Optionally, you can require that user’s devices have FortiClient Endpoint Security software installed. The software provides FortiOS more detailed information about the applications being used. FortiOS pushes its endpoint profile to the FortiClient software, configuring network protection such as antivirus, application control, and web category filtering. Devices without an up-to-date installation of FortiClient software are restricted to a captive portal that provides links from which the user can download a FortiClient installer.

If you have already created an ACCEPT rule for particular device groups, you simply edit this rule and enable Compliant with Endpoint Profile. Then you add a second rule that sends the same devices to the Enforce FortiClient Compliance captive portal. Devices lacking the required FortiClient software arrive at this policy because they do not match the preceding policy.