Hi guys, I come in search your help. 

I'll explain in more detail what are the points that I need to make sure of.

- Traceability: Currently users are connecting to the SSL VPN through the FortiClient, which validates the user against the indicated LDAP. Each LDAP user is located within a group in the fortigate, and each group has an assigned profile.

Each group is assigned to a VPN_Portal, so from there we indicate that the users belonging to that group only have access to X subnet. The problem with this is that the LOGs show us which group the user belongs to, but the user shows it as ANONYMOUS.

- FortiClient: 1) Is it possible to indicate that the clients that connect have a minimum version of Forticlient? As I understand from Minimun FortiClient, this is specified.

2) Is it possible to force the update of the DB before / after the client connects to the VPN?

3) Is there a way to run a mandatory scan on the client's PC before it connects to the VPN?

4) To disable options that we do not want the user to modify, is it only possible from the Forti EMS? I know that you can also create an executable by embedding an XML, or that it is also possible to restore a CFG; But the options are not valid in our case because it is very difficult to force the client to download a certain executable, and less than force it to restore a CFG before connecting. Certainly if we could force the user to download a certain executable, but we should ensure that from the Fortigate validate that the user has the version provided by us.

Thank you very much for the help!