Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate 100D scan before connection SSL VPN

I am using a Fortigate 100D (Version: FortiGate-100D v5.6.9,build1673,190513 (GA)) and wish to force a scan of the computer/laptop (with Forticlient) OR/AND check if there are any security risks that still have to be resolved before they can connect over the SSL VPN. If the user is seen as a risk, the connection would not be possible. This is to make sure there will be no viruses on the computer/laptop when they connect over the SSL VPN.


I tried tackling this by using the 'Forticlient Compliance Profiles' but to no success, as the users who connect over the SSL VPN were not connected to the Compliance & Telemetry on their Forticlient.


To resolve this issue i tried (but I am not certain that this is even the right action to resolve this) to enable 'Allow Endpoint Registration' in the SSL-VPN Settings. If I tried this and saved I got a 'IP address is in same subnet as the others' error. Does there need to be a new separate address range configured when you allow the endpoint registration? If so, why exactly would this be?


First question;is this possible with the Fortigate?


Second question: if it is possible, is there any documentation on this so I can further investigate this? I did not seem to find any clear information on this besides what I have mentioned above, which i found in the forticookbook.


Thanks in advance.

New Contributor

Seems to be interesting.


It can be done with EMS tags and ZTA. A brief explanation is shown on this video here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Top Kudoed Authors