FortiClient / ZTNA is Fortinet endpoint software for protecting devices and controlling secure access to applications in hybrid workforce environments. It combines ZTNA, VPN and endpoint protection to give IT teams endpoint visibility and policy control, helping them make access decisions based on device state and reduce risk.
As access expands across remote users, private applications and managed devices, organisations need endpoint posture, visibility and policy control before granting trust.
FortiClient / ZTNA is a modular endpoint agent for protection, compliance and secure access on major desktop and mobile operating systems. It supports ZTNA, VPN, endpoint protection and telemetry, and fits into the Fortinet Security Fabric for coordinated control across the endpoint and access stack.
On managed endpoints, FortiClient reports device status and security telemetry into the fabric so policy can reflect current risk. For private application access, it supports ZTNA so users reach specific apps rather than broad network segments. For traditional remote access, it provides SSL and IPsec VPN integration with FortiGate.
This gives security and operations teams a clearer basis for access decisions because device state is part of the policy model, not an afterthought. Vulnerability and patch visibility also help teams identify weak endpoints before sensitive access is allowed, supporting compliance enforcement and more consistent control.
If you are evaluating FortiClient / ZTNA for endpoint control, secure access or fabric integration, our team can help you assess fit and deployment priorities.
FortiClient / ZTNA is a modular endpoint agent for hybrid workforce environments that combines endpoint protection, secure access, and telemetry to help teams enforce policy and control access from the device.
Zero Trust Application Access
FortiClient / ZTNA provides application-specific access based on user and device posture, helping security teams replace broad network access with controlled access to protected resources.
Remote User VPN Access
The endpoint agent supports VPN connectivity for users who need encrypted access into private networks while keeping remote sessions managed through the same endpoint software.
Endpoint Protection and Telemetry
It runs on major desktop and mobile operating systems to deliver endpoint protection and telemetry that can feed visibility and policy decisions across the security environment.
Vulnerability Assessment
The platform includes vulnerability assessment to surface endpoint risk before sensitive access is granted, supporting security checks for devices that connect to critical applications.
Managed Device Compliance Enforcement
FortiClient / ZTNA helps teams confirm endpoint compliance before users connect, supporting controlled access for managed devices in regulated or sensitive environments.
Fortinet Security Fabric Integration
It integrates with FortiClient EMS, FortiGate, FortiSASE, FortiAuthenticator, and FortiAnalyzer so endpoint posture, user identity, and access policy can be coordinated through the Security Fabric.
URL Filtering Control
URL filtering extends endpoint policy enforcement by helping organisations apply access controls to web destinations as part of a broader security posture.
If you need to align endpoint posture, zero trust access, and VPN control across a hybrid workforce, our Fortinet experts can help shape the right FortiClient / ZTNA deployment approach.
Used on managed endpoints, FortiClient runs as the endpoint agent that gathers device status, security telemetry and posture data, then feeds it into the Fortinet Security Fabric for central visibility and policy control. Its integration with FortiClient EMS, FortiGate and FortiAnalyzer makes it well suited to teams that need to monitor endpoint health, correlate events and enforce consistent protection across desktops and mobile devices.
FortiClient is suited to Zero Trust application access because it supports Fortinet ZTNA, allowing users to reach approved private applications without being placed on broad network access. Deployed on major desktop and mobile platforms, it provides the endpoint posture data and access workflow needed to enforce application-level policy through FortiGate, FortiSASE and the wider Security Fabric.
For traditional remote connectivity, FortiClient provides SSL and IPsec VPN access that works with FortiGate firewalls, making it a practical endpoint client for employees connecting back to corporate resources. This fits organisations that still need controlled tunnel-based access alongside modern zero trust controls, with a single agent handling secure connectivity on supported desktop and mobile operating systems.
FortiClient supports vulnerability and patch visibility by assessing endpoint vulnerabilities and software status, giving security teams the data they need to review compliance and prioritise remediation. Because this telemetry can influence Fortinet access and policy decisions, it is especially useful where patch posture must be checked before users are allowed to connect to sensitive applications or networks.
FortiClient is designed for Fortinet Security Fabric integration, acting as the endpoint agent that shares posture, identity and telemetry with FortiClient EMS, FortiGate, FortiSASE, FortiAuthenticator and FortiAnalyzer. This coordinated model suits organisations that want endpoint, firewall and SASE controls to use the same context for access policy, visibility and response.
