"Legacy System Extension" will be incompatible with a future version of macOS

Two of our staff have reported seeing a popup warning them that a "Legacy System Extension" will be incompatible with a future version of macOS. Now they are afraid to upgrade macOS and possibly not be able to connect by VPN.

We are running Firebox System Manager Version 12.6.1-B62167.

Comments

  • Which VPN type are you using?

    Perhaps this?
    macOS High Sierra requires kernel extension for Mobile VPN with IPSec client
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g2kHSAQ&lang=en_US

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @sysadmin_bfa
    If the customer is already on the latest version of MacOS X, they're likely seeing that related to Big Sir (which is the upcoming version.) An update to the SSLVPN and IPSec VPN apps are planned, but a final release candidate to test against hasn't yet been released by Apple. Apple is expected to release this soon.

    I would suggest against customers running beta software in production environments unless they are OK with the risks of incompatibility that come along with it.

    -James Carson
    WatchGuard Customer Support

  • edited November 2020

    Big Sur has been released. Do you know when we can expect a version of the SSLVPN client that is compatible? Even a beta version that we could test?

    For reference, both the OpenVPN client (OpenVPN Connect) and Tunnelblink say they support Big Sur. I'm not sure which one of these that Watchguard bases their client off of but I'm pretty sure that either one can be used to connect to a Firebox with minimal tweaking.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Dan_Schreck

    We expect to have a version released soon. Apple's release candidate generally differs a bit from what they release, so we have to run through a bit of testing.

    If you'd prefer to use one of those other clients, so long as it accepts an OVPN file, you should be set. See here:

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_ovpn_profile_c.html

    -James Carson
    WatchGuard Customer Support

  • Hi @James_Carson
    do you have any news about a new version of WatchGuard VPN that support Mac OS BIG SUR?
    Lots of people who cannot use any other Open VPN, are in trouble all over the country. Especially now that smartworking has been boosted by the pandemic.
    Do you have any idea about when it'll be released?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    HI @D_Lamberti88

    WatchGuard is currently working on a version specifically for the update. Unfortunately, since Apple doesn't provide a finalized release candidate (meaning developers don't see a finalized version of the OS until it's released to consumers.) This means it takes a bit longer for Mac releases than on other platforms. While I understand the urgency, I'd suggest waiting to move to the update until you're able to test and verify all required software works as needed for your users.

    -James Carson
    WatchGuard Customer Support

  • I have a few remote staffers that are on MacOS devices. Today, one of them reported that they had purchased a new MBP that delivered with Big Sur already aboard. Could you opine a possible delivery date for a gold version of the VPN client that is compatible?

  • > @symphonyspace said:
    > I have a few remote staffers that are on MacOS devices. Today, one of them reported that they had purchased a new MBP that delivered with Big Sur already aboard. Could you opine a possible delivery date for a gold version of the VPN client that is compatible?


    I’m more curious about long term plans as Apple finalizes their roadmap to end support for OpenVPN based solutions (which the WatchGuard SSL VPN is wrapped in) since they will be ending support TAP drivers relatively soon which is basically how OpenVPB based products function.,,

    https://tunnelblick.net/cTunTapConnections.html
  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Tristan_Colo Long term plans are to support the VPN clients that are built into MacOS.

    L2TP, IKEv2 and IPSec (IKEv1) can all be set up using the built in client in MacOS. There is less flexibility with those options as those tend to make a full tunnel by default.

    -James Carson
    WatchGuard Customer Support

  • @James_Carson said:
    @Tristan_Colo Long term plans are to support the VPN clients that are built into MacOS.

    L2TP, IKEv2 and IPSec (IKEv1) can all be set up using the built in client in MacOS. There is less flexibility with those options as those tend to make a full tunnel by default.

    I was more-so talking about the SSL VPN plans to make sure that we don't have to configure a new VPN setup just for Native VPN clients... if that is the route we have to go that's fine but that means a lot of time retraining end users on how to configure VPN clients...

  • Complain to Apple about this...

  • @James_Carson Do we have an update on this? Our client is using SSL VPN on a Macbook and is getting this as well.

Sign In to comment.