Note: This feature currently only works to configure the FortiClient VPN mobile app.

Under SSL VPN settings select 'Send SSL-VPN Configuration':

Fill in the appropriate information. It is also possible to use SMS to send the configuration but this requires an additional license.

Choose the correct Recipients. Other emails can be added as well.

Edit SSL-VPN Provision User Email to customize the message (if needed). The default email looks as follows:

Once the email has been received, users can either visit the link or scan the QR code from FortiClient Mobile App to setup the VPN connection.

Troubleshooting:

If the email is not received, run the following debug commands:

diagnose debug reset
diagnose debug application alertmail -1
diagnose debug enable

diagnose debug disable <----- Use when the desired information has been captured.

Note: Starting from FortiOS 7.6.0, SSL VPN will deprecated and removed from FortiGate 2GB RAM models for tunnel and web mode.

Reference: SSL VPN removed from 2GB RAM models for tunnel and web mode - FortiOS 7.6.0 release notes.

Starting from FortiOS 7.4.8, FortiGate G-Series Entry-Level models—including 50G, 70G, 90G, and their variants—the SSL VPN web and tunnel mode features will be removed from both the GUI and CLI. Existing configurations from previous versions will not be retained during upgrade.

Reference: SSL VPN not supported on FortiGate G-series Entry-Level models.

Starting with FortiOS 7.6.3, FortiGate with higher RAM will transition the VPN tunnel mode feature to IPsec VPN over TCP, offering enhanced security and functionality.

Reference: SSL VPN tunnel mode replaced with IPsec VPN.

Follow the steps in this article to migrate from SSL VPN to IPSec Dial UP or ZTNA:

Reference: Migration from SSL VPN tunnel mode to IPsec VPN.
Reference: SSL VPN to ZTNA Migration Guide.

For further information on configuring the FortiGate alert email settings, see Technical Tip: How to configure alert email settings.