So after 3 days of troubleshooting, partly because the user involved is on the other side of the world, I’ve learned that the 7.0.8 VPN client is hot trash.
There’s apparently bugs that make it only work about 10% of the time when the combination of MFA via FortiToken, and Windows 11 are met. This is according to their support.
Use 7.0.7, or upgrade to 7.2.
We’ve also had a lot of disconnect issues with 7.0.8, apparently a known issue according to support. Being able to stay connected is a fairly essential “feature” of a vpn client. We didn’t see any of these issues on 7.0.7.
7.2.0 is not without its issues too. We’re on an interim build release for 7.2.1 and it’s mostly better. Ask support if you can get the 7.2.1.0772 or newer build
We use saml sso and since we upgraded our fortigates from 6.4 to 7.0 win forticlient 7.0.7 throws an error around 60% with unable to establish vpn connection but 7.0.8 solves the issue.
Meanwhile on the mac side 7.0.8 can’t use external browser agent for login and 7.0.7 works fine 