I am using a Fortigate 100D (Version: FortiGate-100D v5.6.9,build1673,190513 (GA)) and wish to force a scan of the computer/laptop (with Forticlient) OR/AND check if there are any security risks that still have to be resolved before they can connect over the SSL VPN. If the user is seen as a risk, the connection would not be possible. This is to make sure there will be no viruses on the computer/laptop when they connect over the SSL VPN.
I tried tackling this by using the 'Forticlient Compliance Profiles' but to no success, as the users who connect over the SSL VPN were not connected to the Compliance & Telemetry on their Forticlient.
To resolve this issue i tried (but I am not certain that this is even the right action to resolve this) to enable 'Allow Endpoint Registration' in the SSL-VPN Settings. If I tried this and saved I got a 'IP address is in same subnet as the others' error. Does there need to be a new separate address range configured when you allow the endpoint registration? If so, why exactly would this be?
First question;is this possible with the Fortigate?
Second question: if it is possible, is there any documentation on this so I can further investigate this? I did not seem to find any clear information on this besides what I have mentioned above, which i found in the forticookbook.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.