When trying to connect to the SSL VPN, the FortiClient stops at 48% and throws the error 'credential or SSLVPN configuration is wrong. (-7200)', as shown below:

Running debug commands for fnabmd shows the authentication is successful, which suggests that the credentials are correct. However, the debug output for SSL VPN still shows the error 'Tunnel not support'.

Run the following SSL VPN debug commands:

diagnose debug disable

diagnose debug reset

diagnose debug application sslvpn -1

diagnose debug application fnbamd -1

diagnose debug enable

The results should show the following:

This is because in v7.6.3, SSL VPN tunnel mode has been removed. As of v7.4.5 and v7.6.1, auto-upgrade is enabled for FortiGate firmware by default. FortiGate can either be manually or automatically upgraded to v7.6.3, and if the firmware is upgraded to v7.6.3, the SSL VPN tunnel mode will no longer work. 

The solution is to migrate to IPsec VPN and use IPsec instead of SSL VPN. To migrate to IPsec, see 'Migration from SSL VPN tunnel mode to IPsec VPN 7.6.3 - FortiGate 7.6.0 documentation'

If migration cannot be performed, the FortiGate can be rolled back to the version before the upgrade as a short-term workaround. For instructions, see Technical Tip: Selecting an alternate firmware for the next reboot

execute set-next-reboot secondary

execute reboot

After downgrading, make sure to disable the auto firmware upgrade to avoid upgrading automatically again to v7.6.3 while preparing to migrate to IPsec VPN. To disable automatic upgrading for the time being, see How to disable automatic firmware upgrades on FortiGates

Related article: 

SSL VPN tunnel mode replaced with IPsec VPN

Migration from SSL VPN tunnel mode to IPsec VPN 7.6.3

Technical Tip: Selecting an alternate firmware for the next reboot

Technical Tip: How to downgrade in case of SSL VPN removal after automatic upgrade to v7.6.3

Technical Tip: How to disable automatic firmware upgrades on FortiGates