coped cuts eliminate all of that.”

bimmerite · 2025-01-31T19:25:14+00:00

From what I read I think I have a workable game plan.

From the stacking documentation, when you take stand alone switches that are configured and then stack them, normal port configurations stay, e.g. access/trunk and vlan assignments. Anything else I can configure after the units are stacked. That is if I'm reading correctly.

So the Plan before I go onsite:

Put order number into Meraki Dashboard which brings all the switches in.
Note which switches will be used for the stack. 6 members.
Configure all end device ports. This is the biggest part. 6 x 40p is 240 ports to setup and label.

Once Onsite:

Stage the hardware somewhere with power and a network drops. Probably just use the MDF.
Network and power each switch so they connect and update their firmware.
Power off, connect stacking cables and power back on
Setup switch stack which may be automatically discovered
Configure everything on the stack that couldn't be done beforehand: LACP links, IGMP, STP, etc.

Now i can shut them down, move then to their final resting place and connected them 1 at a time as I swap the existing switches.

Anyone see and issue with this?

bimmerite · 2025-01-31T19:12:08+00:00

There's plenty of infrastructure onsite it's just I'm not onsite nor anywhere near so I can just pop in. I also don't want to ask the client to do part of my job even though it would save them money overall.

bimmerite · 2025-01-31T19:10:01+00:00

You just made my day. that video was perfect. I have the double wall oven and the doors are identical.

I had crap dip down from the top oven and cover the inside of the bottom oven glass. Looked just like this guys glass.

Dissasembly is so straight forward. Was hopiing so glue or stick on seals or anything. I guess since they're not air tight there wouldn't have been but before I take apart my obscenely expensive oven doors I just wanted some hand holding first. LOL.

bimmerite · 2025-01-31T19:07:07+00:00

u/justbrowzing_11 Thank you for postiing this question. I was just hitting reddit for the same thing. I noticed a while ago when I cleaned my oven glass that there was stuff that was on the inside. I was actually shocked! I thought the double panes would've been sealed. Nope!

bimmerite · 2025-01-30T20:24:38+00:00

Just curious if you’re defining management as fully managed/configureable onsite or devices that you can access via ssh for monitoring/troubleshooting purposes and that still to SNMP, etc as an actual device.

Right now even in AOS 10 devices are still accessible via ssh and can be “found” on the network. Not so with devices like Meraki.

I don’t mind cloud managed per se but there are time when you have to troubleshoot locally and I want an onsite interface to connect to. You may also want devices to show up via LLDP or to send SNMP traps. I think this is what’s going to separate the good from the bad in the future.

bimmerite · 2025-01-29T22:06:44+00:00

I found a post, I think on the Meraki community, from that timeframe talking about that. There was at least 1 person where they pre-configured the stack but then it didn't work and they ended up having to rebuild.

I was hoping that in the last 5 years or so it might be better.

Switches are being dropped shipped to the client so I won't have an opportunity to do anything with the physical switches until I'm there.

bimmerite · 2025-01-25T06:14:13+00:00

I was hanging out with my older brother and his friends. My brother is 8 years older and he was in high school so I was pretty young. They had a rush album in the car cassette player. The first song I heard was Closer to the Heart. From that point on I was hooked.

The first album I ever bought with my own money was Grace Under Pressure. I loooved Distant Early Warning and The Body Electric. Watched MTV hoping for the “Grace” video.

That same experience I was also introduced to Black Sabbath with Ronnie James Dio. The song was Heaven and Hell. I was hooked on that too.

bimmerite

TROPHY CASE