I have been trying to reach all my users to update forticlient vpn, but it is not possible, as sometimes they do not even come to the office.
I was wondering if i could set some kind of blocking in Firewall if the user does not have forticlient beyond 7.0.1 version.
I know I could disable the user, but they must keep working and I have been told no to disable them. That is why this is the only thing that comes to my mind.
Thanks in advanced
So natively, you can use host check to block a SSL VPN connection if FortiClient-AV or FortiClient-FW is not installed.
But it sounds like this is not your intention. There is currently no way to disable connection based on FCT version, unless you tag each endpoint using classification tags manually and then apply the ZTNA tags to firewall rules with IP MAC based access control.
However, you can consider using other ZTNA tags to block your endpoint from connecting using this method:
