Done this in the past with previous versions. Use the FortiClientVPNConfiguration tool to build the transforms.mst and roll it out. However that doesn’t work with the latest version.
So googled around and obtained the latest SSL VPN .msi and tried via transforms and also .reg import for the SSL VPN settings. Both is not working for me currently using latest .msi SSL VPN installer.
Im sure I am doing something wrong. Whats the process to do this now?
Hello
I believe they have removed this possibility since they created fortiEMS
Unless I am mistaken, it is no longer possible now
Possible that with older versions of forticlient but I don’t know.
FortiClient VPN stores all settings as registry keys, so it should be real simple to install then import registry (assuming Windows install, since you’re taking .msi)
If I remember or if someone reminds me, I can post a redacted registry key that I use for my clients
Thanks for the reply. That would be sad news. I did see people are rolling out what looks to be the latest version via inTune however. Ideally I would also be using intune for this. Can’t right now though.
Edit: I am going to see if this works:
2nd Edit: The below works. Its not formally supported but it works fine.
This is what I use. Works and tested.
Download the installer and start the install. Grab the msi it extracts from the exe (I think it puts it into %temp% if I recall) and copy it somewhere else. Complete the install.
Configure all the VPN settings the way you like and save the profile. Dig through your registry for the key that represents the profile and export the entire hive.
Go to https://reg2ps.azurewebsites.net/ and paste the contents of the reg file and click “create remediation script”. Save the script
package the installer msi from step 1 using intune package utility and deploy it as a vanilla win32 package msi with default switches/settings.
Package the powershell script from step 3 using intune package utility and deploy as win32 package with install syntax “powershell -executionpolicy bypass -file myregkeyscript.ps1”. Use just “cmd /c” as your uninstall command. For “detection” use one of the keys it will create as part of the install
Make the reg key package dependent on the msi package, and assign the MSI to users/groups of your choice.
Trying to deploy the exe directly, trying to script the config using FTG cli, both failed for me.
I got this sorted now, thanks very much. I replied to the other posted just now with an edited post on the steps completed which worked.
If you got a sec to share your registry setup, that’d be super cool 
i might not be the original guy, nor is this intune, but it’s powershell and might help:
# Forticlient Profile Settings
$fcprofilename = "ProfileName"
$fcprofiledesc = 'Profile Description'
$fcprofileserver = 'server-to-connect.to'
$fcpath = "" + $pathinstfolder + "\forticlient.exe"
$fcr = 'REBOOT=ReallySuppress'
Start-Process -Wait -FilePath $fcpath -ArgumentList '/qn', $fcr
# Install VPN Profiles
$fcpathreg = "HKLM:\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\" + $fcprofilename + ""
if ((Test-Path -LiteralPath $fcpathreg) -ne $true) {
New-ItemProperty -LiteralPath $fcpathreg -Name 'Description' -Value $fcprofiledesc -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $fcpathreg -Name 'Server' -Value $fcprofileserver -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $fcpathreg -Name 'promptusername' -Value 1 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $fcpathreg -Name 'promptcertificate' -Value 0 -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath $fcpathreg -Name 'ServerCert' -Value '1' -PropertyType String -Force -ea SilentlyContinue;
}
else {
Write-Outputn "Profile already exists, skipping..."
}
glad to be of help
please check if it still works whenever you update FortiClient though.
I’ve had a few old versions break it for no apparent reason, it got set in the registry correctly, but since then i had to atleast open the settings and save them in the FortiClient GUI once to “be recognized” and work as it should