Seems we have a ‘free’ version. What’s the least expensive upgrade? Users are complaining want their anyconnect back. Does it get applied to the fortigate or per user install ? Is it still the FC “vpn only” software or it requires full version?
If I’ve understood you correctly - you want to run always on VPN but using the free client at present.
The cheapest option, assuming you already have a server to run the EMS server, is the FC EMS ZTNA/VPN onprem license. You have to buy minimum 25 at a time, and they are valid for a set number of years. Yes, you’ll need to use the normal client instead of the VPN only one.
The license is per managed endpoint. In fact the EMS server doesn’t even need to talk to your FortiGate for a simple deployment but you can do more stuff (e.g. ZTNA) if you do connect it up.
Here’s the 12 month SKU - FC1-10-EMS04-428-01-12
Try again please, what’s exactly the issue, what do you want to achieve, SSL VPN or IPSec, what troubleshooting have you done, etc.
The free client VPN works fine for many customers but you don’t get support. We can try to help but need some actual data
FC1-10-EMS04-428-01-12
i have been debating about moving to the FortiClient VPN/ZTNA Agent Subscription for 25 endpoints. Includes EMS hosted by FortiCloud with FortiCare Premium but have not taken the dive yet.
If i was to purchase the cloud version then i believe i would just need to follow
https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/185333/forticlient-ems
and then as you indicated i would need to use the full version of forticlient and not the free VPN only version.
3rd party SAAS manages the fortigate device, having replaced an ASA for SSL VPN. 2 days in and users are complaining about frequent disconnections, having to open the fc app and manually hit the connect button again, and I note ‘always up’ feature says it’s a paid function.
Did u check your session time out for ssl vpn
Frequent disconnections can usually be fixed with configuration.
The major exception is if clients change IP addresses. FortiClient cannot resume a tunnel over IP address change, whether you use ipsec or SSL.
That is the one major disadvantage compared to competitors.