Description
This article explains how to activate the 'Save Password', 'Auto Connect' and 'Always Up' options in FortiClient.
Scope
FortiGate.
Solution
The 'Save Password', 'Auto Connect', and 'Always Up' options in FortiClient depend upon the VPN (IPsec) or SSL VPN configuration of the FortiGate device. These can be enabled from the CLI as shown below.
For SSL VPN:
config vpn ssl web portal
edit [portal_name_str]
set auto-connect enable
set save-password enable
set keep-alive enable
end
For IPsec:
config vpn ipsec phase1-interface
edit [vpn name]
set save-password enable
set client-auto-negotiate enable
set client-keep-alive enable
end
end
Note:
*. vpn auto-connect/always-up features are not supported in the FortiClient 6.2.X onwards for the free version.
- In some cases, when setting the client auto negotiate option and client-keep-alive option, it is possible to encounter the following error:

- This is due to the unity-support option; unity-support: Enable/disable support for Cisco UNITY Configuration Method extensions.
- To resolve this problem unset the unity-support option and then it is possible to successfully set the keep alive and auto-negotiate options.

Note:
The following features are not supported in the FortiClient 6.2.X - 7.0.2 v free versions:
- VPN auto-connect/always-up.
- VPN before logon.
- On-net/off-net.
- Host check features.
- Central management
- No feedback option & no diagnostic tool under help/info page.
- IKEv2 is not supported on FortiClient 6.2.x free version.
- TAC support.
Note:
v5.0 up to v6.4 are out of engineering support. These commands might be different on higher versions. Consider upgrading the firmware level on the device to a supported version (v7.0 up to v7.6). Her,e check the firmware path and compatibility depending on the hardware.
Related documents:
Technical Tip: FortiClient licensing and support
Configuring autoconnect with username and password authentication