There are lots of confusion about Licensing Terms of FortiClient. All FortiGate appliances are bundled with 10 free license of managed Forticlient that performs "Compliance Check". If you go beyond 10, then additional license must be purchased. However, if you are using Forticlient for the purpose of VPN alone (without Compliance Check), then you don't require additional license. Here is the
Generate a CSR and Install an SSL/TLS Certificate on Navigate to Import > CA Certificate, browse to the intermediate certificate bundle (ca-bundle-client.crt), and click OK. Configure Fortigate to use your new SSL/TLS certificate. Navigate to VPN > SSL > Settings, then select your SSL/TLS certificate from the Connection Settings section of the Server Certificate drop-down menu. Finished! Fortinet Knowledge Base - View Document This article describes how to configure a MAC host check on SSL VPN. When a remote client attempts to log in to the portal, the FortiGate unit can be configured to check against the client’s MAC address to ensure that only a specific computer or device is connecting to the tunnel. This can ensure better security in case a password be compromised. Fortinet SSL VPN configuration tips - Networking - Spiceworks
Fortinet Knowledge Base - View Document
FortiGate ssl vpn & client integrity check Greetings ~ I've seen another post where someone using a 3rd party to control their Fortigate apparently couldn't get the SSL VPN to do a client integrity check - make sure the OS is patched to date and has an updated AV running.
Configuring the SSL VPN tunnel. To configure the SSL VPN tunnel, go to VPN > SSL-VPN Settings.; Set Listen on Interface(s) to wan1.To avoid port conflicts, set Listen on Port to 10443.; Set Restrict Access to Allow access from any host. Optionally, set Restrict Access to Limit access to specific hosts and specify the addresses of the hosts that are allowed to connect to this VPN.
May 31, 2018 Setup Forticlient Remote Access VPN in FortiGate Firewall Sep 24, 2018 Troubleshooting FortClient VPN Connectivity Issues with