If the host is capable of using Java, I'd say just use a web browser to access the web-based portal. AFAIK, you cannot use a third-party client to connect to the VPN in tunnel mode.
However, people often overlook the Java-based connection tools available within the web portal: VNC, SSH, RDP, RDP-Native (uses mstsc.exe on your local host, targeting a loopback address that Java is listening on), and especially Port Forward. None of these require a host address to be assigned to the connecting client.
For instance, with Port Forward, say you want to access a database application on a host behind the FortiGate at IP 10.0.0.2:333 (just a random example - I don't know the usual DB ports). You'd normally have to initiate a tunnel-mode connection, so the client application could communicate "directly" with the server. With Port Forward, you specify the target IP and port, as well as a listening port. Java will listen to this port (for example, 15555) and direct traffic to the FortiGate for processing. Within the client application, you would target: 127.0.0.1:15555.
Since I'm in support, I have to mention the caveat that there *may* be issues with this, as with anything else. But no one calls in when a feature works, so my perspective is a little skewed.
Christopher McMullan_FTNT wrote: But no one calls in when a feature works, so my perspective is a little skewed.
I like that! Around here, no one calls in when things don't work...until their higher ups bring the house down on them. Then it's "I called it in several times!".... Now it's my job to prove that they didn't call in...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.