Network Connectivity Challenges with macOS 15 'Sequoia'
Users of macOS 15, affectionately dubbed ‘Sequoia,’ are encountering network connection challenges when utilizing specific endpoint detection and response (EDR) solutions, virtual private networks (VPNs), and web browsers. Reports indicate that these issues dissipate upon deactivation of the aforementioned tools, suggesting a compatibility dilemma with the operating system’s network stack.
Discussions on platforms like Reddit reveal that users are particularly affected by problems with CrowdStrike Falcon and ESET Endpoint Security. Additionally, firewall configurations appear to be causing packet corruption, resulting in SSL failures within web browsers and hindering the functionality of command-line tools such as ‘wget’ and ‘curl.’ Apple unveiled Sequoia on September 16, touting it as “the latest version of the world’s most advanced desktop operating system.”
In a confidential bulletin obtained by BleepingComputer, CrowdStrike has cautioned its customers against upgrading to macOS 15. The advisory highlights significant alterations in the operating system’s networking structures, stating, “Due to changes to internal networking structures on macOS 15 Sequoia, customers should not upgrade until a Mac sensor is released that fully supports macOS 15 Sequoia.” Reports suggest that SentinelOne Support has echoed similar warnings regarding usability concerns with the new OS.
Users have also reported sporadic connectivity issues with Mullvad VPN and various corporate VPN solutions used for remote work. However, ProtonVPN appears to be functioning seamlessly with the latest macOS iteration. While Apple has yet to respond to media inquiries about these issues, BleepingComputer’s investigation into the macOS 15 release notes reveals that a feature within the operating system’s firewall has been deprecated, potentially contributing to the connectivity woes.
Application Firewall settings are no longer contained in a property list. If your app or workflow relies on changing Application Firewall settings by modifying /Library/Preferences/com.apple.alf.plist, then you need to make changes to use the socketfilterfw command line tool instead (124405935).
Google has also pointed to this modification as a source of complications in a recent Chromium bug report, indicating that adjustments are necessary for Google Chrome to effectively detect Mac firewall settings using ‘socketfilterfw’ instead.
Possible Solutions
ESET has issued guidance for users experiencing connection disruptions following their upgrade to macOS Sequoia. The recommendation involves navigating to System Settings > Network > Filters and removing ESET Network from the list. A system restart should restore network functionality while allowing the ESET product to operate normally.
Removing ESET from macOS’s filters
Source: ESET
It is important to note that this solution is applicable only to Endpoint Security version 8.1.6.0 and later, as well as ESET Cyber Security version 7.5.74.0 and later; older versions are not supported on macOS 15. Security researcher Wacław Jacek has proposed a temporary fix for firewall-related issues in a blog post, although users must apply this workaround for each application individually. Will Dormann has highlighted that the built-in firewall struggles with UDP traffic, leading to DNS failures in numerous instances, and has suggested a less-than-ideal approach of “poking holes” in the firewall to alleviate these restrictions.
Meanwhile, a spokesperson for Mullvad VPN has confirmed awareness of the issues their users are facing with the latest macOS release and assured that they are actively pursuing a resolution. “Our macOS developers are aware that Apple services are not fully functioning with the latest macOS 15 release,” they stated.
