macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15 ‘Sequoia’ are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers.

The issues are resolved when these tools are deactivated, indicative of incomptibility issues with the network stack.

Impacted users on Reddit are describing problems with CrowdStrike Falcon and ESET Endpoint Security, as well as firewalls causing packet corruptions leading to SSL failures in the web browsers or inability to use ‘wget’ and ‘curl.’

Apple released Sequoia on September 16th, describing it as "the latest version of the world’s most advanced desktop operating system."

In a non-public bulletin seen by BleepingComputer, CrowdStrike has advised customers not to upgrade to macOS 15 because of changes in the operating system's networking structures.

"Due to changes to internal networking structures on macOS 15 Sequoia, customers should not upgrade until a Mac sensor is released that fully supports macOS 15 Sequoia," reads the customer-only CrowdStrike bulletin.

Reportedly, SentinelOne Support also warned users not to upgrade to macOS Sequoia just yet, due to usability issues discovered recently.

People have also reported intermittent connectivity issues with Mullvad VPN and also corporate VPN products they use for remote work, though ProtonVPN is reportedly working fine with the latest macOS release.

While Apple has not responded to press requests regarding the issues, BleepingComputer has found that the macOS 15 release notes show that a feature in the operating system's firewall has been deprecated, which may be causing the issues.

 
Application Firewall settings are no longer contained in a property list. If your app or workflow relies on changing Application Firewall settings by modifying /Library/Preferences/com.apple.alf.plist, then you need to make changes to use the socketfilterfw command line tool instead (124405935)

Google also points to this change as causing issues in a recent Chromium bug report, where they say they need to change how Google Chrome detects Mac firewall settings to use 'socketfilterfw' instead.

Possible solutions

ESET has issued an advisory for those facing connection losses after upgrading to macOS Sequoia, suggesting that users should navigate to System Settings > Network > Filters > and remove ESET Network from the list.

After restarting the system, the network connection should be functional with the ESET product running normally.

The security vendor also noted that this only works on Endpoint Security version 8.1.6.0 and later, and ESET Cyber Security version 7.5.74.0 and later, as anything older isn’t supported in macOS 15.

Security researcher Wacław Jacek offered a temporary solution to resolve firewall-induced problems in a blog post, but users need to apply it for each app they use.

Will Dormann highlighted the problem of the built-in firewall not handling UDP traffic properly, causing DNS failures in many cases, and offered a less than ideal solution of “poking holes” in it to lift the troublesome limitations.

Meanwhile, a Mullvad VPN spokesperson told us that they are aware of the issues their users are facing in the latest macOS release and are actively working towards a solution.

“Our macOS developers are aware that Apple services are not fully functioning with the latest macOS 15 release. They are looking into this as we speak.” – Mullvad VPN spokesperson

If you use EDR security products, VPNs, or rely on strict firewall configurations, it would be advisable to postpone moving to macOS 15 for a while until the problems are addressed.