This article provides the current state of support for FortiClient on ARM-based devices (as opposed to devices with x86-64-based processors from AMD/Intel). For Windows users in particular, an additional workaround option is also discussed.

• At the time of this writing (Mid-February 2025), Windows FortiClient does not have a native binary available for ARM64-based processors (only x86-64 is supported at this time).
  • There is ongoing work to produce an ARM-native version of Windows FortiClient soon (possibly in a later revision of FortiClient 7.4), but it is currently not available.
  • However, there IS an SSL VPN only workaround option available via the Microsoft Store version of FortiClient (see further below for details).
• Update: At the time of this writing (2025-03-06), the upcoming FortiClient v7.4.3 is scheduled to add support for native ARM-based Windows and Linux.
• Another update: As of March 20, 2025, FortiClient for ARM architecture (FortiClientVPNSetup_7.4.3.1790_ARM64.exe) has been published on the Fortinet Support Portal.

• If the current FortiClient installers are run on ARM-based Windows 11 then the following error can be observed:

• macOS FortiClient currently supports Intel-based x86-64 processors, and it also supports Apple's ARM-based processors (for example the Apple Silicon M1 and M2) as of FortiClient v6.4.4, v7.0.0, and all later.
  
• Linux FortiClient currently supports x86-64 at this time. There is currently no support for ARM-based Linux FortiClient, though there are plans in the future to produce an ARM-native version.

Per the above update, FortiClient 7.4.3 is scheduled to add support for ARM-based Linux.

For the latest information on supported CPU architectures for FortiClient, check out the specific release notes for the operating system:

• Forticlient Windows Release Notes
• FortiClient Mac Release Notes
• FortiClient Linux Release Notes

Each document provides detailed information for the latest FortiClient version.

Windows FortiClient workaround (Microsoft Store).

On the Microsoft Store, there is a version of FortiClient available that adds Fortinet SSL VPN support to Windows' native VPN client (for example Settings -> Network & Internet -> VPN). Notably, this Microsoft Store version does support ARM-based Windows in addition to x86-64, though it has a reduced feature set compared to the full version of FortiClient (only allows SSL VPN connections, FortiToken 2FA is supported but no SAML support).

Note:

There is no technical support offered for this application, nor does it integrate with FortiClient EMS.

To install and configure the Microsoft Store version of FortiClient: 

1. Open the Microsoft Store, then search for 'FortiClient'. Select the Get button to install the application.

2. Open the Windows Settings application, then go to Network & Internet -> VPN. Select 'Add a VPN connection':

3. Select FortiClient instead of Windows (built-in) as the VPN provider, then assign a Connection name:

4. Provide a Server name or address (this being the IP address or FQDN that will be used to connect to the FortiGate SSL VPN) and select the Save button. Custom ports can also be added with a colon(:) after FQDN or IP address. For example https://fortiddns.com:8443.

Note:

If trying to open the FortiClient application that is downloaded then it will ask that to go to the Windows Settings instead. However, it does have some modifiers for the Server name or address field that are useful (see further below).

5. Once the VPN is configured, select the Connect button to start the connection. Windows should prompt for username/password credentials, and with the correct credentials, the VPN should connect successfully.
   
   

Regarding Server name or address:

• The URL used for the Server name or address should follow the typical URL format (https://<domainname>.<tld>:<port number if not 443>).
• There are some additional options for the URL that are available:
• https://vpn.domain.com:10443?ice=1 (using ice=1 tells Windows to ignore server certificate errors).  
• https://vpn.domain.com:10443?ice=1&cert= (using cert= enables the client to select and provide a local certificate to the FortiGate for authentication).
• https://vpn.domain.com:10443?cert=&nup=1 (nup=1 disables username/password support. Useful for PKI/certificate-only authentication).
• https://vpn.domain.com:10443/<name of realm>?ice=1 (adds support for SSL-VPN realms. Replace <realmname> with the name of the SSL VPN realm).

Alternative.

If this does not work and VPN connectivity is required between the ARM device to FortiGate, L2TP VPN can be configured. Note that L2TP VPN in this case is a Full Tunnel VPN and NOT a Split Tunnel. This means that all traffic including Internet-related traffic will be routed through the L2TP tunnel. 

It is possible to disable Full Tunneling and convert the tunnel to Split Tunnel. This is done either on the local PC, or globally on the FortiGate.

• To disable it locally on the PC, follow this KB article: Technical Tip: How to enable split-tunneling in W... - Fortinet Community.
• To disable the FortiGate globally, follow this KB article: Technical Tip: Split tunneling on L2TP/IPSEC VPN between FortiGate and Windows 10.

Related documents:

• Technical Tip: How to configure L2TP using interface/route based IPsec VPN 
• L2TP over IPsec