Users can configure a custom file check to check the existence of a certain file in the target connecting machine before allowing an SSL VPN connection.  The configuration step is documented in the following document: FortiGate-powered host check for free VPN client 7.0.3

However, the documented steps would work for Windows hosts. For macOS, it should be configured as below:

config vpn ssl web host-check-software
    edit "mac_file_exist"
    set os-type macos
        config check-item-list
            edit 1
                set target "<file path to check>"
            next
        end
    next
end

config vpn ssl web portal
    edit "full-access"
        set host-check custom
        set host-check-policy "mac_file_exist"
    next
end

Once this is configured, FortiGate will perform a file check based on the MACoS file structure and permit the connection only if the client matches the condition specified in the custom host-check-software section.

Note:
Starting from v7.6.3, the SSL VPN tunnel mode will no longer be supported, and SSL VPN web mode will be called 'Agentless VPN'.