FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Article Id 191629
This article explains how to access features for FortiClient users when the Mode config option is disabled on a dialup client-to-site IPSec VPN tunnel.
Forticlient IPSec tunnel configuration.

Expectations, Requirements
- Forticlient with IPSec VPN configuration used to connect to Fortigate

- Mode-config option is disabled the IPSec tunnel on Fortigate side.

The solution is to enable these features from Forticlient side by editing the tunnel settings from Forticlient configuration.

1) Download Forticlient configuration backup (XML file) from Forticlient settings.

2) Open the file using a text editor (NotePad++).

3) Search for the IPSec tunnel name.

4) Change the values of the features that should be enabled to 1.

5) Example of editing the IPSec tunnel (IPSEC_TUNNEL_1) The options are in bold text. Other irrelevant parts of the configuration are removed for simplicity: