Free Forticlient only support VPN features. For full endpoint control to manage your PC, this required paid version.
To block VPN, Proxy traffic in your network, you may use Application control. This is a good sharing from our fan: https://www.youtube.com/watch?v=l5crGRzytfs (Note: This is external link for your reference) You can block the category instead of specific application.
FortiGate can't block an endpoint from installing VPN software. It's a firewall/router/etc. not an endpoint agent doing compliance enforcement. At best you may try to block access to known websites that offer VPN software downloads (or block VPN-related keywords with webfilter), but that is a fool's errand since these installers can be served from any arbitrary server. You'll never catch them all. (and a laptop user could just download one when not connected through your FortiGate anyway)
What you could do is try to block VPN usage with Application Control. You could start by blocking the "Proxy" category (covers all VPN-related signatures), and then tweak further. Keep in mind that you may need to enable deep SSL inspection on everything if you need to be thorough in blocking. (this may become very taxing on the FortiGate performance, depending on the model and total throughput)
Ultimately, in my personal opinion, you'll achieve the best results by enforcing tighter control on the endpoints themselves - by blocking users from installing arbitrary applications, using some endpoint enforcement/protection software, etc.