When FortiClients are managed by EMS, changes cannot be made directly on the FortiClient console. Changes need to be pushed by the administrator from EMS.

If FortiClient is managed by EMS, the settings options will be grayed out, and no settings can be changed unless pushed by the EMS administrator:

To enable DTLS through EMS, navigate to Endpoint Profiles -> Remote Access to select the profile that is used by the client. Many remote access settings can be changed directly under the Basic and Advanced tabs through the GUI, but there is no option to change DTLS settings directly on the EMS GUI.

This change needs to be under the XML configuration tab. Add the line below under the <sslvpn><connections><options> section:

<preferred_dtls_tunnel>1</preferred_dtls_tunnel>

The value '1' will enable the DTLS option on FortiClient using that specific endpoint profile.

Once the change is made, the update will be pushed in the next sync update.

Starting with FortiClient EMS version 7.2.2, this option can be configured directly from the 'Advanced' tab as below.