Hello my fellow Fortimaniacs,
Is it possible to check if a certain AV program (for example looking at a registry value) is running on a client endpoint and prevent the dial up connection if it is not? I know that it possible on SSL VPN but I cannot find any documentation regarding IPsec VPN dial up connections.
Not possible for IPsec.
I believe the only way to achieve this with IPSec VPN is by using the Zero Trust Tags via EMS. However, I’m not sure how stable it is since EMS isn’t really dependable yet.
I have to agree to this regarding EMS. I read about the tags and was wondering if there is any other way. Thanks for the input 
NAC can do this, but not the built in mini NAC on FortiGate. FortiNAC can do this, but it uses a dissolvable agent software to do it. Those checks aren’t built into the IPSec protocol.
Trying to look for a solution with the current setup (and costs 
). Thanks for info though 
EMS tags would be your only real bet then. ZTNA time for you, it seems like.
Or go nuts and setup an SSL VPN 
Well we will see.