I am using a Fortigate 100D (Version: FortiGate-100D v5.6.9,build1673,190513 (GA)) and wish to force a scan of the computer/laptop (with Forticlient) OR/AND check if there are any security risks that still have to be resolved before they can connect over the SSL VPN. If the user is seen as a risk, the connection would not be possible. This is to make sure there will be no viruses on the computer/laptop when they connect over the SSL VPN.

I tried tackling this by using the 'Forticlient Compliance Profiles' but to no success, as the users who connect over the SSL VPN were not connected to the Compliance & Telemetry on their Forticlient.

To resolve this issue i tried (but I am not certain that this is even the right action to resolve this) to enable 'Allow Endpoint Registration' in the SSL-VPN Settings. If I tried this and saved I got a 'IP address is in same subnet as the others' error. Does there need to be a new separate address range configured when you allow the endpoint registration? If so, why exactly would this be?

First question;is this possible with the Fortigate?

Second question: if it is possible, is there any documentation on this so I can further investigate this? I did not seem to find any clear information on this besides what I have mentioned above, which i found in the forticookbook.

Thanks in advance.