When I connect to my company VPN (using FortiClient) Safari doesn't load any page. Neither internal ones, nor external ones like Google, Facebook, etc.
Google Chrome loads everything.
I tried turning off all the privacy tools like private relay, private address ipv6 mostly everything.
Can anybody help me out?
MacBook Pro 14″, macOS 15.4
What does Safari say about it?
Safari should give SOME explanation as to why the page won't load - DNS error? security error? unresponsive server? something else? That will go a long way in troubleshooting.
The specifics of the VPN configuration may also come into play. Some VPNs are more than pure network gateways and they act as a proxy to insert themselves into the HTTPS stream to validate the URLs that you try to access. Because of the way HTTPS works, they try to fake the browser into thinking they are the destination site you're trying to access, but this trips Safari's security because it knows that the VPN server isn't really the site it says it is and it won't load.
Some VPN vendors are better than others in the way they implement this. I've heard complaints from Fortinet and CheckPoint users, but there are doubtless others.
Other browsers may work because either they're ignorant of the VPN/proxy (which is bad, since it technically is a man-in-the-middle attack), or they somehow integrate with it in a different way.
As for what to do about it?
Well, ideally the company VPN should be setup for split tunneling, so that only traffic destined for the company's network goes over the VPN, leaving other traffic to take its usual route. Some companies don't do this, though, opting (whether through intent or incompetence) to tunnel all traffic over the VPN.
Split tunnelling is controlled by the VPN server, so you'd need to talk to the network admins at work to get this setup... assuming they just didn't know to do it - if it's corporate policy to capture all traffic then your next option is to not use either Safari or disable the VPN whenever you want to go to a non-company site.
I've heard some limited success in faking out the system by running dual VPNs and loading them in the 'right' order, overriding the routing tables to force split tunneling, but it's a lot of work, and fragile, so wouldn't recommend this unless you have a lot of time on your hands :)
Either way, it's something that should be brought to Fortinet's attention since they are likely the ones that need to fix it.
What does Safari say about it?
Safari should give SOME explanation as to why the page won't load - DNS error? security error? unresponsive server? something else? That will go a long way in troubleshooting.
The specifics of the VPN configuration may also come into play. Some VPNs are more than pure network gateways and they act as a proxy to insert themselves into the HTTPS stream to validate the URLs that you try to access. Because of the way HTTPS works, they try to fake the browser into thinking they are the destination site you're trying to access, but this trips Safari's security because it knows that the VPN server isn't really the site it says it is and it won't load.
Some VPN vendors are better than others in the way they implement this. I've heard complaints from Fortinet and CheckPoint users, but there are doubtless others.
Other browsers may work because either they're ignorant of the VPN/proxy (which is bad, since it technically is a man-in-the-middle attack), or they somehow integrate with it in a different way.
As for what to do about it?
Well, ideally the company VPN should be setup for split tunneling, so that only traffic destined for the company's network goes over the VPN, leaving other traffic to take its usual route. Some companies don't do this, though, opting (whether through intent or incompetence) to tunnel all traffic over the VPN.
Split tunnelling is controlled by the VPN server, so you'd need to talk to the network admins at work to get this setup... assuming they just didn't know to do it - if it's corporate policy to capture all traffic then your next option is to not use either Safari or disable the VPN whenever you want to go to a non-company site.
I've heard some limited success in faking out the system by running dual VPNs and loading them in the 'right' order, overriding the routing tables to force split tunneling, but it's a lot of work, and fragile, so wouldn't recommend this unless you have a lot of time on your hands :)
Either way, it's something that should be brought to Fortinet's attention since they are likely the ones that need to fix it.
Thanks Camelot!
The only reason I tried here, is because Google Chrome loads everything when I am on VPN so that's why I figured the issue would be between Forti and Safari.
I'll try reaching out to Forti as well.
Safari doesn't load any page over VPN
