macOS Client
Firezone supports macOS with a native client available both in the Mac App Store and as a standalone distributable.
Prerequisites
- macOS 13 or higher
- Intel x86-64 or Apple Silicon CPU architecture
Installation
Firezone distributes the macOS client in two ways: through the Mac App Store and as a standalone download.
If you're looking for the easiest way to install and manage Firezone on your Mac, use the App Store version.
If you want the ability to rollback to an earlier release or install the client without an Apple account, use the standalone version.
- Download the Client from the Mac App Store.
- Click
Openin the App Store. - Click
Enable System Extensionin the window that appears. - Click
Open System Settingsin the dialog that appears. - Toggle the switch next to
FirezoneNetworkExtensionto enable the system extension. - Click
Done. - Click
Grant VPN Permission. macOS will show a dialog saying,"Firezone" Would Like to Add VPN Configurations. - Click
Allow. - The
Welcome to Firezonewindow will open.
Firezone is now ready for use.
- Download the Client
- Open the downloaded
.dmgfile. - Drag the Firezone icon to the Applications folder.
- Open the Applications folder and double-click the Firezone icon.
- Click
Enable System Extensionin the window that appears. - Click
Open System Settingsin the dialog that appears. - Toggle the switch next to
FirezoneNetworkExtensionto enable the system extension. - Click
Done. - Next, click
Grant VPN Permission. macOS will show a dialog saying,"Firezone" Would Like to Add VPN Configurations. - Click
Allow.
Firezone is now ready for use.
Switching between App Store and Standalone
If you have the App Store version installed and want to switch to the standalone version (or vice versa), follow these steps:
- Quit the Firezone Client.
- Uninstall the Firezone Client by dragging it to the Trash and emptying the Trash.
- Reboot your Mac. You must reboot your Mac to ensure the system extension is removed to prevent conflicts.
- Install the desired version using the instructions above.
Note: This will reset any changes you've made to the client settings, so be sure to configure them again if needed.
Usage
Signing in
- In the menu bar, click the crossed-out Firezone icon and click
Sign In. macOS will show a dialog saying,“Firezone” Wants to Use “firezone.dev” to Sign In. - Click
Continue. Firezone will open a sign-in page. - Select your account and sign in. The Firezone icon should no longer be crossed out.
Accessing a Resource
When Firezone is signed in, web browsers and other programs will automatically use it to securely connect to Resources.
To copy-paste the address of a Resource:
- In the menu bar, click the Firezone icon to open the status menu.
- Open a Resource's submenu and click on its address to copy it.
- Paste the address into your browser's URL bar and press Return.
Quitting
- In the menu bar, click on the Firezone icon to open the status menu.
- Click
Disconnect and QuitorQuit.
When Firezone is not running, you can't access private Resources, and the computer will use its normal DNS and Internet behavior.
If you were signed in, then you will still be signed in the next time you start Firezone.
Signing out
- In the menu bar, Click on the Firezone icon to open the status menu.
- Click
Sign out.
When you're signed out, you can't access private Resources, and the computer will use its normal DNS and Internet behavior.
Upgrading
See Upgrade Firezone to keep the Client up to date.
Diagnostic logs
See Diagnostic logs for where logs are stored and how to export them.
Uninstalling
To remove the Firezone Client, see Uninstall Firezone.
Troubleshooting
For Client troubleshooting, see the troubleshooting guide and select the macOS tab.
Known issues
- Authentication will not use Firefox even if it is the default browser: Firezone will not use Firefox for authentication on macOS even if it is the default browser. This is due to Firefox's lack of support for Apple's WebAuthenticationSession API. To work around this issue, use Safari or Chrome for authentication.
- Cloudflare WARP client conflicts with other VPN apps: The Cloudflare WARP client may interfere with Firezone's ability to initialize its tunnel interface or resolve DNS resources. Ensure the Cloudflare WARP client is disabled completely or uninstalled to prevent these issues.
- SentinelOne agent can block DNS queries: The SentinelOne agent for macOS
may interfere with Firezone's ability to successfully forward and reply to DNS
queries made by applications on macOS. The symptom when this occurs is that
all DNS queries on the system will fail, not just those that match the DNS
Resources you have in your account. The issue seems to mainly be present on
x86_64systems only. See this issue for more information: #6768.
Need help? See all support options.