You may be able to use the Custom Software feature to assist you with FortiClient VPN-only.
Please be mindful when deploying FortiClient over existing installations as there may be conflicts. To find out more about the upgrade paths check the URL below:
https://docs.fortinet.com/document/forticlient/7.2.0/upgrade-path
However, there is a number of different ways in which FortiClient can be configured during distribution, thus we can't predict if the approach you decide upon is compatible with the functionality currently provided in Custom Software.
We did make Proof-of-Concept deployments of Foxit products using MST files.
https://vulndetect.org/topic/2382/vulndetect-custom-software-upgrading-foxit-phantompdf-to-foxit-pdf-editor
The documents for FortiClient suggests that it also supports MST files.
It also suggests that XML files can be used.
Please see the full docs here:
https://docs.fortinet.com/document/forticlient/6.0.0/configurator-tool/343622/forticlient-configurator-tool
https://docs.fortinet.com/document/forticlient/6.0.0/configurator-tool/754658/deploying-forticlient-windows-installation-packages
Quote: "Starting with FortiClient 5.6.0, an account for the Fortinet Developer Network is required to access the free tool. No license key is required to use the tool."
This indicates that you need to login to the Fortinet portal to find the latest tool and possibly documentation, the above links refer to 6.0.0, however, FortiClient is currently at 7.2.x.
We suggest that you configure FortiClient as required, based on the vendors guidelines, and test it using Custom Software.
If for some reason it fails using Custom Software, but works with local tests, please provide us access to the files you created, and we will test this and help with adjusting any parameters supplied to the installer through Custom Software.
Note that the files you share with us most likely will contain some sort of credentials and license information. We will naturally delete any sensitive files after testing and documenting our findings.
You can find the latest installer here:
https://www.fortinet.com/support/product-downloads#vpn
A simple Custom Software configuration should look like this:
f62f260a-cc5e-4067-82ae-13b29edda127-image.png
Enter a title e.g. "FortiClientVPN"
Select the installer: FortiClientVPN-7.0.5.0238.msi
Enter the silent Argument: /qn
Enter the never restart option Argument: /norestart
And then click "Save".
The dialogue will now upload the files to the VulnDetect back-end.
After saving the Job, you can now select to deploy it to groups or hosts.
Remember to inspect the host or group, if you want the job to run right away, else it'll apply after the next scheduled inspection.
