Optionally, you can require that users’ devices have FortiClient Endpoint Security software installed. The software provides FortiOS more detailed information about the applications being used. FortiOS pushes a FortiClient profile out to the FortiClient software, configuring network protection such as antivirus, application control, and web category filtering. Devices without an up-to-date installation of FortiClient software are restricted to a captive portal from which the user can download a FortiClient installer.

If you have already created an ACCEPT rule for particular device groups, you simply edit this rule and enable Compliant with Endpoint Profile. Then select the device policy option that directs FortiClient-compatible devices to a captive portal.

For more information, see “Endpoint Protection”.