Used for managed device compliance enforcement, FortiClient reports endpoint posture so FortiGate or ZTNA policy can allow, limit or block access based on device state. That makes it suitable for access workflows where compliance is checked at the point of connection, helping teams enforce security requirements across corporate-managed endpoints before applications are granted.
FortiClient runs on major desktop and mobile operating systems to deliver endpoint protection, VPN, ZTNA and telemetry across user devices.
Integrates with FortiClient EMS for central endpoint management, posture checks and telemetry collection across managed devices.
Connects with FortiGate firewalls to provide SSL and IPsec VPN access for secure remote connectivity into private networks.
Supports Fortinet ZTNA for application-specific access, so users reach approved apps instead of broad network segments.
Feeds endpoint status, user context and security telemetry into the Fortinet Security Fabric for coordinated policy decisions.
Integrates with FortiSASE, FortiAuthenticator and FortiAnalyzer to align access policy, identity and security analytics.
FortiClient VPN Only is a free client for IPsec and SSL VPN access to FortiGate, providing basic remote connectivity without central management, posture checks, ZTNA or endpoint protection.
FortiClient ZTNA Edition is licensed per managed endpoint through FortiClient EMS and adds central management, ZTNA access, endpoint vulnerability scanning and basic compliance for the Security Fabric.
FortiClient EPP / EDR Edition is a per-endpoint subscription that includes all ZTNA Edition functions and adds endpoint protection, AntiExploit, sandbox integration and broader USB and DLP controls.
FortiClient Chromebook EMS is a separate per-Chromebook subscription for Chrome OS endpoints, providing web filtering and posture coverage for managed Chromebook environments.
FortiClient EMS is available on-prem or as FortiClient Cloud, and FortiClient licensing is sold as 1-, 3- or 5-year subscriptions or through FortiFlex points-based usage.
Our team can help assess managed endpoint counts, tier selection, FortiSASE alignment, FortiGate ZTNA gateway capacity and FortiEDR overlap, as well as Cloud versus on-prem EMS and FortiFlex or subscription renewal timing.
We help assess how FortiClient / ZTNA should fit your remote access, endpoint protection and zero trust objectives, so your deployment approach matches user groups, device conditions and Fortinet security policies.
Our team can assist with FortiClient / ZTNA installation, EMS setup and policy configuration so managed endpoints are enrolled correctly and users receive the right access, protection and posture checks.
We support integration of FortiClient / ZTNA with FortiGate, FortiClient EMS, FortiSASE, FortiAuthenticator and FortiAnalyzer, helping your access controls and endpoint visibility align with existing Fortinet ecosystem workflows.
We can help prepare administrators and support teams to manage FortiClient / ZTNA, including handover, access process alignment and operational checks so endpoint onboarding and remote access are handled consistently.
We support FortiClient / ZTNA with ongoing assistance, health checks, update planning and licence guidance, including subscription alignment, renewal planning and EMS model review across FortiClient Cloud or on-premises deployments.
We help assess FortiClient EMS subscriptions against actual managed endpoint counts and required tiers, so your mix of VPN-only, ZTNA or EPP coverage stays aligned to how users and devices are being protected.
Where relevant, our team can review FortiClient alongside FortiSASE, FortiGate and FortiEDR usage to help avoid overlap, align subscription structure across the Fortinet portfolio and keep renewal activity easier to track.
We can review term length, cloud or on-prem EMS options, Chromebook coverage and per-endpoint edition choices to help align FortiClient investment with operational priorities, growth plans and budget expectations.
We support proactive renewal planning by reviewing changing endpoint counts, tier requirements and Fortinet ecosystem use, helping keep FortiClient subscriptions appropriate as access, protection and telemetry needs evolve.
Successful endpoint security programmes depend on sustained usage and ongoing alignment to policy needs, and our team can help with adoption planning, usage review and lifecycle guidance so FortiClient continues to support secure access effectively.
The software and technologies listed here support different requirements and are often used together as part of a wider IT stack.
As an official partner to vendors including Cisco, Juniper, HPE and Fortinet, we can help confirm which software or combination provides the capabilities your team needs, while avoiding under- or over-licensing.
Speak to our team for help matching the right solution and licence level to your requirements.